Bug #9424 » change_ssl_defaults.diff
| ext/openssl/lib/openssl/ssl.rb (Arbeitskopie) | ||
|---|---|---|
|
DEFAULT_PARAMS = {
|
||
|
:ssl_version => "SSLv23",
|
||
|
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
|
||
|
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
|
||
|
:options => defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ?
|
||
|
OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS :
|
||
|
OpenSSL::SSL::OP_ALL,
|
||
|
:ciphers => "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!aNULL:!MD5:!DSS",
|
||
|
:options => -> {
|
||
|
opts = OpenSSL::SSL::OP_ALL
|
||
|
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
|
||
|
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
|
||
|
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
|
||
|
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
|
||
|
opts
|
||
|
}.call
|
||
|
}
|
||
|
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
|
||