diff options
author | Jeremy Evans <code@jeremyevans.net> | 2023-10-18 22:13:12 +0100 |
---|---|---|
committer | git <svn-admin@ruby-lang.org> | 2023-10-18 21:13:21 +0000 |
commit | de0764501987aff0f9b19594a2cbd5583ccce660 (patch) | |
tree | 638601ada0bfa6ee37b32474b1dea6609cdd88ab /lib/drb/ssl.rb | |
parent | f51b92fe231266a1a184b8329d43520599d2017b (diff) | |
download | ruby-de0764501987aff0f9b19594a2cbd5583ccce660.tar.gz |
[ruby/drb] Support :SSL{Min,Max}Version config options
These are necessary to get the tests passing with LibreSSL 3.8.1+,
which dropped support for TLSv1.0 and TLSv1.1 for security reasons.
This updates the tests to use TLSv1.2 on OpenBSD. This is only
strictly necessary on OpenBSD 7.4+, but it will work fine in previous
versions as well.
https://github.com/ruby/drb/commit/32707b2db5
Diffstat (limited to 'lib/drb/ssl.rb')
-rw-r--r-- | lib/drb/ssl.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/drb/ssl.rb b/lib/drb/ssl.rb index 54ab1ef395..392d6560e9 100644 --- a/lib/drb/ssl.rb +++ b/lib/drb/ssl.rb @@ -73,6 +73,14 @@ module DRb # :SSLTmpDhCallback :: # A DH callback. See OpenSSL::SSL::SSLContext.tmp_dh_callback # + # :SSLMinVersion :: + # This is the minimum SSL version to allow. See + # OpenSSL::SSL::SSLContext#min_version=. + # + # :SSLMaxVersion :: + # This is the maximum SSL version to allow. See + # OpenSSL::SSL::SSLContext#max_version=. + # # :SSLVerifyMode :: # This is the SSL verification mode. See OpenSSL::SSL::VERIFY_* for # available modes. The default is OpenSSL::SSL::VERIFY_NONE @@ -208,6 +216,8 @@ module DRb ctx = ::OpenSSL::SSL::SSLContext.new ctx.cert = @cert ctx.key = @pkey + ctx.min_version = self[:SSLMinVersion] + ctx.max_version = self[:SSLMaxVersion] ctx.client_ca = self[:SSLClientCA] ctx.ca_path = self[:SSLCACertificatePath] ctx.ca_file = self[:SSLCACertificateFile] |