* lib/openssl/ssl.rb: Explicitly whitelist the default
SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable
compression by default.
Reported by Jeff Hodges.
[ruby-core:59829] [Bug #9424]
* test/openssl/test_ssl.rb: Reuse TLS default options from
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.
* ext/openssl/lib/openssl/ssl.rb (DEFAULT_PARAMS): override
options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined.
this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424]
merge revision(s) r45274,r45278,r45280,r48097: [Backport #9424] [Backport #9640]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@48098 b2dd03c8-39d4-4d8f-98ff-823fe69b080e