Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Allow TLSv1 protocol by default #191

Closed
wants to merge 1 commit into from

4 participants

@betelgeuse

The current settings means httpclient will only do SSLv3 protocol. Using
the SSLv23 actually means trying to find the a working one including
TLSv1. For more details see:

http://www.openssl.org/docs/ssl/SSL_CTX_new.html

Here's also information on the same topic:

http://stackoverflow.com/questions/11059059/is-it-possible-to-enable-tls-v1-2-in-ruby-if-so-how

@betelgeuse betelgeuse Allow TLSv1 protocol by default
The current settings means httpclient will only do SSLv3 protocol. Using
the SSLv23 actually means trying to find the a working one including
TLSv1. For more details see:

http://www.openssl.org/docs/ssl/SSL_CTX_new.html
04618bf
@buildhive

Hiroshi Nakamura » httpclient #103 SUCCESS
This pull request looks good
(what's this?)

@glebtv glebtv referenced this pull request from a commit in glebtv/httpclient
@glebtv glebtv Allow SSLv2 also, fix spec 016035c
@terabyte

+1 on this PR please! With the heartbleed problem, many are switching to TLSv1_1 to attempt to get perfect forward secrecy, but it causes openssl to ignore HELO from SSLv2 and SSLv3, breaking things like httpclient with the current defaults. The link betelgeuse provided explains it all.

@nahi
Owner

I merged #186 and #204 for making httpclient do netogiate SSL version. Thank you!

@nahi nahi closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 16, 2014
  1. @betelgeuse

    Allow TLSv1 protocol by default

    betelgeuse authored
    The current settings means httpclient will only do SSLv3 protocol. Using
    the SSLv23 actually means trying to find the a working one including
    TLSv1. For more details see:
    
    http://www.openssl.org/docs/ssl/SSL_CTX_new.html
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  lib/httpclient/ssl_config.rb
View
2  lib/httpclient/ssl_config.rb
@@ -83,7 +83,7 @@ def initialize(client)
@verify_callback = nil
@dest = nil
@timeout = nil
- @ssl_version = "SSLv3"
+ @ssl_version = "SSLv23"
@options = defined?(SSL::OP_ALL) ? SSL::OP_ALL | SSL::OP_NO_SSLv2 : nil
# OpenSSL 0.9.8 default: "ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH"
@ciphers = "ALL:!aNULL:!eNULL:!SSLv2" # OpenSSL >1.0.0 default
Something went wrong with that request. Please try again.