test/test_ssl.rb: Use TLS1.2

[ This is a backport to the 2.1 branch. ] The test fails when using OpenSSL 1.1 that supports TLS1.3. To make it pass, this change restricts max_version to TLS1.2. We may need more work for TLS1.3. (cherry picked from commit 133487fbccaae399c7ac7f97f92412db4ee8d305)
author: Yusuke Endoh <mame@ruby-lang.org> 2019-05-28 12:32:03 +0900
committer: Kazuki Yamaguchi <k@rhe.jp> 2021-09-26 19:18:31 +0900
commit: 152afd40e17b70c32f048f1716f592d0a147a45e (patch)
tree: 92f36011b106ea23768086069f6e17dfd77b2abe
parent: 21d1c5ab84a4941e8d2510063f8cb36b6433398d (diff)
download: ruby-openssl-152afd40e17b70c32f048f1716f592d0a147a45e.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb
index a3514ef1..b911de80 100644
--- a/test/test_ssl.rb
+++ b/test/test_ssl.rb
@@ -1401,7 +1401,12 @@ end
     # Server support better, so refuse the connection
     sock1, sock2 = socketpair
     begin
+      # This test is for the downgrade protection mechanism of TLS1.2.
+      # This is why ctx1 bounds max_version == TLS1.2.
+      # Otherwise, this test fails when using openssl 1.1.1 (or later) that supports TLS1.3.
+      # TODO: We may need another test for TLS1.3 because it seems to have a different mechanism.
       ctx1 = OpenSSL::SSL::SSLContext.new
+      ctx1.max_version = OpenSSL::SSL::TLS1_2_VERSION
       s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
 
       ctx2 = OpenSSL::SSL::SSLContext.new
author	Yusuke Endoh <mame@ruby-lang.org>	2019-05-28 12:32:03 +0900
committer	Kazuki Yamaguchi <k@rhe.jp>	2021-09-26 19:18:31 +0900
commit	152afd40e17b70c32f048f1716f592d0a147a45e (patch)
tree	92f36011b106ea23768086069f6e17dfd77b2abe
parent	21d1c5ab84a4941e8d2510063f8cb36b6433398d (diff)
download	ruby-openssl-152afd40e17b70c32f048f1716f592d0a147a45e.tar.gz