From 5b497d96d401de0d9ca28909efd39f7f8201bc21 Mon Sep 17 00:00:00 2001
From: Jason Woods <devel@jasonwoods.me.uk>
Date: Sat, 4 Apr 2015 13:39:20 +0100
Subject: [PATCH 1/2] Add SSLSocket ssl_version property like MRI has

---
 .../java/org/jruby/ext/openssl/SSLSocket.java |  6 ++++
 src/test/ruby/ssl/test_ssl.rb                 | 28 ++++++++++++++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/jruby/ext/openssl/SSLSocket.java b/src/main/java/org/jruby/ext/openssl/SSLSocket.java
index 3ffc934f..965967dc 100644
--- a/src/main/java/org/jruby/ext/openssl/SSLSocket.java
+++ b/src/main/java/org/jruby/ext/openssl/SSLSocket.java
@@ -854,6 +854,12 @@ public IRubyObject set_session(IRubyObject session) {
         return getRuntime().getNil(); // throw new UnsupportedOperationException();
     }
 
+    @JRubyMethod
+    public IRubyObject ssl_version() {
+        if ( engine == null ) return getRuntime().getNil();
+        return getRuntime().newString( engine.getSession().getProtocol() );
+    }
+
     private SocketChannel getSocketChannel() {
         return (SocketChannel) io.getChannel();
     }
diff --git a/src/test/ruby/ssl/test_ssl.rb b/src/test/ruby/ssl/test_ssl.rb
index 305fc4de..8c75a93f 100644
--- a/src/test/ruby/ssl/test_ssl.rb
+++ b/src/test/ruby/ssl/test_ssl.rb
@@ -82,4 +82,30 @@ def test_post_connection_check
     end
   end
 
-end
\ No newline at end of file
+  def test_ssl_version_sslv3
+    ctx_proc = Proc.new do |ctx|
+      ctx.ssl_version = "SSLv3"
+    end
+    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc) do |server, port|
+      sock = TCPSocket.new("127.0.0.1", port)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock)
+      ssl.connect
+      assert_equal("SSLv3", ssl.ssl_version)
+      ssl.close
+    end
+  end
+
+  def test_ssl_version_tlsv1
+    ctx_proc = Proc.new do |ctx|
+      ctx.ssl_version = "TLSv1"
+    end
+    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc) do |server, port|
+      sock = TCPSocket.new("127.0.0.1", port)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock)
+      ssl.connect
+      assert_equal("TLSv1", ssl.ssl_version)
+      ssl.close
+    end
+  end
+
+end

From 2ce855b6178fa3c6b941cd92437b9421ae626e95 Mon Sep 17 00:00:00 2001
From: Jason Woods <devel@jasonwoods.me.uk>
Date: Tue, 7 Apr 2015 09:04:34 +0100
Subject: [PATCH 2/2] Disable the SSLv3 ssl_version test in CI as it currently
 fails on some JVM versions

---
 src/test/ruby/ssl/test_ssl.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/test/ruby/ssl/test_ssl.rb b/src/test/ruby/ssl/test_ssl.rb
index 8c75a93f..1a04cd3e 100644
--- a/src/test/ruby/ssl/test_ssl.rb
+++ b/src/test/ruby/ssl/test_ssl.rb
@@ -83,6 +83,10 @@ def test_post_connection_check
   end
 
   def test_ssl_version_sslv3
+    skip('Disable SSLv3 test in CI as it currently fails on some JVM versions') unless ENV['CI'].nil?
+    # This test appears to fail on Oracle JDK 1.7.0_76 but not Oracle JDK 1.6.0_65
+    # The test (client) reports Connection reset by peer
+    # The server reports "No appropriate protocol (protocol is disabled or cipher suites are inappropriate)"
     ctx_proc = Proc.new do |ctx|
       ctx.ssl_version = "SSLv3"
     end