[前][次][番号順一覧][スレッド一覧]

ruby-changes:40008

From: sorah <ko1@a...>
Date: Fri, 9 Oct 2015 14:20:59 +0900 (JST)
Subject: [ruby-changes:40008] sorah:r52089 (trunk): * ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was

sorah	2015-10-09 14:20:50 +0900 (Fri, 09 Oct 2015)

  New Revision: 52089

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=52089

  Log:
    * ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was
      dropping TLS v1.1 support too. Supporting only TLS v1.2 is too
      early, because many popular websites still don't support it.
    
      For instance, Servers where aws-sdk connects to still don't support
      TLS v1.2 and it became broken.
    
      We should consider more carefully about this.
    
      [Fix GH-873] [Feature #11524]

  Modified files:
    trunk/ChangeLog
    trunk/NEWS
    trunk/ext/openssl/lib/openssl/ssl.rb
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 52088)
+++ ChangeLog	(revision 52089)
@@ -1,3 +1,16 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Fri Oct  9 14:12:35 2015  Shota Fukumori (sora_h)  <her@s...>
+
+	* ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was
+	  dropping TLS v1.1 support too. Supporting only TLS v1.2 is too
+	  early, because many popular websites still don't support it.
+	  
+	  For instance, Servers where aws-sdk connects to still don't support
+	  TLS v1.2 and it became broken.
+
+	  We should consider more carefully about this.
+
+	  [Fix GH-873] [Feature #11524]
+
 Fri Oct  9 12:52:08 2015  Shugo Maeda  <shugo@r...>
 
 	* compile.c (iseq_compile_each): Dynamic string literals (e.g.,
Index: ext/openssl/lib/openssl/ssl.rb
===================================================================
--- ext/openssl/lib/openssl/ssl.rb	(revision 52088)
+++ ext/openssl/lib/openssl/ssl.rb	(revision 52089)
@@ -16,7 +16,7 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L16
   module SSL
     class SSLContext
       DEFAULT_PARAMS = {
-        :ssl_version => "TLSv1_2",
+        :ssl_version => "SSLv23",
         :verify_mode => OpenSSL::SSL::VERIFY_PEER,
         :ciphers => %w{
           ECDHE-ECDSA-AES128-GCM-SHA256
@@ -59,7 +59,6 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L59
           opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
           opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
           opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
-          opts |= OpenSSL::SSL::OP_NO_TLSv1 if defined?(OpenSSL::SSL::OP_NO_TLSv1)
           opts
         }.call
       }
@@ -90,7 +89,7 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L89
 
       attr_accessor :tmp_dh_callback
 
-      if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME
+      if ExtConfig::HAVE_TLSEXT_HOST_NAME
         # A callback invoked at connect time to distinguish between multiple
         # server names.
         #
@@ -250,10 +249,10 @@ module OpenSSL https://github.com/ruby/ruby/blob/trunk/ext/openssl/lib/openssl/ssl.rb#L249
       include Buffering
       include SocketForwarder
 
-      if OpenSSL::ExtConfig::OPENSSL_NO_SOCK
+      if ExtConfig::OPENSSL_NO_SOCK
         def initialize(io, ctx = nil); raise NotImplmentedError; end
       else
-        if OpenSSL::ExtConfig::HAVE_TLSEXT_HOST_NAME
+        if ExtConfig::HAVE_TLSEXT_HOST_NAME
           attr_accessor :hostname
         end
 
Index: NEWS
===================================================================
--- NEWS	(revision 52088)
+++ NEWS	(revision 52089)
@@ -129,8 +129,6 @@ with all sufficient information, see the https://github.com/ruby/ruby/blob/trunk/NEWS#L129
 * OpenSSL
   * OpenSSL::SSL::SSLSocket#accept_nonblock and
     OpenSSL::SSL::SSLSocket#connect_nonblock supports `exception: false`.
-  * OpenSSL::SSL::SSLContext defaults to TLS v1.2.
-    Please use `ctx.ssl_version = :TLSv1` or `:SSLv23` at your own risk.
 
 * Pathname
   * Pathname#descend and Pathname#ascend supported blockless form.

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]