Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ssl: fix conflict of options in SSLContext#set_params
Make SSLContext#set_params call #options= first. SSLContext#set_params by default disables SSL 2.0 and SSL 3.0 by calling SSLContext#min_version=. After that, it sets the SSL option flags by calling SSLContext#options=. This is problematic when built with OpenSSL before 1.1.0 because SSLContext#min_version= achieves its goal using the SSL_OP_NO_{SSL,TLS}* options. Since the subsequent SSLContext#options= call replaces the flags rather than OR together, this results in effectively disabling min_version setting in SSLContext::DEFAULT_PARAMS. The issue was first fixed in Ruby trunk tree, as part of r60310 ("fix OpenSSL::SSL::SSLContext#min_version doesn't work", 2017-10-21).
- Loading branch information