diff options
author | sorah <sorah@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-10-09 05:20:50 +0000 |
---|---|---|
committer | sorah <sorah@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-10-09 05:20:50 +0000 |
commit | 20fd76e637a395492ca581d5bb9651bd9029d03a (patch) | |
tree | 277706643132475d0ab339ab56f4b1e49399d192 /ext | |
parent | 2f2c478db87c57594bd3945841db502fd680e6c5 (diff) | |
download | ruby-20fd76e637a395492ca581d5bb9651bd9029d03a.tar.gz |
* ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was
dropping TLS v1.1 support too. Supporting only TLS v1.2 is too
early, because many popular websites still don't support it.
For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.
We should consider more carefully about this.
[Fix GH-873] [Feature #11524]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
-rw-r--r-- | ext/openssl/lib/openssl/ssl.rb | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb index 308152e5d2..d3ae155a2a 100644 --- a/ext/openssl/lib/openssl/ssl.rb +++ b/ext/openssl/lib/openssl/ssl.rb @@ -16,7 +16,7 @@ module OpenSSL module SSL class SSLContext DEFAULT_PARAMS = { - :ssl_version => "TLSv1_2", + :ssl_version => "SSLv23", :verify_mode => OpenSSL::SSL::VERIFY_PEER, :ciphers => %w{ ECDHE-ECDSA-AES128-GCM-SHA256 @@ -59,7 +59,6 @@ module OpenSSL opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2) opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3) - opts |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1) opts }.call } @@ -90,7 +89,7 @@ module OpenSSL attr_accessor :tmp_dh_callback - if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME + if ExtConfig::HAVE_TLSEXT_HOST_NAME # A callback invoked at connect time to distinguish between multiple # server names. # @@ -250,10 +249,10 @@ module OpenSSL include Buffering include SocketForwarder - if OpenSSL::ExtConfig::OPENSSL_NO_SOCK + if ExtConfig::OPENSSL_NO_SOCK def initialize(io, ctx = nil); raise NotImplmentedError; end else - if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME + if ExtConfig::HAVE_TLSEXT_HOST_NAME attr_accessor :hostname end |