Ruby Issue Tracking System

03/06/2014

01:52 AM Ruby trunk Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

The patch has been committed. After discussing the issue with Dirkjan, the decision was made to additionally add
...

02/02/2014

10:37 PM Ruby trunk Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

Attached the last patch updated with a whitelist of 30 ciphers. The rationale:
- prefer ephemeral DH to enable fo...

01/29/2014

10:50 PM Ruby trunk Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

After discussing the issue with Dirkjan and also internally, I feel that updating our own TLS cipher list is the best...

01/27/2014

02:15 AM Ruby trunk Feature #9439: Remove OpenSSL from stdlib

Aaron Patterson wrote:
> On Sat, Jan 25, 2014 at 12:32:12AM +0000, mame@tsg.ne.jp wrote:
> > Issue #9439 has been ...

01:47 AM Ruby trunk Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

Yusuke Endoh wrote:
> Cooperatively with some committers, I investigated the current condition of default settings i...

01/23/2014

04:25 PM Ruby trunk Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

Yusuke Endoh wrote:
>
> Emboss, thank you as always with all your great work!
>
Np, thank you!

B Kelly wro...

01/22/2014

12:12 PM Ruby trunk Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

First some words why I (and others here) believe that it's not a good idea to deviate from OpenSSL defaults:
Secur...

12/03/2013

10:39 AM Ruby trunk Bug #9028: Make SSLSocket Support Encodings

Sounds great. As long as there is no explicit encoding support for sockets, ASCII-8BIT also seems the most natural to...

11/04/2013

09:47 AM Ruby trunk Bug #9053: SSL Issue with Ruby 2.0.0

Thanks everyone for contributing, I'm sorry I couldn't look into it any sooner. Special thanks to Rajesh for finding ...

09/21/2013

01:08 AM Ruby Wiki edit: DevelopersMeeting20130920 (#2)