Project

General

Profile

Actions
Copy link

Bug #11376

closed

Stop using SSLv3 methods

Bug #11376: Stop using SSLv3 methods

Added by kroeckx (Kurt Roeckx) about 10 years ago. Updated almost 10 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
Backport:
2.0.0: REQUIRED, 2.1: DONE, 2.2: DONE
[ruby-core:70045]

Description

If openssl is compiled using the OPENSSL_NO_SSL3_METHOD you can't compile ruby anymore since it will still try to use the SSLv3_*_method()s.

Please stop using those method at least when they're not available.

It would also be nice that you actually stopped version specific methods like TLSv1_1_method() and that you only use the SSLv23method()s or TLS*_methods (only available in development branch). If you want to restrict the version that can be instead please use things like SSL_OP_NO_SSLv3.

Files

ruby-sslv3.diff (1.13 KB) ruby-sslv3.diff kili (Matthias Kilian), 08/28/2015 01:27 PM
Actions
Copy link

Also available in: PDF Atom