Project

General

Profile

Feature #15219

Ruby 2.5.X to support OpenSSL 1.1.1 and TLS 1.3

Added by jaruga (Jun Aruga) 8 days ago. Updated 7 days ago.

Status:
Open
Priority:
Normal
Assignee:
-
Target version:
-
[ruby-core:89340]

Description

I would be happy that the coming Ruby 2.5.2 would support OpenSSL 1.1.1 and TLS 1.3 [1].

To do that, it seems at least below patch has to be backported to Ruby 2.5.

net/http, net/ftp: fix session resumption with TLS 1.3
https://github.com/ruby/ruby/commit/1dfc377

And new ruby/openssl 2.2.2 has to be bundled in the Ruby 2.5.2.

Possible?
Thank you.

[1] OpenSSL 1.1.1 release note: https://www.openssl.org/blog/blog/2018/09/11/release111/

History

#1 Updated by jaruga (Jun Aruga) 8 days ago

  • Backport deleted (2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN)
  • Tracker changed from Bug to Feature

#2 [ruby-core:89344] Updated by shevegen (Robert A. Heiler) 7 days ago

This would be nice indeed. I have a small gem that collects information about the
host-system (on the target computer platform; usually linux) available, and notifies
when there are more recent versions of a software available, e. g. a new gcc release,
a new m4 release, a new bison release and so forth.

I am a bit wary of upgrading openssl from openssl-1.1.0i to openssl-1.1.1 mostly
because I am never absolutely sure how well a more recent openssl may work on ruby.
And the primary reason for me to use openssl (and have ruby support it, too) is so
that I can push new gem releases of my code, actually. This was also a major reason
why I used to open issues about both openssl and readline, and I think it was nobu
who then added the "+" commandline flag to configure, to allow compilation to proceed
only if all that has been wanted, been found too (as otherwise I may have to re-compile
ruby or at the least work on this in the ext/ subdirectory, such as for readline or
openssl or zlib).

So naturally, I think it would be nice if more recent openssl versions could be
supported on the ruby 2.5.x branch too, if this will retain backwards-compatible
behaviour.

Having said that, I think after x-mas, I will be using ruby 2.6.x so it would not
be of a massive benefit to me personally.

On a side note, if it were possible, it may be helpful to notify on the ruby-doc
website which versions of a particular software is supported.

Take:

https://ruby-doc.org/stdlib/libdoc/openssl/rdoc/OpenSSL.html

This page could list which version is compatible - or at the least has
been tested. I don't know of a good way to have this automatically for
all versions, but I think it may be useful for quite a few people. (Openssl,
zlib and Readline are usually what I need to have in the local ruby version,
since it is very convenient or necessary for other things.)

I think naruse is in charge of handling both 2.6.x and 2.5.x release so perhaps
he should be asked.

#3 Updated by jaruga (Jun Aruga) 7 days ago

  • Subject changed from Ruby 2.5.X supporting OpenSSL 1.1.1 and TLS 1.3 to Ruby 2.5.X to support OpenSSL 1.1.1 and TLS 1.3

Also available in: Atom PDF