Skip to content
This repository has been archived by the owner on Jul 1, 2021. It is now read-only.

Unable to connect to vSphere 6 vCenter from Windows #107

Open
lomeroe opened this issue Apr 27, 2017 · 1 comment
Open

Unable to connect to vSphere 6 vCenter from Windows #107

lomeroe opened this issue Apr 27, 2017 · 1 comment

Comments

@lomeroe
Copy link

lomeroe commented Apr 27, 2017
edited
Loading

This may not be the correct spot for this, so I apologize in advance, but I wanted to document it somewhere, so that any other poor souls that have this issue like I did may be able work around it.

First off, I did not have this issue until upgrading vCenter to v6 (I'd also venture a guess that if I went back to a version of 6 that had sslv2/3 enabled (pre update 1?), the issue would also go away).

Using Ruby (from RubyInstaller -- using 2.3.3 x64 (but also tried 2.3.3 x86 and 2.2.6) on Windows attempting to connect to a vSphere 6 vCenter would return an SSL error:

[SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A]

A few google searches later and it appears to be an issue with the client attempting to do SSLv2/3 when the server only supports something else (like TLS1.2 in this case).

I was finally able to work around the error by modifying the "restart_http" function in the "trivial_soap.rb" file in the rbvmomi package (adding the ctx lines as seen below)

  def restart_http
    begin 
      @http.finish if @http
    rescue Exception => ex
      puts "WARNING: Ignoring exception: #{ex.message}"
      puts ex.backtrace.join("\n")
    end
    @http = Net::HTTP.new(@opts[:host], @opts[:port], @opts[:proxyHost], @opts[:proxyPort])
    if @opts[:ssl]
      require 'net/https'
      @http.use_ssl = true
      #explicitly set TLSv1_2 context
      ctx = OpenSSL::SSL::SSLContext.new
      ctx.ssl_version = :TLSv1_2
      #end explicitly set TLSv1_2 context

I don't have this issue on linux, so I'm guessing in it is something with the version of OpenSSL that is packaged w/ruby installer.

I know just enough ruby to be dangerous, so if there is a better way to do this w/o modifying the trivial_soap function, I'd appreciate the input. Or perhaps an option to allow passing in the ssl version could be added?

Additional info that may or may not be pertinent: I'm using test-kitchen along with the chef-provisioning-vsphere driver (which in turn uses rbvmomi)...

Edit to add RubyInstaller version info.
@jrgarcia
Copy link
Contributor

jrgarcia commented Apr 27, 2017
edited
Loading

Thanks for opening this issue! I'll certainly look into this. I'm not sure why exactly this is happening on Windows (and not Linux (and probably not macOS as well)), but I'll see what I can figure out. If all else fails, I can check for specific versions of vCenter and Windows (though it would be better to have a fix that wasn't OS or version specific). Thanks again for reporting!

@jrgarcia jrgarcia self-assigned this Apr 27, 2017
@jrgarcia jrgarcia removed their assignment Apr 28, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jrgarcia @lomeroe