Amber: Unsupported cipher algorithm "aes-256-cbc" (ArgumentError)

Created on 7 Apr 2018  路  10Comments  路  Source: amberframework/amber

Description

Trying to start up my fistl little amber project in production mode like so
AMBER_ENV=production amber watch, I get that error.

The project works in development mode, all it does just pulls a random row from DB, and displays the result.

Fairly sure this is something with my setup, and probably because I'm doing it wrong.
I would appreciate any help

Goal:
I'm basically trying to figure out how to deploy to non-aws/do server ( on my own home "cloud")
I followed the video deployment tutorial for digital ocean and ran into some issues. But that's for another ticket.

Steps to Reproduce

  1. AMBER_ENV=production amber watch

Expected behavior:
It should start up ( it works just fine on my Macbook both in dev and in prod)

Actual behavior:
I get

```shell

AMBER_ENV=production amber watch

10:03:17 Watcher | (INFO) Watching 17 files (server reload)...
10:03:17 Watcher | (INFO) Building project Cuot...
10:03:28 Watcher | (INFO) Terminating app Cuot...
10:03:28 Watcher | (INFO) Starting Cuot...
10:03:28 NodeJS | (INFO) Installing dependencies...
10:03:28 NodeJS | (INFO) Watching public directory
Unsupported cipher algorithm "aes-256-cbc" (ArgumentError)
from /usr/share/crystal/src/openssl/cipher.cr:12:12 in 'initialize'
from /usr/share/crystal/src/openssl/cipher.cr:8:3 in 'new'
from lib/amber/src/amber/support/message_encryptor.cr:51:7 in 'decrypt'
from lib/amber/src/amber/support/message_encryptor.cr:24:9 in 'verify_and_decrypt'
from lib/amber/src/amber/support/file_encryptor.cr:10:7 in 'read'
from lib/amber/src/amber/support/file_encryptor.cr:19:18 in 'read_as_string'
from lib/amber/src/amber/support/file_encryptor.cr:18:5 in 'read_as_string'
from lib/amber/src/amber/environment/loader.cr:16:9 in 'settings_content'
from lib/amber/src/amber/environment/loader.cr:9:26 in 'settings'
from lib/amber/src/amber.cr:24:3 in 'settings'
from config/initializers/database.cr:3:38 in '__crystal_main'
from /usr/share/crystal/src/crystal/main.cr:11:3 in '_crystal_main'
from /usr/share/crystal/src/crystal/main.cr:112:5 in 'main_user_code'
from /usr/share/crystal/src/crystal/main.cr:101:7 in 'main'
from /usr/share/crystal/src/crystal/main.cr:135:3 in 'main'
from __libc_start_main
from _start
from ???
up to date in 18.495s```

Versions

Trying it out on Ubuntu 16.04 VM ( works on my osx)
Crystal 0.24.2 [4f9ed8d03] (2018-03-08)
Amber CLI (amberframework.org) - v0.7.2

Additional Information

Here is output from openssl
shell Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 seed seed-cbc seed-cfb seed-ecb seed-ofb

question

All 10 comments

Hi @konung Interesting issue, I think this looks like a crystal-issue, although I guess maybe we're using some non-standard cipher algorithm

/cc @elorest

I followed the video deployment tutorial for digital ocean and ran into some issues. But that's for another ticket.

Yeah, that video is a bit outdated, we changed some things :sweat_smile:

We already have some open tickets about updating current documentation :+1:

Thanks for looking into it.
So this is related to the version of Openssl as well.
ON my mac where it all works, I have Openssl 1.1.1-dev
Where is my openssl on ubuntu was 1.0.2g ( which is the default one avaible from via apt )

So I downloaded and compiled latest opensssl, and it worked like a charm.

Here is the snippet:

sudo -s
cd /usr/local/src && apt install gcc make -y
wget https://www.openssl.org/source/openssl-1.1.1-pre4.tar.gz && tar xzvf openssl-1.1.1-pre4.tar.gz && cd openssl-1.1.1-pre4
./config -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)'
make
make install
reboot
openssl version

sudo -s 
nano /etc/ld.so.conf
include /usr/local/openssl/lib
ldconfig

@konung @faustinoaq aes-256-cbc is a very supported algorithm currently used as a recommended cypher for tls. It's also used by rails encryption. I actually just gave a talk on this at the ruby meetup this week. https://github.com/elorest/image_encrypter

I find it interesting that the cypher in question is actually listed in your available ciphers above. I'm currently running amber on on 2 macs and a couple linux computers without getting this issue.

How did you install openssl? You might need to brew install it on a mac as it's built in version might not have shared libs available. I've run into that issue with rails before.

Have you tried updating the open ssl package on the Ubuntu machine? And upgrade could correct the issue

Good point. I didn't notice you were on ubuntu.

@konung If you want to use openssl with programming ruby, go, python, crystal etc you have to install openssl-dev

sudo apt-get install openssl-dev

@konung This doesn't relate to your openssl problem, but there's no need to run amber watch in production. This stackoverflow question/answer has details on how to build and run your app in production mode (once you get the openssl issue figured out).

@robacarp Awesome. That was one of the things I was looking for! ( Would be a good to have a section like that in the deployment parts of the Guides I think. Something along the line, deploying with Nginx, load balancing & scaling)

@eliasjpr Good idea, but I'm using the latest one already (that's available via apt-get 1.0.2g). This is a brand new VM with Ubuntu 16.04.4 LTS . And all the packages updated and upgraded. I was able to compile several Rubies ( 2.4.2 & 2.5.1) with rbenv without any issues ( they also depend on openssl)

@elorest Great suggestion, but the package is actually libssl-dev ( not openssl-dev), and I have it installed ( It's a requirement for ruby-build as well). But If I get the latest one dev package from the openssl website and make install, amber starts up fine. However, it breaks my rbenv setup. So I need to try to play with versions and see which one works better. the latest stable one from the website is 1.1.0 ( I need to try that) and Ubutntu has Openssl 1.0.2g. The one that worked for my amber setup was Openssl 1.1.1-pre4

Thank you!

@konung are you good so we can close this issue?

Yep.

Thank you, everyone, for your time!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

olegsobchuk picture olegsobchuk  路  5Comments

faustinoaq picture faustinoaq  路  5Comments

elorest picture elorest  路  7Comments

sumwatt picture sumwatt  路  4Comments

Meldanor picture Meldanor  路  4Comments