Project

General

Profile

Feature #11524

Use TLS 1.2 to default version of OpenSSL

Added by hsbt (Hiroshi SHIBATA) almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
openssl
Target version:
-
[ruby-core:<unknown>]

Description

OpenSSL on trunk still use SSL version 3 with default option. but SSLv3 have some vulnerability.

I propose to use TLS 1.2 with default on OpenSSL library.

see original proposal: https://github.com/ruby/ruby/pull/873

In other side, HTTP/2 must be required TLS 1.2 protocol. We should change it before http client
author put ctx.ssl_version = :TLSv1_2 every their code.

ref. https://http2.github.io/http2-spec/#TLSUsage

Associated revisions

Revision 4b395bb4
Added by zzak (Zachary Scott) almost 4 years ago

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52082 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 52082
Added by zzak (Zachary Scott) almost 4 years ago

Revision 52082
Added by zzak (Zachary Scott) almost 4 years ago

Revision 52082
Added by zzak (Zachary Scott) almost 4 years ago

Revision 52082
Added by zzak (Zachary Scott) almost 4 years ago

Revision 52082
Added by zzak (Zachary Scott) almost 4 years ago

Revision e2d79c46
Added by sorah (Sorah Fukumori) almost 4 years ago

  • ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was dropping TLS v1.1 support too. Supporting only TLS v1.2 is too early, because many popular websites still don't support it.

For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.

We should consider more carefully about this.

[Fix GH-873] [Feature #11524]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@52089 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 52089
Added by sorah (Sorah Fukumori) almost 4 years ago

  • ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was dropping TLS v1.1 support too. Supporting only TLS v1.2 is too early, because many popular websites still don't support it.

For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.

We should consider more carefully about this.

[Fix GH-873] [Feature #11524]

Revision 52089
Added by sorah (Sorah Fukumori) almost 4 years ago

  • ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was dropping TLS v1.1 support too. Supporting only TLS v1.2 is too early, because many popular websites still don't support it.

For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.

We should consider more carefully about this.

[Fix GH-873] [Feature #11524]

Revision 52089
Added by sorah (Sorah Fukumori) almost 4 years ago

  • ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was dropping TLS v1.1 support too. Supporting only TLS v1.2 is too early, because many popular websites still don't support it.

For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.

We should consider more carefully about this.

[Fix GH-873] [Feature #11524]

Revision 52089
Added by sorah (Sorah Fukumori) almost 4 years ago

  • ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was dropping TLS v1.1 support too. Supporting only TLS v1.2 is too early, because many popular websites still don't support it.

For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.

We should consider more carefully about this.

[Fix GH-873] [Feature #11524]

Revision 52089
Added by sorah (Sorah Fukumori) almost 4 years ago

  • ext/openssl/lib/openssl/ssl.rb: Revert r52082 because it was dropping TLS v1.1 support too. Supporting only TLS v1.2 is too early, because many popular websites still don't support it.

For instance, Servers where aws-sdk connects to still don't support
TLS v1.2 and it became broken.

We should consider more carefully about this.

[Fix GH-873] [Feature #11524]

History

#1

Updated by zzak (Zachary Scott) almost 4 years ago

  • Assignee changed from hsbt (Hiroshi SHIBATA) to openssl
#2

Updated by zzak (Zachary Scott) almost 4 years ago

  • Status changed from Open to Closed

Applied in changeset r52082.


Also available in: Atom PDF