Following the guidance here, updated for Rails 3.2.x, I expected to be able to configure Rack::SSL to use the SSL filters only if an https:// prefix is included:
config.force_ssl = true
config.ssl_options = { :exclude => proc { |env| puts 'here? ' + env.to_s; env['HTTPS'] != 'on' } }
However, https works, where http fails with the following error:
[2012-10-29 15:37:03] ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv2/v3 read client hello A: http request
/Users/user/.rvm/rubies/ruby-1.9.3-p194/lib/ruby/1.9.1/openssl/ssl-internal.rb:164:in `accept'
The diagnostic code inserted into the lambda is not executed. How can I configure Rack:SSL in Rails 3.2.x to respond to both HTTP and HTTPS?
Rails 3.2.8, WEBrick configured for SSL using a self-signed cert.
The ability to use the exclude option in the options hash has been removed as of May 2012 for some reason: https://github.com/rails/rails/pull/5515
The error I was seeing was a red herring. The exclude was being ignored and the http:// request was being redirected in ActionDispatch::SSL to https://. OpenSSL was then choking (I assume) because of the protocol mismatch.
The solution is to use the rack-ssl gem, as suggested here. This is essentially identical to ActionDispatch::SSL, except that the exclude option is still respected.