Project

General

Profile

Feature #9450

Allow overriding SSLContext options in Net::HTTP

Added by ebroder (Evan Broder) almost 5 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Target version:
-
[ruby-core:60108]

Description

While the Ruby team is hashing out the future of OpenSSL in Ruby, I thought it would be useful to add the missing hook so that end-users could control their behavior when issuing HTTP requests.

Right now it's possible to specific a specific SSL version to use, but that's actually not all that useful for interacting with the internet in general. I'd like to support the highest SSL version possible, but as many sites don't yet support e.g. TLSv1.2, I'm forced to set ssl_version to :SSLv3 or maybe :TLSv1.

A much better solution is to disable the versions I don't want, which can be done by setting, e.g., the SSL_OP_NO_SSLv2 flag to http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html, or OpenSSL::SSL::SSLContext#options= in Ruby's bindings. However, with Net::HTTP, there's currently no way to access these option flags.

This patch adds an ssl_options attribute to Net::HTTP, which controls the options attribute on the resulting SSLContext.

Associated revisions

Revision dcea9198
Added by naruse (Yui NARUSE) about 1 year ago

Introduce Net::HTTP#min_version/max_version [Feature #9450]

Set SSL minimum/maximum version.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60311 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 60311
Added by naruse (Yui NARUSE) about 1 year ago

Introduce Net::HTTP#min_version/max_version [Feature #9450]

Set SSL minimum/maximum version.

Revision 60311
Added by naruse (Yui NARUSE) about 1 year ago

Introduce Net::HTTP#min_version/max_version [Feature #9450]

Set SSL minimum/maximum version.

History

#1 [ruby-core:60130] Updated by shyouhei (Shyouhei Urabe) almost 5 years ago

:+1: nice-to-have. Also agree that #options= is too vague in name.

#2 [ruby-core:82413] Updated by ienev (Iskar Enev) over 1 year ago

Being able to exclude versions of TLS and/or add additional option flags (without monkey patching) would indeed be quite useful, especially in the cases where TLS 1.0 needs to be excluded for compliance reasons. Hopefully this issue will get some attention.

#3 Updated by naruse (Yui NARUSE) about 1 year ago

  • Status changed from Open to Closed

Applied in changeset trunk|r60311.


Introduce Net::HTTP#min_version/max_version [Feature #9450]

Set SSL minimum/maximum version.

Also available in: Atom PDF