sslv3 error when targeting bosh directors

[wendorf]

I have installed the latest version of the BOSH CLI gem (1.3262.0) on a computer running OS X 10.10.5 and using the system libssl (0.9.8zg). When attempting to target any bosh director (including a the latest version 1.3261.1.0), I receive the following warnings and eventual error:

[WARNING] cannot access director, trying 4 more times...
[WARNING] cannot access director, trying 3 more times...
[WARNING] cannot access director, trying 2 more times...
[WARNING] cannot access director, trying 1 more times...
cannot access director (SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: sslv3 alert handshake failure)

When I attempt to do the same using a Ruby compiled with a more-modern SSL (1.0.2d) (via brew install ruby), I am able to successfully target the bosh director.

Suggestion: If it is possible to determine which SSL versions are unsupported (via require 'openssl'; OpenSSL::OPENSSL_VERSION), provide a helpful error message guiding the user to a resolution.

[dpb587-pivotal]

You may also be able to solve this by running...

gem install httpclient

This also came up on cloudfoundry#bosh and sounded like "old ruby was the issue".

[wendorf]

I tried that on my machine (also tried updating the Gemfile used when I set BOSH_USE_BUNDLER to use httpclient 2.7.2 and 2.8.0), and there was no change.

[jeanbza]

+1, also having this problem. Think it may be related to an old openssl version

[myminseok]

same here.
bosh?v=257.3
bosh-vsphere-cpi-release?v=24
bosh-vsphere-esxi-ubuntu-trusty-go_agent?v=3262.2
BOSH cli 1.3262.0

[WARNING] cannot access director, trying 2 more times...
[WARNING] cannot access director, trying 1 more times...
cannot access director (SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: sslv3 alert handshake failure)
Connection to pcfdemo.net closed.

but bosh cli (BOSH 1.3215.3.0) inside of opsmanager works to the same director VM to login.

[dineshkumar02]

I'm also getting the similar problem in my OS X.

bosh target 192.168.50.4 lite
[WARNING] cannot access director, trying 4 more times...
[WARNING] cannot access director, trying 3 more times...
[WARNING] cannot access director, trying 2 more times...
[WARNING] cannot access director, trying 1 more times...
cannot access director (SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol)

ruby --version
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-darwin14]
bosh --version
BOSH 1.3262.0

[metahertz]

+1. However, BOSH install docs do say to use 'a non-system ruby'.

So as a workaround:

brew install ruby
bash
gem install bosh_cli --no-ri --no-rdoc
bosh target x.y.z.a

Worked for me after facing the same issue w/system ruby.

/M

[BitRacer]

worked for me as well

[ccemeraldeyes]

+1

I found the error message "[WARNING] cannot access director, trying 4 more times..." unhelpful, in part because I didn't know a more useful message was coming later. I assumed it was a network issue and wasted a few hours debugging from that perspective.

[dpb587-pivotal]

For future readers, if the above suggestions don't work, the new BOSH CLI which is still under development handles TLS connection errors a bit more clearly if you want to give it a try and provide feedback. Link to cloudfoundry/bosh-cli repository to build and some migration notes.

Ruby CLI is mostly frozen, so it's probably not something we'll be trying to fix in favor of suggesting users switch to the new CLI.

[dpb587-pivotal]

Closing - not changing the Ruby CLI. Avoid using outdated, system Ruby versions in the meantime.