Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Gist Liquid Tag causes SSL error when using jekyll serve or jekyll build #30
I was directed here from Jekyll, but for the sake of clarity and saving a click, I've pasted the original text here.
In the original issue, it was suggested that I enforce
Original post: jekyll/jekyll#4413
This means that Ruby couldn't verify the certificate of gist.githubusercontent.com:
SSLv3 is old, so TLSv1_2 would be better. If you google "ruby net http set ssl version", you could probably figure out how it's done. You'd likely modify the
Thanks for the follow-up, @parkr. The outage as a cause would have been a legitimate theory, but this was occurring post-outage, at 2:00 AM EST. It still occurs, and only serves the site after removing the
I simply decided to avoid the issue until after I launched. I'll give your
On Wed, Mar 16, 2016 at 4:59 PM, Parker Moore firstname.lastname@example.org
There's definitely a regression in the OpenSSL stdlib component in the ruby's installed by RubyInstaller for Windows, and unfortunately it doesn't look like there's an easy fix.
This is the version in question:
(that's an 'L' after 1.0.1)
It seems that every version of 2.2.X, as well as 2.1.7 & 2.1.6 is using this version of OpenSSL. All of them have this issue. (My Vagrant box doesn't have this issue, it has 1.0.1f)
I also tried patching the Net::HTTP.start call to use TLSv1_2 as well as a few of the other options. But, it didn't have any effect. It would always try to connect through SSLv3. (I intentionally broke other things, I know my code was getting picked up :) )
Since the issue is probably with the stdlib OpenSSL, I don't know what our options are. Can we rebuild that library with new code or replace it with a gem or something? I'm also new to ruby. Any suggestions @parkr?
The alternatives I'm considering:
referenced this issue
Mar 25, 2016
This issue has been automatically marked as stale because it has not been commented on for at least
The resources of the Jekyll team are limited, and so we are asking for your help.
If you can still reproduce this error on the
please reply with all of the information you have about it in order to keep the issue open.
If this is a feature request, please consider building it first as a plugin. Jekyll 3 introduced
Thank you for all your contributions.
Just downloaded the latest of everything and this still happens.
Net::HTTP.start(uri.host, uri.port, use_ssl: uri.scheme == 'https', + verify_mode: OpenSSL::SSL::VERIFY_NONE,, + #ssl_version: "TLSv1_2", + #ciphers: 'TLSv1.2:!aNULL:!eNULL', + #ssl_options: OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3 | OpenSSL::SSL::OP_NO_COMPRESSION, read_timeout: 3, open_timeout: 3) do |http|
(the commented lines have no apparent effect even when enabled instaed of having