diff options
author | zzak <zzak@ruby-lang.org> | 2015-10-08 05:26:44 +0000 |
---|---|---|
committer | zzak <zzak@ruby-lang.org> | 2015-10-08 05:26:44 +0000 |
commit | 316855e05b832e712cc9968b7c7d5b2de19e42d8 (patch) | |
tree | 5f8a803fa566c0be10148bba3296b50efa640477 /lib | |
parent | 02077ffce772c62939354114600f65ffd488d35b (diff) | |
download | ruby-openssl-history-316855e05b832e712cc9968b7c7d5b2de19e42d8.tar.gz |
* ext/openssl/lib/openssl/ssl.rb: Default to TLSv1.2 and drop TLS v1
Patch provided by @claudijd [Fixes GH-873] [Feature #11524]:
https://github.com/ruby/ruby/pull/873
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52082 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/openssl/ssl.rb | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb index d3ae155..308152e 100644 --- a/lib/openssl/ssl.rb +++ b/lib/openssl/ssl.rb @@ -16,7 +16,7 @@ module OpenSSL module SSL class SSLContext DEFAULT_PARAMS = { - :ssl_version => "SSLv23", + :ssl_version => "TLSv1_2", :verify_mode => OpenSSL::SSL::VERIFY_PEER, :ciphers => %w{ ECDHE-ECDSA-AES128-GCM-SHA256 @@ -59,6 +59,7 @@ module OpenSSL opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2) opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3) + opts |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1) opts }.call } @@ -89,7 +90,7 @@ module OpenSSL attr_accessor :tmp_dh_callback - if ExtConfig::HAVE_TLSEXT_HOST_NAME + if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME # A callback invoked at connect time to distinguish between multiple # server names. # @@ -249,10 +250,10 @@ module OpenSSL include Buffering include SocketForwarder - if ExtConfig::OPENSSL_NO_SOCK + if OpenSSL::ExtConfig::OPENSSL_NO_SOCK def initialize(io, ctx = nil); raise NotImplmentedError; end else - if ExtConfig::HAVE_TLSEXT_HOST_NAME + if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME attr_accessor :hostname end |