diff options
author | Yusuke Endoh <mame@ruby-lang.org> | 2019-05-28 12:32:03 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2021-09-26 19:18:31 +0900 |
commit | 152afd40e17b70c32f048f1716f592d0a147a45e (patch) | |
tree | 92f36011b106ea23768086069f6e17dfd77b2abe | |
parent | 21d1c5ab84a4941e8d2510063f8cb36b6433398d (diff) | |
download | ruby-openssl-152afd40e17b70c32f048f1716f592d0a147a45e.tar.gz |
test/test_ssl.rb: Use TLS1.2
[ This is a backport to the 2.1 branch. ]
The test fails when using OpenSSL 1.1 that supports TLS1.3.
To make it pass, this change restricts max_version to TLS1.2.
We may need more work for TLS1.3.
(cherry picked from commit 133487fbccaae399c7ac7f97f92412db4ee8d305)
-rw-r--r-- | test/test_ssl.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index a3514ef1..b911de80 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -1401,7 +1401,12 @@ end # Server support better, so refuse the connection sock1, sock2 = socketpair begin + # This test is for the downgrade protection mechanism of TLS1.2. + # This is why ctx1 bounds max_version == TLS1.2. + # Otherwise, this test fails when using openssl 1.1.1 (or later) that supports TLS1.3. + # TODO: We may need another test for TLS1.3 because it seems to have a different mechanism. ctx1 = OpenSSL::SSL::SSLContext.new + ctx1.max_version = OpenSSL::SSL::TLS1_2_VERSION s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) ctx2 = OpenSSL::SSL::SSLContext.new |