OpenSSL::SSL::SSLErrorWaitReadable with TLS 1.3

[jpsikorra]

Starting in April we started seeing lots of "read would block" and OpenSSL::SSL::SSLErrorWaitReadable errors in our Sentry instance. The errors occur only with TLS 1.3 and not with TLS 1.2. This issue is hard to debug for us and we could not write a script to reproduce this error. The issue occurs for multiple different endpoints from different systems of different companies that we send HTTPS requests to, so it is definitely on our side.

We are using JRuby 9.3.14.0 and Java 11.0.22+0. The error seems to occur on JRuby 9.3.13.0, too.

[kares]

what kind of libraries are using the SSL stack or is it application code directly? any more details such as a trace?

[jpsikorra]

We are using HTTParty. There is no trace on the exception.

[kares]

If you can please update to jruby-openssl 0.14.6 and try setting:
JRUBY_OPTS="-J-Djruby.openssl.ssl.error_wait_nonblock.backtrace=true"
... so that the WaitReadable errors end up having backtraces.
(it's just a Java system property so if you do not use standalone JRuby, set it appropriately)

[jpsikorra]

How should we update to jruby-openssl 0.14.6? Wait for a new jruby 9.3 release?

[kares]

are you using Bundler? if so just declare the gem with a version requirement

[jpsikorra]

The error still occurs with 0.15.0, the stacktrace is not really helpful, it looks like this

OpenSSL::SSL::SSLErrorWaitReadable: read would block
  from net/http.rb:1546:in `transport_request'
  from net/http.rb:1490:in `request'
  ...

[kares]

JRUBY_OPTS="-J-Djruby.openssl.ssl.error_wait_nonblock.backtrace=true"

[jpsikorra]

The above backtrace had the flag -J-Djruby.openssl.ssl.error_wait_nonblock.backtrace=true enabled.