Skip to content

Add negotiated SSL protocol and cipher to Net::HTTP debug output #1877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add negotiated SSL protocol and cipher to Net::HTTP debug output #1877

wants to merge 1 commit into from

Conversation

bdewater
Copy link
Contributor

@bdewater bdewater commented May 30, 2018
edited
Loading

This makes is easier to verify what Ruby has negotiated with the server. An example of why you'd want to double check; for credit card payment data the PCI DSS mandates that TLS 1.1 or newer is used after June 30.

Example output:

opening connection to stripe.com:443...
opened
starting SSL for stripe.com:443...
SSL established, protocol: TLSv1.2, cipher: ECDHE-RSA-AES128-GCM-SHA256

@bdewater bdewater mentioned this pull request May 31, 2018
Merged
@bdewater
Copy link
Contributor Author

I've taken a slightly different approach to fix this in activemerchant/active_merchant#2862 to fix my immediate problem. This made me wonder if we should expose this in a way more similar to peer_cert or just keep it as is. Thoughts?

ruby/lib/net/http.rb

Lines 888 to 893 in 96db72c

def peer_cert
if not use_ssl? or not @socket
return nil
end
@socket.io.peer_cert
end

@bdewater
Copy link
Contributor Author

bdewater commented May 31, 2018
edited
Loading

Come to think of it - if this is something you care about Ruby 2.5 already offers min_version= and max_version=, and the connection will fail if those cannot be met. I think this logging change is fine for diagnostics and we don't need reader methods.

@bdewater
Copy link
Contributor Author

@yuki24 is there anything I can do to get this merged?

@bdewater bdewater force-pushed the debug-negotiated-ssl-version branch from ee368e7 to f62102d Compare August 19, 2018 13:56
matzbot pushed a commit that referenced this pull request Oct 20, 2018
@nurse
Add negotiated SSL protocol and cipher to Net::HTTP debug output
57c033b 
From: Bart de Water <bartdewater@gmail.com>
#1877 [Feature #15009]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
@bdewater
Copy link
Contributor Author

https://bugs.ruby-lang.org/issues/15009 has been merged, thank you!

@bdewater bdewater closed this Oct 21, 2018
@bdewater bdewater deleted the debug-negotiated-ssl-version branch October 21, 2018 13:43
hsbt pushed a commit to ruby/net-http that referenced this pull request Feb 21, 2020
@nurse @hsbt
Add negotiated SSL protocol and cipher to Net::HTTP debug output
b38f9b9 
From: Bart de Water <bartdewater@gmail.com>
ruby/ruby#1877 [Feature #15009]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
@hsbt hsbt added the Backport label Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuki24 yuki24 yuki24 approved these changes

Assignees
No one assigned
Labels
Backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bdewater @yuki24 @hsbt