Bug #15219
closedBackport: Ruby 2.5.X to support OpenSSL 1.1.1 and TLS 1.3
Description
I would be happy that the coming Ruby 2.5.2 would support OpenSSL 1.1.1 and TLS 1.3 [1].
To do that, it seems at least below patch has to be backported to Ruby 2.5.
net/http, net/ftp: fix session resumption with TLS 1.3
https://github.com/ruby/ruby/commit/1dfc377
And new ruby/openssl 2.2.2 has to be bundled in the Ruby 2.5.2.
Possible?
Thank you.
[1] OpenSSL 1.1.1 release note: https://www.openssl.org/blog/blog/2018/09/11/release111/
Updated by jaruga (Jun Aruga) about 6 years ago
- Tracker changed from Bug to Feature
- Backport deleted (
2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN)
Updated by shevegen (Robert A. Heiler) about 6 years ago
This would be nice indeed. I have a small gem that collects information about the
host-system (on the target computer platform; usually linux) available, and notifies
when there are more recent versions of a software available, e. g. a new gcc release,
a new m4 release, a new bison release and so forth.
I am a bit wary of upgrading openssl from openssl-1.1.0i to openssl-1.1.1 mostly
because I am never absolutely sure how well a more recent openssl may work on ruby.
And the primary reason for me to use openssl (and have ruby support it, too) is so
that I can push new gem releases of my code, actually. This was also a major reason
why I used to open issues about both openssl and readline, and I think it was nobu
who then added the "+" commandline flag to configure, to allow compilation to proceed
only if all that has been wanted, been found too (as otherwise I may have to re-compile
ruby or at the least work on this in the ext/ subdirectory, such as for readline or
openssl or zlib).
So naturally, I think it would be nice if more recent openssl versions could be
supported on the ruby 2.5.x branch too, if this will retain backwards-compatible
behaviour.
Having said that, I think after x-mas, I will be using ruby 2.6.x so it would not
be of a massive benefit to me personally.
On a side note, if it were possible, it may be helpful to notify on the ruby-doc
website which versions of a particular software is supported.
Take:
https://ruby-doc.org/stdlib/libdoc/openssl/rdoc/OpenSSL.html
This page could list which version is compatible - or at the least has
been tested. I don't know of a good way to have this automatically for
all versions, but I think it may be useful for quite a few people. (Openssl,
zlib and Readline are usually what I need to have in the local ruby version,
since it is very convenient or necessary for other things.)
I think naruse is in charge of handling both 2.6.x and 2.5.x release so perhaps
he should be asked.
Updated by jaruga (Jun Aruga) about 6 years ago
- Subject changed from Ruby 2.5.X supporting OpenSSL 1.1.1 and TLS 1.3 to Ruby 2.5.X to support OpenSSL 1.1.1 and TLS 1.3
Updated by jaruga (Jun Aruga) about 6 years ago
To do that, it seems at least below patch has to be backported to Ruby 2.5.
net/http, net/ftp: fix session resumption with TLS 1.3
https://github.com/ruby/ruby/commit/1dfc377
Maybe this patch too.
config: support .include directive
https://github.com/ruby/openssl/pull/216
And optionally this patch.
test: use larger keys for SSL tests
https://github.com/ruby/openssl/pull/217
Updated by jaruga (Jun Aruga) about 6 years ago
- Subject changed from Ruby 2.5.X to support OpenSSL 1.1.1 and TLS 1.3 to Backport: Ruby 2.5.X to support OpenSSL 1.1.1 and TLS 1.3
Updated by naruse (Yui NARUSE) about 6 years ago
- Tracker changed from Feature to Bug
- Status changed from Open to Closed
- Backport set to 2.4: DONTNEED, 2.5: UNKNOWN
Close to be on tracking on backport process.
Updated by nagachika (Tomoyuki Chikanaga) almost 6 years ago
- Backport changed from 2.4: DONTNEED, 2.5: UNKNOWN to 2.4: DONTNEED, 2.5: REQUIRED
Updated by nagachika (Tomoyuki Chikanaga) almost 6 years ago
Maybe this patch too.
config: support .include directive
https://github.com/ruby/openssl/pull/216And optionally this patch.
test: use larger keys for SSL tests
https://github.com/ruby/openssl/pull/217
Hmm, these two pull requests are not merged yet in ruby/openssl and neither committed into ruby trunk.
We can backport them only after they are committed into trunk according to our stable branch management policy.
@rhenium (Kazuki Yamaguchi) Could you handle these pull requests?
Updated by nagachika (Tomoyuki Chikanaga) almost 6 years ago
- Backport changed from 2.4: DONTNEED, 2.5: REQUIRED to 2.4: DONTNEED, 2.5: DONE
ruby_2_5 r67237 merged revision(s) 64234,64252.