1 files changed, 35 insertions, 0 deletions

diff --git a/lib/bundler/vendored_persistent.rb b/lib/bundler/vendored_persistent.rb
index 729ac6b6f5..de9c42fcc1 100644
--- a/lib/bundler/vendored_persistent.rb
+++ b/lib/bundler/vendored_persistent.rb
@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 # We forcibly require OpenSSL, because net/http/persistent will only autoload
 # it. On some Rubies, autoload fails but explicit require succeeds.
 begin
@@ -15,3 +16,37 @@ module Bundler
   end
 end
 require "bundler/vendor/net-http-persistent/lib/net/http/persistent"
+
+module Bundler
+  class PersistentHTTP < Persistent::Net::HTTP::Persistent
+    def connection_for(uri)
+      connection = super
+      warn_old_tls_version_rubygems_connection(uri, connection)
+      connection
+    end
+
+    def warn_old_tls_version_rubygems_connection(uri, connection)
+      return unless connection.use_ssl?
+      return unless (uri.host || "").end_with?("rubygems.org")
+
+      socket = connection.instance_variable_get(:@socket)
+      return unless socket
+      socket_io = socket.io
+      return unless socket_io.respond_to?(:ssl_version)
+      ssl_version = socket_io.ssl_version
+
+      case ssl_version
+      when /TLSv([\d\.]+)/
+        version = Gem::Version.new($1)
+        if version < Gem::Version.new("1.2")
+          Bundler.ui.warn \
+            "Warning: Your Ruby version is compiled against a copy of OpenSSL that is very old. " \
+            "Starting in January 2018, RubyGems.org will refuse connection requests from these " \
+            "very old versions of OpenSSL. If you will need to continue installing gems after " \
+            "January 2018, please follow this guide to upgrade: http://ruby.to/tls-outdated.",
+            :wrap => true
+        end
+      end
+    end
+  end
+end