test/test_ssl.rb: Use TLS1.2

The test fails when using OpenSSL 1.1 that supports TLS1.3. To make it pass, this change restricts max_version to TLS1.2. We may need more work for TLS1.3.
author: Yusuke Endoh <mame@ruby-lang.org> 2019-05-28 12:32:03 +0900
committer: Yusuke Endoh <mame@ruby-lang.org> 2019-06-05 21:11:22 +0900
commit: 133487fbccaae399c7ac7f97f92412db4ee8d305 (patch)
tree: eb03015debc069afd88c15c6e0478cfcafc1b81f /test/test_ssl.rb
parent: 37b9e49db3087dad20019f6fd7c80c3b4b013d9d (diff)
download: ruby-openssl-133487fbccaae399c7ac7f97f92412db4ee8d305.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb
index aaff37d6..125e73db 100644
--- a/test/test_ssl.rb
+++ b/test/test_ssl.rb
@@ -1361,7 +1361,12 @@ end
     # Server support better, so refuse the connection
     sock1, sock2 = socketpair
     begin
+      # This test is for the downgrade protection mechanism of TLS1.2.
+      # This is why ctx1 bounds max_version == TLS1.2.
+      # Otherwise, this test fails when using openssl 1.1.1 (or later) that supports TLS1.3.
+      # TODO: We may need another test for TLS1.3 because it seems to have a different mechanism.
       ctx1 = OpenSSL::SSL::SSLContext.new
+      ctx1.max_version = OpenSSL::SSL::TLS1_2_VERSION
       s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
 
       ctx2 = OpenSSL::SSL::SSLContext.new
author	Yusuke Endoh <mame@ruby-lang.org>	2019-05-28 12:32:03 +0900
committer	Yusuke Endoh <mame@ruby-lang.org>	2019-06-05 21:11:22 +0900
commit	133487fbccaae399c7ac7f97f92412db4ee8d305 (patch)
tree	eb03015debc069afd88c15c6e0478cfcafc1b81f /test/test_ssl.rb
parent	37b9e49db3087dad20019f6fd7c80c3b4b013d9d (diff)
download	ruby-openssl-133487fbccaae399c7ac7f97f92412db4ee8d305.tar.gz