Unable to connect to vSphere 6 vCenter from Windows #107
Description
This may not be the correct spot for this, so I apologize in advance, but I wanted to document it somewhere, so that any other poor souls that have this issue like I did may be able work around it.
First off, I did not have this issue until upgrading vCenter to v6 (I'd also venture a guess that if I went back to a version of 6 that had sslv2/3 enabled (pre update 1?), the issue would also go away).
Using Ruby (from RubyInstaller -- using 2.3.3 x64 (but also tried 2.3.3 x86 and 2.2.6) on Windows attempting to connect to a vSphere 6 vCenter would return an SSL error:
[SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A]
A few google searches later and it appears to be an issue with the client attempting to do SSLv2/3 when the server only supports something else (like TLS1.2 in this case).
I was finally able to work around the error by modifying the "restart_http" function in the "trivial_soap.rb" file in the rbvmomi package (adding the ctx lines as seen below)
def restart_http
begin
@http.finish if @http
rescue Exception => ex
puts "WARNING: Ignoring exception: #{ex.message}"
puts ex.backtrace.join("\n")
end
@http = Net::HTTP.new(@opts[:host], @opts[:port], @opts[:proxyHost], @opts[:proxyPort])
if @opts[:ssl]
require 'net/https'
@http.use_ssl = true
#explicitly set TLSv1_2 context
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :TLSv1_2
#end explicitly set TLSv1_2 context
I don't have this issue on linux, so I'm guessing in it is something with the version of OpenSSL that is packaged w/ruby installer.
I know just enough ruby to be dangerous, so if there is a better way to do this w/o modifying the trivial_soap function, I'd appreciate the input. Or perhaps an option to allow passing in the ssl version could be added?
Additional info that may or may not be pertinent: I'm using test-kitchen along with the chef-provisioning-vsphere driver (which in turn uses rbvmomi)...
Edit to add RubyInstaller version info.