[ruby/drb] Support :SSL{Min,Max}Version config options

These are necessary to get the tests passing with LibreSSL 3.8.1+,
which dropped support for TLSv1.0 and TLSv1.1 for security reasons.

This updates the tests to use TLSv1.2 on OpenBSD.  This is only
strictly necessary on OpenBSD 7.4+, but it will work fine in previous
versions as well.

https://github.com/ruby/drb/commit/32707b2db5

1 files changed, 10 insertions, 0 deletions

diff --git a/lib/drb/ssl.rb b/lib/drb/ssl.rb
index 54ab1ef395..392d6560e9 100644
--- a/lib/drb/ssl.rb
+++ b/lib/drb/ssl.rb
@@ -73,6 +73,14 @@ module DRb
       # :SSLTmpDhCallback ::
       #   A DH callback. See OpenSSL::SSL::SSLContext.tmp_dh_callback
       #
+      # :SSLMinVersion ::
+      #   This is the minimum SSL version to allow.  See
+      #   OpenSSL::SSL::SSLContext#min_version=.
+      #
+      # :SSLMaxVersion ::
+      #   This is the maximum SSL version to allow.  See
+      #   OpenSSL::SSL::SSLContext#max_version=.
+      #
       # :SSLVerifyMode ::
       #   This is the SSL verification mode.  See OpenSSL::SSL::VERIFY_* for
       #   available modes.  The default is OpenSSL::SSL::VERIFY_NONE
@@ -208,6 +216,8 @@ module DRb
         ctx = ::OpenSSL::SSL::SSLContext.new
         ctx.cert            = @cert
         ctx.key             = @pkey
+        ctx.min_version     = self[:SSLMinVersion]
+        ctx.max_version     = self[:SSLMaxVersion]
         ctx.client_ca       = self[:SSLClientCA]
         ctx.ca_path         = self[:SSLCACertificatePath]
         ctx.ca_file         = self[:SSLCACertificateFile]