Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add HTTPClient::SSLConfig#ssl_version property

To configure OpenSSL::SSL::SSLContext#ssl_version from HTTPClient.
Closes #91.
  • Loading branch information...
commit a9ee0eeff04cd221c9df7f7fb5d5d836671c42c4 1 parent c327d9b
@nahi authored
Showing with 15 additions and 2 deletions.
  1. +14 −1 lib/httpclient/ssl_config.rb
  2. +1 −1  test/test_ssl.rb
View
15 lib/httpclient/ssl_config.rb
@@ -33,6 +33,8 @@ class HTTPClient
class SSLConfig
include OpenSSL if SSLEnabled
+ # String name of OpenSSL's SSL version method name: SSLv2, SSLv23 or SSLv3
+ attr_reader :ssl_version
# OpenSSL::X509::Certificate:: certificate for SSL client authenticateion.
# nil by default. (no client authenticateion)
attr_reader :client_cert
@@ -80,11 +82,21 @@ def initialize(client)
@verify_callback = nil
@dest = nil
@timeout = nil
+ # TODO: change to "SSLv3" in future versions to make harder to use SSLv2.
+ @ssl_version = "SSLv23"
@options = defined?(SSL::OP_ALL) ? SSL::OP_ALL | SSL::OP_NO_SSLv2 : nil
- @ciphers = "ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH"
+ # OpenSSL 0.9.8 default: "ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH"
+ @ciphers = "ALL:!aNULL:!eNULL:!SSLv2" # OpenSSL >1.0.0 default
@cacerts_loaded = false
end
+ # Sets SSL version method String. Possible values: "SSLv2" for SSL2,
+ # "SSLv3" for SSL3 and TLS1.x, "SSLv23" for SSL3 with fallback to SSL2.
+ def ssl_version=(ssl_version)
+ @ssl_version = ssl_version
+ change_notify
+ end
+
# Sets certificate (OpenSSL::X509::Certificate) for SSL client
# authentication.
# client_key and client_cert must be a pair.
@@ -271,6 +283,7 @@ def set_context(ctx) # :nodoc:
ctx.timeout = @timeout
ctx.options = @options
ctx.ciphers = @ciphers
+ ctx.ssl_version = @ssl_version
end
# post connection check proc for ruby < 1.8.5.
View
2  test/test_ssl.rb
@@ -34,7 +34,7 @@ def test_options
assert_nil(cfg.verify_callback)
assert_nil(cfg.timeout)
assert_equal(OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2, cfg.options)
- assert_equal("ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH", cfg.ciphers)
+ assert_equal("ALL:!aNULL:!eNULL:!SSLv2", cfg.ciphers)
assert_instance_of(OpenSSL::X509::Store, cfg.cert_store)
end
Please sign in to comment.
Something went wrong with that request. Please try again.