1

I haven't touched this app in weeks--not changing anything on Heroku, when suddenly when my mobile (iOS) app, which also hasn't changed in weeks, attempts to authenticate against it, I get the stack trace below. I can login through the web interface just fine, but can't figure out why the mobile app can't login and generates this error. Any idea why this would suddenly start happening? What might have changed if I didn't change it? Is there something wrong with SSL?

I, [2014-11-01T22:55:50.118492 #16]  INFO -- omniauth: (facebook_access_token) Callback phase initiated.

  vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect'
  vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `block in connect'
Started POST "/auth/facebook_access_token/callback" for 174.24.52.187 at 2014-11-01 22:55:50 +0000
Faraday::SSLError (SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure):

vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:918:in `connect'
vendor/bundle/ruby/2.0.0/gems/rest-client-1.6.7/lib/restclient/net_http_ext.rb:51:in `request'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/agent/instrumentation/net.rb:27:in `block (2 levels) in request_with_newrelic_trace'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/agent.rb:403:in `disable_all_tracing'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/agent/instrumentation/net.rb:26:in `block in request_with_newrelic_trace'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/agent/cross_app_tracing.rb:41:in `trace_http_request'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/agent/instrumentation/net.rb:23:in `request_with_newrelic_trace'
vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:1126:in `get'
vendor/ruby-2.0.0/lib/ruby/2.0.0/timeout.rb:52:in `timeout'
vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:862:in `do_start'
vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/adapter/net_http.rb:78:in `perform_request'
vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:851:in `start'
vendor/ruby-2.0.0/lib/ruby/2.0.0/net/http.rb:1367:in `request'
vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/adapter/net_http.rb:39:in `call'
vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/request/url_encoded.rb:15:in `call'
vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/rack_builder.rb:139:in `build_response'
vendor/bundle/ruby/2.0.0/gems/faraday-0.9.0/lib/faraday/connection.rb:377:in `run_request'
vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:164:in `call'
vendor/bundle/ruby/2.0.0/gems/oauth2-0.8.1/lib/oauth2/client.rb:88:in `request'
vendor/bundle/ruby/2.0.0/gems/oauth2-0.8.1/lib/oauth2/access_token.rb:99:in `request'
vendor/bundle/ruby/2.0.0/gems/oauth2-0.8.1/lib/oauth2/access_token.rb:106:in `get'
vendor/bundle/ruby/2.0.0/gems/omniauth-facebook-access-token-0.1.3/lib/omniauth/strategies/facebook-access-token.rb:90:in `callback_phase'
vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:227:in `callback_call'
vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:184:in `call!'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/rack/error_collector.rb:55:in `call'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/rack/agent_hooks.rb:32:in `call'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/rack/browser_monitoring.rb:27:in `call'
vendor/bundle/ruby/2.0.0/gems/rack-1.5.2/lib/rack/etag.rb:23:in `call'
vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:186:in `call!'
vendor/bundle/ruby/2.0.0/gems/rack-1.5.2/lib/rack/conditionalget.rb:35:in `call'
vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/strategy.rb:164:in `call'
vendor/bundle/ruby/2.0.0/gems/omniauth-1.2.1/lib/omniauth/builder.rb:59:in `call'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/flash.rb:241:in `call'
vendor/bundle/ruby/2.0.0/gems/rack-1.5.2/lib/rack/head.rb:11:in `call'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/params_parser.rb:27:in `call'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/cookies.rb:486:in `call'
vendor/bundle/ruby/2.0.0/gems/activerecord-4.0.2/lib/active_record/query_cache.rb:36:in `call'
vendor/bundle/ruby/2.0.0/gems/activerecord-4.0.2/lib/active_record/connection_adapters/abstract/connection_pool.rb:626:in `call'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
vendor/bundle/ruby/2.0.0/gems/activesupport-4.0.2/lib/active_support/callbacks.rb:373:in `_run__3654225083022188546__call__callbacks'
vendor/bundle/ruby/2.0.0/gems/rack-1.5.2/lib/rack/session/abstract/id.rb:225:in `context'
vendor/bundle/ruby/2.0.0/gems/rack-1.5.2/lib/rack/session/abstract/id.rb:220:in `call'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
vendor/bundle/ruby/2.0.0/gems/railties-4.0.2/lib/rails/rack/logger.rb:38:in `call_app'
vendor/bundle/ruby/2.0.0/gems/railties-4.0.2/lib/rails/rack/logger.rb:20:in `block in call'
vendor/bundle/ruby/2.0.0/gems/activesupport-4.0.2/lib/active_support/tagged_logging.rb:67:in `block in tagged'
vendor/bundle/ruby/2.0.0/gems/activesupport-4.0.2/lib/active_support/tagged_logging.rb:25:in `tagged'
vendor/bundle/ruby/2.0.0/gems/activesupport-4.0.2/lib/active_support/tagged_logging.rb:67:in `tagged'
vendor/bundle/ruby/2.0.0/gems/railties-4.0.2/lib/rails/rack/logger.rb:20:in `call'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/callbacks.rb:27:in `call'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/remote_ip.rb:76:in `call'
vendor/bundle/ruby/2.0.0/gems/activesupport-4.0.2/lib/active_support/cache/strategy/local_cache.rb:83:in `call'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/static.rb:64:in `call'
vendor/bundle/ruby/2.0.0/gems/activesupport-4.0.2/lib/active_support/callbacks.rb:80:in `run_callbacks'
vendor/bundle/ruby/2.0.0/gems/actionpack-4.0.2/lib/action_dispatch/middleware/request_id.rb:21:in `call'
vendor/bundle/ruby/2.0.0/gems/rack-1.5.2/lib/rack/methodoverride.rb:21:in `call'
vendor/bundle/ruby/2.0.0/gems/rack-1.5.2/lib/rack/runtime.rb:17:in `call'
vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.2/lib/unicorn/http_server.rb:521:in `spawn_missing_workers'
vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.2/lib/unicorn/http_server.rb:140:in `start'
vendor/bundle/ruby/2.0.0/gems/rack-1.5.2/lib/rack/sendfile.rb:112:in `call'
vendor/bundle/ruby/2.0.0/gems/railties-4.0.2/lib/rails/engine.rb:511:in `call'
vendor/bundle/ruby/2.0.0/gems/railties-4.0.2/lib/rails/application.rb:97:in `call'
vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.2/lib/unicorn/http_server.rb:572:in `process_client'
vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.2/lib/unicorn/http_server.rb:666:in `worker_loop'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/agent/instrumentation/unicorn_instrumentation.rb:22:in `call'
vendor/bundle/ruby/2.0.0/gems/newrelic_rpm-3.7.3.204/lib/new_relic/agent/instrumentation/unicorn_instrumentation.rb:22:in `block (4 levels) in <top (required)>'
vendor/bundle/ruby/2.0.0/gems/unicorn-4.8.2/bin/unicorn:126:in `<top (required)>'
vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `load'
vendor/bundle/ruby/2.0.0/bin/unicorn:23:in `<main>'

Thanks!

Update:

Ok. So I just found this: https://status.heroku.com/incidents/678 . I'm not sure of the implications, though. If there is a gem that depends on SSLv3, then that would need to be updated/replaced?

Matt Long
  • 24,438
  • 4
  • 73
  • 99
  • SSLv3 is not considered secure anymore, thanks to POODLE. Something is apparently trying to authenticate through Facebook via HTTPS on top of SSLv3 and gets rejected. This might not even be related to Heroku, many web services disabled SSLv3, I'm not sure if Facebook has, but it might have. – D-side Nov 02 '14 at 01:32
  • @D-side Yes, I think you're right. I'm getting the same thing on my local setup now. So, are you aware of what might be necessary to fix it or even a workaround? I would think this would be much more widespread, but can't hardly find any mention of it on the web. – Matt Long Nov 02 '14 at 15:29
  • Open Source movement might need your help then to resolve this: https://github.com/lostisland/faraday/issues/427 – D-side Nov 02 '14 at 17:07
  • This is a different issue, so you should create a new one there. – D-side Nov 02 '14 at 19:27
  • hi @MattLong, are you able to fix this issue. I am also facing same issue.Please let me know. – Vieenay Siingh Nov 04 '14 at 07:42
  • @Vieenay I posted an answer to the question. I'm not sure if it will help you or not, but take a look. – Matt Long Nov 13 '14 at 05:43

1 Answers1

2

After searching high and low I was able to get this figured out. The first thing I saw was a suggestion to use Koala, however, that didn't really suit my setup and it didn't work for me. In the end, I just got the right combination of gems/versions that use SSLv2 instead of v3. Here's my gem versions:

  • oauth2 (1.0.0)
  • omniauth (1.2.2)
  • omniauth-facebook (2.0.0)
  • omniauth-facebook-access-token (0.1.7)
  • omniauth-oauth2 (1.2.0)

Upgrading to those seems to have fixed my issue. Tips if you aren't familiar:

  • Use bundle show to see what versions you have currently
  • In your Gemfile, force omniauth-facebook to 2.0.0 with gem 'omniauth-facebook', '~> 2.0.0'

It took forever to find this. I hope it helps others.

Community
  • 1
  • 1
Matt Long
  • 24,438
  • 4
  • 73
  • 99