• Announcements

    • Shane D.

      Announcing 'Spaces' for Evernote Business!   02/27/2018

      Hi All, We're very excited to announce the launch of Spaces for Evernote Business! I invite you to find more details and learn more in our most recent Community Announcement! 
    • Shane D.

      Code of Conduct   03/26/2018

      Hi All, The updated version of the Code of Conduct has been implemented, and you will need to accept those terms before proceeding. If you would like to review the Code of Conduct, you can do so Here
    • Shane D.

      Update to Evernote Subscription Plans   04/12/2018

      Hi All, We've made some updates to our Evernote subscription plans. To learn more, please see the 'Update to Evernote Subscription Plans' thread in the Community Announcements forum, or you can go here.

SSL handshake problems

Recommended Posts

Hi everybody, over the past couple of weeks we've seen several reports of trouble establishing HTTPS connections to our API endpoints. The problem is related to a recent update to OpenSSL: http://rt.openssl.org/Ticket/Display.html?id=2802&user=guest&pass=guest

Systems and applications that rely on OpenSSL for HTTPS support may see the SSL handshake fail when attempting to connect to our servers. The problem is that the client is requesting TLS v1.2 and our servers aren't properly negotiating down to a mutually supported protocol version.

We're working with our SSL accelerator vendor to resolve the apparent server-side problem. In the meantime, you should be able to work around this problem by configuring your app to force TLS v1.0 or SSL v3.

Share this post

Link to post

Hi Seth, I think I ran into this problem. But I don't quite get what you mean with configuring the app to use TLS v1.0

I'm currently using your evernote-sdk-ruby library with the latest commit together with ruby 1.9.2p290 on OSX. Deploying on heroku later for staging and production.

The problem I'm struggling with is the thrift part of the evernote library (error output below) (for API key agentcmos-8675)

[2012-06-21 11:01:42] ERROR NoMethodError: undefined method `length' for nil:NilClass
/Users/philippkueng/Documents/Programming/Ruby/sharelephant-worker/evernote-sdk-ruby/lib/thrift/transport/base_transport.rb:88:in `read_all'

It works in the sandbox seamlessly. Also, I have another key (agentcmos-5516) I'm using and this other one works both in the sandbox and in production without any issues.

The question is what's needed to force the evernote-sdk into using TLS v1.0?

Thanks for your help.

UPDATE -----

The production key also isn't working on heroku staging however the sandbox key is, just so there's no confusion there.

Share this post

Link to post

Hi, Evernote server does not suppot TLSv1.1 and v1.2.

On the other hand, OpenSSL v1.0.x now support TLS v1.1/1.2 and WINE also support it automaticaly.

Evernote client use WinInet.dll that behave if TLSv1.2 negotiation fails then try SSL3/TLS1.0 again.

This does not make problem on Windows.

A solution is to disable TLSv1.1/1.2 on WINE.

A patch is as follows:


Share this post

Link to post

This fixes it for me on python by overloading the ssl.wrap_socket function to force the "ssl_version" value to TLSv1.

Do an "import ssl" and run this bit of code before doing your first connect.


orig_ssl_wrap = ssl.wrap_socket

def my_ssl_wrap( socket, keyfile=None, certfile=None, server_side=False, cert_reqs=0, ssl_version=2, ca_certs=None, do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None ):

ssl_version = ssl.PROTOCOL_TLSv1

return orig_ssl_wrap( socket, keyfile, certfile, server_side, cert_reqs, ssl_version, ca_certs, do_handshake_on_connect, suppress_ragged_eofs, ciphers )

ssl.wrap_socket = my_ssl_wrap

Share this post

Link to post


Our SSL endpoints have been updated to support TLS 1.2, so this issue should be resolved. Please let us know if you're still having problems.

Share this post

Link to post