kotovalexarian-likes-github/ruby--ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
Code Releases Activity

* ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was

Browse source 
dropping TLS v1.1 support too. Supporting only TLS v1.2 is too
  early, because many popular websites still don't support it.

  For instance, Servers where aws-sdk connects to still don't support
  TLS v1.2 and it became broken.

  We should consider more carefully about this.

  [Fix GH-873] [Feature #11524]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
sorah 2015-10-09 05:20:50 +00:00
parent 865c666fbb
commit e2d79c46c8
3 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
ChangeLog
View file

@ -1,3 +1,16 @@
Fri Oct 9 14:12:35 2015 Shota Fukumori (sora_h) <her@sorah.jp>
* ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was
dropping TLS v1.1 support too. Supporting only TLS v1.2 is too
early, because many popular websites still don't support it.
For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.
We should consider more carefully about this.
[Fix GH-873] [Feature #11524]
Fri Oct 9 12:52:08 2015 Shugo Maeda <shugo@ruby-lang.org> Fri Oct 9 12:52:08 2015 Shugo Maeda <shugo@ruby-lang.org>
* compile.c (iseq_compile_each): Dynamic string literals (e.g., * compile.c (iseq_compile_each): Dynamic string literals (e.g.,

2
NEWS
View file

@ -129,8 +129,6 @@ with all sufficient information, see the ChangeLog file.
* OpenSSL * OpenSSL
* OpenSSL::SSL::SSLSocket#accept_nonblock and * OpenSSL::SSL::SSLSocket#accept_nonblock and
OpenSSL::SSL::SSLSocket#connect_nonblock supports `exception: false`. OpenSSL::SSL::SSLSocket#connect_nonblock supports `exception: false`.
* OpenSSL::SSL::SSLContext defaults to TLS v1.2.
Please use `ctx.ssl_version = :TLSv1` or `:SSLv23` at your own risk.
* Pathname * Pathname
* Pathname#descend and Pathname#ascend supported blockless form. * Pathname#descend and Pathname#ascend supported blockless form.

9
ext/openssl/lib/openssl/ssl.rb
View file

@ -16,7 +16,7 @@ module OpenSSL
module SSL module SSL
class SSLContext class SSLContext
DEFAULT_PARAMS = { DEFAULT_PARAMS = {
:ssl_version => "TLSv1_2", :ssl_version => "SSLv23",
:verify_mode => OpenSSL::SSL::VERIFY_PEER, :verify_mode => OpenSSL::SSL::VERIFY_PEER,
:ciphers => %w{ :ciphers => %w{
ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
@ -59,7 +59,6 @@ module OpenSSL
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2) opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3) opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
opts |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1)
opts opts
}.call }.call
} }
@ -90,7 +89,7 @@ module OpenSSL
attr_accessor :tmp_dh_callback attr_accessor :tmp_dh_callback
if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME if ExtConfig::HAVE_TLSEXT_HOST_NAME
# A callback invoked at connect time to distinguish between multiple # A callback invoked at connect time to distinguish between multiple
# server names. # server names.
# #
@ -250,10 +249,10 @@ module OpenSSL
include Buffering include Buffering
include SocketForwarder include SocketForwarder
if OpenSSL::ExtConfig::OPENSSL_NO_SOCK if ExtConfig::OPENSSL_NO_SOCK
def initialize(io, ctx = nil); raise NotImplmentedError; end def initialize(io, ctx = nil); raise NotImplmentedError; end
else else
if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME if ExtConfig::HAVE_TLSEXT_HOST_NAME
attr_accessor :hostname attr_accessor :hostname
end end