Project

General

Profile

Actions

Bug #11376

closed

Stop using SSLv3 methods

Added by kroeckx (Kurt Roeckx) over 9 years ago. Updated about 9 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:70045]

Description

If openssl is compiled using the OPENSSL_NO_SSL3_METHOD you can't compile ruby anymore since it will still try to use the SSLv3_*_method()s.

Please stop using those method at least when they're not available.

It would also be nice that you actually stopped version specific methods like TLSv1_1_method() and that you only use the SSLv23method()s or TLS*_methods (only available in development branch). If you want to restrict the version that can be instead please use things like SSL_OP_NO_SSLv3.


Files

ruby-sslv3.diff (1.13 KB) ruby-sslv3.diff kili (Matthias Kilian), 08/28/2015 01:27 PM

Updated by zzak (zzak _) over 9 years ago

  • Status changed from Open to Assigned
Actions #2

Updated by kroeckx (Kurt Roeckx) over 9 years ago

Is there any ETA of when I can expect this to be resolved? Do you need some help or more info?

I would like to see this fixed in Debian as soon as possible, because I would like to drop support for that and ruby is really my biggest blocker at this point.

Actions #3

Updated by kili (Matthias Kilian) over 9 years ago

Kurt Roeckx wrote:

Is there any ETA of when I can expect this to be resolved? Do you need some help or more info?

Since OpenBSD removed SSLv3 from libressl a few days ago, I've committed patches similar to the attached one to all ruby ports in the OpenBSD ports tree.

Actions #4

Updated by Anonymous over 9 years ago

  • Status changed from Assigned to Closed

Applied in changeset r51722.


  • ext/openssl/ossl_ssl.c (static const struct): Only add SSLv3 support
    if the SSL library supports it. Thanks Kurt Roeckx
    [Bug #11376]

  • ext/openssl/extconf.rb: check for SSLv3 support in the SSL
    implementation.

  • test/openssl/test_ssl.rb (class OpenSSL): Skip tests that need SSLv3
    if there is no support.

Updated by nagachika (Tomoyuki Chikanaga) about 9 years ago

  • Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED

Updated by usa (Usaku NAKAMURA) about 9 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE, 2.2: REQUIRED

ruby_2_1 r52642 merged revision(s) 51722,51724.

Updated by nagachika (Tomoyuki Chikanaga) about 9 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: DONE, 2.2: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE, 2.2: DONE

Backported into ruby_2_2 branch at r52649.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0