Custom Ruby scripts no longer work and return SSLv3 alert handshake failure

Document ID : KB000057588
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue

Since October 21 2014 all custom Ruby scripts based on RallyRestToolkit for Ruby return this error:

C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/rally_json_con
nection.rb:145:in `rescue in send_request': RallyAPI: - rescued exception - SSL_
connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshak
e failure on request to https://rally1.rallydev.com/slm/webservice/v2.0/user.js
with params {} (StandardError)
??????? from C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/r
ally_json_connection.rb:139:in `send_request'
??????? from C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/r
ally_rest_json.rb:140:in `user'
??????? from C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/r
ally_rest_json.rb:109:in `find_workspace'
??????? from C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/r
ally_rest_json.rb:86:in `initialize'
??????? from findUserStory.rb:26:in ew'
??????? from findUserStory.rb:26:in `<main>'

Resolution

Please upgrade it to version 1.1.2 of rally_api from this github repository.
This rally_api gem uses httpclient gem version 2.4.0.?

These changes are necessary due to a vulnerability for SSLv3.

While CA Agile Central has always supported and used TLS by default, SSLv3 was supported for legacy applications and browsers such as IE6. Akamai, CA Agile Central's CDN partner, will be shut down SSLv3 on October 21, 2014 because a man-in-the-middle attack could force browsers to negotiate down from TLS to SSLv3 and use the vulnerabilities in that protocol to leak sensitive information such as session cookies.
You may see more info on the?Akamai blog.
These changes will insure that when the client is negotiating SSL it starts with TLS1.2 and goes down to TLS 1.0 and stops there.

Notice that gem install rally_api installs the dependency, httpclient gem automatically. ?Dependencies are not installed by default if an older version of Ruby is used, but this is a moot point since 1.9.3 and higher versions of Ruby required for the CA Agile Central Ruby Toolkit install dependencies automatically. Of course if? httpclient 2.0.4 gem is already present, there will be no need to install it again. The spec file shows that any version of httpclient 2.4.x will work.

Here is an example of a terminal output that shows
  1. the error when a custom ruby script is run,
  2. installation of the latest version of rally_api gem, and
  3. a successful run of the same file after installing rally_api 1.1.2

C:\myfiles>ruby findUserStory.rb US2923

C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/rally_json_con
nection.rb:145:in `rescue in send_request': RallyAPI: - rescued exception - SSL_
connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshak
e failure on request to https://rally1.rallydev.com/slm/webservice/v2.0/user.js
with params {} (StandardError)
??????? from C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/r
ally_json_connection.rb:139:in `send_request'
??????? from C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/r
ally_rest_json.rb:140:in `user'
??????? from C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/r
ally_rest_json.rb:109:in `find_workspace'
??????? from C:/Ruby192/lib/ruby/gems/1.9.1/gems/rally_api-1.0.0/lib/rally_api/r
ally_rest_json.rb:86:in `initialize'
??????? from findUserStory.rb:26:in ew'
??????? from findUserStory.rb:26:in `<main>'

C:\myfiles>gem install rally_api
Fetching: httpclient-2.4.0.gem (100%)
Fetching: rally_api-1.1.2.gem (100%)
Successfully installed httpclient-2.4.0
Successfully installed rally_api-1.1.2
2 gems installed
Installing ri documentation for httpclient-2.4.0...
Installing ri documentation for rally_api-1.1.2...
Installing RDoc documentation for httpclient-2.4.0...
Installing RDoc documentation for rally_api-1.1.2...

C:\DEVSUPPORT-ruby\myfiles>ruby findUserStory.rb US2923
success!


You may verify? gems and their versions installed locally by using this command:
gem list -l

?