Bug #11376
closedStop using SSLv3 methods
Description
If openssl is compiled using the OPENSSL_NO_SSL3_METHOD you can't compile ruby anymore since it will still try to use the SSLv3_*_method()s.
Please stop using those method at least when they're not available.
It would also be nice that you actually stopped version specific methods like TLSv1_1_method() and that you only use the SSLv23method()s or TLS*_methods (only available in development branch). If you want to restrict the version that can be instead please use things like SSL_OP_NO_SSLv3.
Files
Updated by zzak (zzak _) over 9 years ago
- Status changed from Open to Assigned
Updated by kroeckx (Kurt Roeckx) over 9 years ago
Is there any ETA of when I can expect this to be resolved? Do you need some help or more info?
I would like to see this fixed in Debian as soon as possible, because I would like to drop support for that and ruby is really my biggest blocker at this point.
Updated by kili (Matthias Kilian) over 9 years ago
- File ruby-sslv3.diff ruby-sslv3.diff added
Kurt Roeckx wrote:
Is there any ETA of when I can expect this to be resolved? Do you need some help or more info?
Since OpenBSD removed SSLv3 from libressl a few days ago, I've committed patches similar to the attached one to all ruby ports in the OpenBSD ports tree.
Updated by Anonymous over 9 years ago
- Status changed from Assigned to Closed
Applied in changeset r51722.
-
ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 support
if the SSL library supports it. Thanks Kurt Roeckx kurt@roeckx.be
[Bug #11376] -
ext/openssl/extconf.rb: check for SSLv3 support in the SSL
implementation. -
test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
if there is no support.
Updated by nagachika (Tomoyuki Chikanaga) about 9 years ago
- Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED
Updated by usa (Usaku NAKAMURA) about 9 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE, 2.2: REQUIRED
ruby_2_1 r52642 merged revision(s) 51722,51724.
Updated by nagachika (Tomoyuki Chikanaga) about 9 years ago
- Backport changed from 2.0.0: REQUIRED, 2.1: DONE, 2.2: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE, 2.2: DONE
Backported into ruby_2_2
branch at r52649.