No shared ciphers when trying to use falcon host

[nogweii]

I have a basic hello-world Sinatra app that I'm trying to run with falcon host. However, both Chromium and Firefox, along with curl, can't connect to the server, reporting an OpenSSL error of no shared ciphers.

Code:

falcon.rb

#!/usr/bin/env -S falcon host
# frozen_string_literal: true

require "falcon/environment/rack"
require "falcon/environment/self_signed_tls"

hostname = File.basename(__dir__)
port = ENV["PORT"] || 9292

service hostname do
  include Falcon::Environment::Rack
  include Falcon::Environment::SelfSignedTLS

  # By default, Falcon uses Etc.nprocessors to set the count, which is likely incorrect on shared hosts like Heroku.
  # Review the following for guidance about how to find the right value for your app:
  # count ENV.fetch("WEB_CONCURRENCY", 1).to_i

  # If using count > 1 you may want to preload your app to reduce memory usage and increase performance:
  preload "preload.rb"

  endpoint Async::HTTP::Endpoint
    .parse("https://localhost:#{port}")
    .with(protocol: Async::HTTP::Protocol::HTTP2)
end

server.rb

require "sinatra/base"

class SyncPad < Sinatra::Base
  get "/" do
    "hello world"
  end
end

config.ru

run SyncPad

preload.rb

require_relative "server"

Logs:

$ bundle exec ./falcon.rb
  0.0s     info: Falcon::Command::Host [oid=0x340] [ec=0x348] [pid=905421] [2025-06-05 10:42:33 -0700]
               | Falcon Host v0.51.1 taking flight!
               | - Configuration: ././falcon.rb
               | - To terminate: Ctrl-C or kill 905421
               | - To reload: kill -HUP 905421
 0.02s     info: Async::Container::Notify::Console [oid=0x350] [ec=0x348] [pid=905421] [2025-06-05 10:42:33 -0700]
               | {status: "Initializing controller..."}
 0.02s     info: Falcon::Service::Server [oid=0x360] [ec=0x348] [pid=905421] [2025-06-05 10:42:33 -0700]
               | Preloading preload.rb...
 0.07s     info: Falcon::Service::Server [oid=0x360] [ec=0x348] [pid=905421] [2025-06-05 10:42:33 -0700]
               | Starting syncpad on #<Async::HTTP::Endpoint https://localhost:9292/ {protocol: Async::HTTP::Protocol::HTTP2}>
 0.07s     info: Async::Service::Controller [oid=0x378] [ec=0x348] [pid=905421] [2025-06-05 10:42:33 -0700]
               | Controller starting...
 0.08s     info: Async::Container::Notify::Console [oid=0x350] [ec=0x348] [pid=905421] [2025-06-05 10:42:33 -0700]
               | {ready: true, size: 16}
 0.08s     info: Async::Service::Controller [oid=0x378] [ec=0x348] [pid=905421] [2025-06-05 10:42:33 -0700]
               | Controller started...
^[34.39s     warn: Async::Task [oid=0x470] [ec=0x478] [pid=905484] [2025-06-05 10:43:07 -0700]
               | Task may have ended with unhandled exception.
               |   OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 peeraddr=127.0.0.1:35384 state=error: no shared cipher
               |   → /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/io-endpoint-0.15.2/lib/io/endpoint/ssl_endpoint.rb:16 in 'OpenSSL::SSL::SSLSocket#accept'
               |     /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/io-endpoint-0.15.2/lib/io/endpoint/ssl_endpoint.rb:16 in 'OpenSSL::SSL::SSLSocket#start'
               |     /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/io-endpoint-0.15.2/lib/io/endpoint/wrapper.rb:206 in 'block (2 levels) in IO::Endpoint::Wrapper#accept'
               |     /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/async-2.24.0/lib/async/task.rb:200 in 'block in Async::Task#run'
               |     /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/async-2.24.0/lib/async/task.rb:438 in 'block in Async::Task#schedule'
34.39s     warn: Async::Task [oid=0x3c0] [ec=0x3c8] [pid=905451] [2025-06-05 10:43:07 -0700]
               | Task may have ended with unhandled exception.
               |   OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 peeraddr=127.0.0.1:35386 state=error: no shared cipher
               |   → /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/io-endpoint-0.15.2/lib/io/endpoint/ssl_endpoint.rb:16 in 'OpenSSL::SSL::SSLSocket#accept'
               |     /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/io-endpoint-0.15.2/lib/io/endpoint/ssl_endpoint.rb:16 in 'OpenSSL::SSL::SSLSocket#start'
               |     /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/io-endpoint-0.15.2/lib/io/endpoint/wrapper.rb:206 in 'block (2 levels) in IO::Endpoint::Wrapper#accept'
               |     /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/async-2.24.0/lib/async/task.rb:200 in 'block in Async::Task#run'
               |     /home/colin/.local/share/rbenv/versions/3.4.1/lib/ruby/gems/3.4.0/gems/async-2.24.0/lib/async/task.rb:438 in 'block in Async::Task#schedule'
^C36.93s     info: Async::Container::Group [oid=0x480] [ec=0x348] [pid=905421] [2025-06-05 10:43:10 -0700]
               | Sending interrupt to 16 running processes...
36.93s    error: Async::Container::Forked [oid=0x488] [ec=0x490] [pid=905421] [2025-06-05 10:43:10 -0700]
               | {
               |   "status": "pid 905451 SIGINT (signal 2)"
               | }
   ....(repeated for each pid)....

[nogweii]

Oh, searching some more found #75 (comment) which highlights that ssl_context needs to be passed in. I would've expected it to "just work" with the inclusion of SelfSignedTls.

Here's a diff of my code that works:

diff --git a/falcon.rb b/falcon.rb
index bbf4b9a..8ea7a1a 100755
--- a/falcon.rb
+++ b/falcon.rb
@@ -18,7 +18,8 @@ service hostname do
   # If using count > 1 you may want to preload your app to reduce memory usage and increase performance:
   preload "preload.rb"

-  endpoint Async::HTTP::Endpoint
-    .parse("https://localhost:#{port}")
-    .with(protocol: Async::HTTP::Protocol::HTTP2)
+  endpoint do
+    # Note the use of `ssl_context` here:
+    Async::HTTP::Endpoint.parse("https://localhost:#{port}", ssl_context: ssl_context)
+  end
 end