diff options
author | Yusuke Endoh <mame@ruby-lang.org> | 2019-05-28 12:32:03 +0900 |
---|---|---|
committer | Yusuke Endoh <mame@ruby-lang.org> | 2019-06-05 21:11:22 +0900 |
commit | 133487fbccaae399c7ac7f97f92412db4ee8d305 (patch) | |
tree | eb03015debc069afd88c15c6e0478cfcafc1b81f /test | |
parent | 37b9e49db3087dad20019f6fd7c80c3b4b013d9d (diff) | |
download | ruby-openssl-133487fbccaae399c7ac7f97f92412db4ee8d305.tar.gz |
test/test_ssl.rb: Use TLS1.2
The test fails when using OpenSSL 1.1 that supports TLS1.3.
To make it pass, this change restricts max_version to TLS1.2.
We may need more work for TLS1.3.
Diffstat (limited to 'test')
-rw-r--r-- | test/test_ssl.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/test/test_ssl.rb b/test/test_ssl.rb index aaff37d6..125e73db 100644 --- a/test/test_ssl.rb +++ b/test/test_ssl.rb @@ -1361,7 +1361,12 @@ end # Server support better, so refuse the connection sock1, sock2 = socketpair begin + # This test is for the downgrade protection mechanism of TLS1.2. + # This is why ctx1 bounds max_version == TLS1.2. + # Otherwise, this test fails when using openssl 1.1.1 (or later) that supports TLS1.3. + # TODO: We may need another test for TLS1.3 because it seems to have a different mechanism. ctx1 = OpenSSL::SSL::SSLContext.new + ctx1.max_version = OpenSSL::SSL::TLS1_2_VERSION s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) ctx2 = OpenSSL::SSL::SSLContext.new |