ssl: use TLS_method() instead of SSLv23_method() for LibreSSL

LibreSSL 2.2.2 introduced TLS_method(), but with different semantics from OpenSSL: TLS_method() enabled TLS >= 1.0 while SSLv23_method() enabled all available versions, which included SSL 3.0 in addition. However, LibreSSL 2.3.0 removed SSL 3.0 support completely and now TLS_method() and SSLv23_method() are equivalent.
ruby · Apr 4, 2021 · 3b7d704 · 3b7d704
1 parent 2ae8f21
commit 3b7d704
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
@@ -81,7 +81,7 @@ ossl_sslctx_s_alloc(VALUE klass)
     VALUE obj;
 
     obj = TypedData_Wrap_Struct(klass, &ossl_sslctx_type, 0);
-#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
     ctx = SSL_CTX_new(TLS_method());
 #else
     ctx = SSL_CTX_new(SSLv23_method());