* ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was

dropping TLS v1.1 support too. Supporting only TLS v1.2 is too early, because many popular websites still don't support it. For instance, Servers where aws-sdk connects to still don't support TLS v1.2 and it became broken. We should consider more carefully about this. [Fix GH-873] [Feature #11524] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2015-10-09 05:20:50 +00:00 · 2015-10-09 05:20:50 +00:00 · e2d79c46c8
commit e2d79c46c8
parent 865c666fbb
3 changed files with 17 additions and 7 deletions
--- a/13
+++ b/13
@ -1,3 +1,16 @@
+Fri Oct  9 14:12:35 2015  Shota Fukumori (sora_h)  <her@sorah.jp>
+
+	* ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was
+	  dropping TLS v1.1 support too. Supporting only TLS v1.2 is too
+	  early, because many popular websites still don't support it.
+	  
+	  For instance, Servers where aws-sdk connects to still don't support
+	  TLS v1.2 and it became broken.
+
+	  We should consider more carefully about this.
+
+	  [Fix GH-873] [Feature #11524]
+
 Fri Oct  9 12:52:08 2015  Shugo Maeda  <shugo@ruby-lang.org>

 	* compile.c (iseq_compile_each): Dynamic string literals (e.g.,
--- a/2
+++ b/2
@ -129,8 +129,6 @@ with all sufficient information, see the ChangeLog file.
 * OpenSSL
  * OpenSSL::SSL::SSLSocket#accept_nonblock and
    OpenSSL::SSL::SSLSocket#connect_nonblock supports `exception: false`.
-  * OpenSSL::SSL::SSLContext defaults to TLS v1.2.
-    Please use `ctx.ssl_version = :TLSv1` or `:SSLv23` at your own risk.

 * Pathname
  * Pathname#descend and Pathname#ascend supported blockless form.
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@ -16,7 +16,7 @@ module OpenSSL
  module SSL
    class SSLContext
      DEFAULT_PARAMS = {
-        :ssl_version => "TLSv1_2",
+        :ssl_version => "SSLv23",
        :verify_mode => OpenSSL::SSL::VERIFY_PEER,
        :ciphers => %w{
          ECDHE-ECDSA-AES128-GCM-SHA256
@ -59,7 +59,6 @@ module OpenSSL
          opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
          opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
          opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
-          opts |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1)
          opts
        }.call
      }
@ -90,7 +89,7 @@ module OpenSSL

      attr_accessor :tmp_dh_callback

-      if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME
+      if ExtConfig::HAVE_TLSEXT_HOST_NAME
        # A callback invoked at connect time to distinguish between multiple
        # server names.
        #
@ -250,10 +249,10 @@ module OpenSSL
      include Buffering
      include SocketForwarder

-      if OpenSSL::ExtConfig::OPENSSL_NO_SOCK
+      if ExtConfig::OPENSSL_NO_SOCK
        def initialize(io, ctx = nil); raise NotImplmentedError; end
      else
-        if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME
+        if ExtConfig::HAVE_TLSEXT_HOST_NAME
          attr_accessor :hostname
        end