diff options
| author | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-12-18 02:02:43 +0000 |
|---|---|---|
| committer | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-12-18 02:02:43 +0000 |
| commit | 84f1dae9d637a2038d1b395bcc2f22404770d2d7 (patch) | |
| tree | 81b323155d26e9eeb2cd8cd4241bbe642dc49ff2 /ext/openssl/lib/openssl | |
| parent | f5a32acb97dec5c798001f2eb6d31bb78fda0113 (diff) | |
| download | ruby-84f1dae9d637a2038d1b395bcc2f22404770d2d7.tar.gz | |
* ext/openssl/lib/ssl.rb: Enable insertion of empty fragments as a
countermeasure for the BEAST attack by default. The default options
of OpenSSL::SSL:SSLContext are now:
OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
[Bug #5353] [ruby-core:39673]
* test/openssl/test_ssl.rb: Adapt tests to new SSLContext default.
* NEWS: Announce the new default.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/openssl/lib/openssl')
| -rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index 268e8e9d67..bc3b781e64 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -24,7 +24,9 @@ module OpenSSL :ssl_version => "SSLv23", :verify_mode => OpenSSL::SSL::VERIFY_PEER, :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", - :options => OpenSSL::SSL::OP_ALL, + :options => defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ? + OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS : + OpenSSL::SSL::OP_ALL, } DEFAULT_CERT_STORE = OpenSSL::X509::Store.new |