`SSL_read: unexpected eof while reading` using `redis-rb` on Heroku-22 about base-images HOT 3 CLOSED

The redis Gem got an update to 4.7.1 (https://github.com/redis/redis-rb/releases/tag/v4.7.1) which contains a workaround (redis/redis-rb#1107) for this problem, which we've verified is due to incorrect Redis server behavior during connection closures (redis/redis#10915).

Please bundle update your redis Gem to the latest version to get the fix, and push that up to Heroku.

from base-images.

@directionless

Some more context about the issue:

• Heroku-22 is based upon Ubuntu 22.04, which comes with OpenSSL 3. (Mentioned in the Heroku-22 stack docs)
• OpenSSL 3 (in the client) is more strict when it comes to how servers close connections. This is by design - more details can be seen in openssl/openssl#11378 and openssl/openssl#11381.
• Clients using OpenSSL 3 can choose to return to the old more-lenient behaviour by enabling the SSL_OP_IGNORE_UNEXPECTED_EOF option.
• Some language runtimes have chosen to enable this SSL_OP_IGNORE_UNEXPECTED_EOF option to reduce disruption. For example Python (python/cpython#25309) and PHP (php/php-src#8369). And some languages have their own TLS implementations so aren't affected as they aren't using OpenSSL (for example Go and Java). Lastly, some languages are shipped with statically compiled binaries so don't use the OpenSSL version in the underlying OS, but whatever they were compiled with upstream (eg: Node.js statically compiles OpenSSL and only switched to OpenSSL 3 in Node.js v17+).
• For Heroku-supported languages, this pretty much just leaves Ruby as the one language that uses system OpenSSL, and also doesn't set the backwards compatibility flag upstream. This is why the issue affects Ruby users more than others. For upstream discussion about Ruby and OpenSSL 3, see ruby/openssl#399.
• Whilst this issue was originally filed about Redis (since it turns out Redis server didn't close connections cleanly: redis/redis#10915), Redis server won't be the only server implementation out there that doesn't close connections properly.

As such:

1. There is therefore nothing Heroku-specific about this issue - it affects all OpenSSL 3 (and thus Ubuntu 22.04) usage.
2. There absolutely will be other server implementations out there that are affected (and not just Redis).

Could you try filing an issue upstream against whatever server you are connecting to, to see if they can fix their server implementation? In the issue be sure to say it's a problem with OpenSSL 3 which is the default on Ubuntu 22.04, rather than framing it only as "Heroku-22", since otherwise they may think it's a Heroku-specific issue and not see why they need to fix their server. Also feel free to CC me on any such issues so I can help add more detail.

from base-images.

This issue is broader than just redis. I see it in general httpclient usage.

from base-images.