HTTPS in Ruby

Recently, we switched communication between our internal backend services to use SSL/TLS. In cases when have Go talking to Go the switch from HTTP to HTTPS proved very simple.

There are, however, instances where Go talks with Ruby. After the success with Go, we prepared everything, set up parallel HTTP and HTTPS endpoints to ease the transition and limit the downtime.

Everything went well until we switched Ruby code to use the HTTPS endpoint. Debugging of the issue was pretty straightforward: when creating an HTTPS request in Ruby, you need to call Net::HTTP#use_ssl= to turn on the SSL machinery.

OK, adding this option solved the problem and everything started running with SSL, but it is not at all clear, why there needs to be an explicit call to make it work. Ruby is generally good at having reasonable defaults; when creating a request for a URL with https as a protocol it seems like a good bet that we want to use SSL. There really doesn’t seem to be a reasonable situation when the current behaviour would be the desired one. It leads me to think that it is just an artifact of some very early decision from way back when the Net::HTTP library was first written which somehow ossified in place. It might even be one of the reasons why there are so many HTTP gems available.

In any case, there is probably an interesting story behind this function which I would love to know. Learning it would not alleviate the need to call req.use_ssl = true but it might give some insight into the development process.