SSLv3 issue when installing plugins in Vagrant 2.2.4

Madison Smith

unread,

Mar 27, 2019, 4:47:52 PM3/27/19

to Vagrant

I'm looking in to Drupal VM which uses Vagrant to deploy a Drupal VM.

I am behind a corporate proxy/firewall and I've already appended our corporate authority to the C:\HashiCorp\Vagrant\embedded\cacert.pem file.

After doing so, I'm getting another error:

Message: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read finished A: unexpected message>

I've attached a file with full debug output but I believe my issue is caused by using SSLv3 (looking at the state field) which uses broken ciphers and is disabled on our network and in Windows. How can I ensure TLS 1.1 or greater is being used here?

Is there a configuration setting I can specify in the VagrantFile or is there a gem I need to update?

Thank you!

2019_03_27_debug.log

Madison Smith

unread,

Mar 27, 2019, 5:07:22 PM3/27/19

to Vagrant

Perhaps the http 4.1.1 gem (last updated 3/12/2019) should be used instead of httpclient 2.8.3 (last updated 12/9/2016)?

Alvaro Miranda Aguilera

unread,

Mar 28, 2019, 10:36:42 AM3/28/19

to vagra...@googlegroups.com

Hello

Using this proxy and a different project does work?

mkdir p64

cd p64

vagrant init -m hashicorp/precise64

vagrant up

Does this work?

How do you specify the proxy?

Thanks

Alvaro.

Madison Smith

unread,

Mar 28, 2019, 2:44:07 PM3/28/19

to Vagrant

Hi Alvaro,

The precise64 Vagrant file doesn't appear to require any plugins. This connectivity issue happens when they system needs to download and install a new plugin.

For me, it can also be reproduced with:

vagrant plugin install vagrant-vbguest

Its a corporate proxy. I don't have details on how our network traffic is routed in our network. Our IT department decrypts all SSL traffic, inspects it for viruses and policy compliance and then re-encrypts it using the corporate certificate authority. Our firewalls blocks the SSL version 3 protocol as well.

I just need to know how to tell Vagrant to disable SSL and use TLS instead.

Thanks!

Alvaro Miranda Aguilera

unread,

Mar 28, 2019, 5:52:57 PM3/28/19

to vagra...@googlegroups.com

hello.

when you do vagrant plugin install, it goes to different servers vs vagrant up or vagrant box to add a box.

that you can do vagrant up and download the box shows the proxy is working for vagrant.

What we have seen in the past is that IT departments whitelist some url but not others.

suggestion, do

vagrant plugin install vagrant-vbguest --debug

and check the output to confirm the url that is failing.

with that information, the IT dept can confirm if the url is whitelisted for the proxy or not.

Alvaro.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/mitchellh/vagrant/issues
IRC: #vagrant on Freenode
---
You received this message because you are subscribed to the Google Groups "Vagrant" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vagrant-up+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/17a08454-3e00-4cd9-b096-e1fe82d58e07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.