kotovalexarian-likes-github/puma--puma
1
0
Fork 0
mirror of https://github.com/puma/puma.git synced 2022-11-09 13:48:40 -05:00
Code Releases Activity

Remove enable_SSLv3 support from JRuby

Browse source 
The C implementation has not supported SSLv3 at all since #591, and
SSLv3 is disabled by default in java now
(http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html)
so we can drop support from JRuby.
This commit is contained in:
Daniel Marcotte 2015-05-01 16:49:48 -07:00
parent 6995981303
commit abcce826d1
3 changed files with 1 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ext/puma_http11/org/jruby/puma/MiniSSL.java
View file

@ -153,13 +153,7 @@ public class MiniSSL extends RubyObject {
sslCtx.init(kmf.getKeyManagers(), null, null); sslCtx.init(kmf.getKeyManagers(), null, null);
engine = sslCtx.createSSLEngine(); engine = sslCtx.createSSLEngine();
IRubyObject enableSSLv3 = miniSSLContext.callMethod(threadContext, "enable_SSLv3"); String[] protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
String[] protocols;
if (enableSSLv3 instanceof RubyBoolean && enableSSLv3.isTrue()) {
protocols = new String[] { "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" };
} else {
protocols = new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" };
}
engine.setEnabledProtocols(protocols); engine.setEnabledProtocols(protocols);
engine.setUseClientMode(false); engine.setUseClientMode(false);

5
lib/puma/minissl.rb
View file

@ -95,11 +95,6 @@ module Puma
# jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair # jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair
attr_reader :keystore attr_reader :keystore
attr_accessor :keystore_pass attr_accessor :keystore_pass
attr_accessor :enable_SSLv3
def initialize
@enable_SSLv3 = false
end
def keystore=(keystore) def keystore=(keystore)
raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore

37
test/test_puma_server_ssl.rb
View file

@ -97,41 +97,4 @@ class TestPumaServerSSL < Test::Unit::TestCase
end end
end end
if defined?(JRUBY_VERSION)
def test_enabling_ssl_v3_support
@server.stop(true)
@ctx.enable_SSLv3 = true
@server = Puma::Server.new @app, @events
@server.add_ssl_listener @host, @port, @ctx
@server.run
@http.ssl_version='SSLv3'
body = nil
@http.start do
req = Net::HTTP::Get.new "/", {}
@http.request(req) do |rep|
body = rep.body
end
end
assert_equal "https", body
end
def test_enabling_ssl_v3_support_requires_true
@server.stop(true)
@ctx.enable_SSLv3 = "truthy but not true"
@server = Puma::Server.new @app, @events
@server.add_ssl_listener @host, @port, @ctx
@server.run
@http.ssl_version='SSLv3'
assert_raises(OpenSSL::SSL::SSLError) do
@http.start do
Net::HTTP::Get.new '/'
end
end
end
end
end end