General

Profile

MartinBosslet (Martin Bosslet)

Issues

open closed Total
Assigned issues 0 71 71
Reported issues 1 42 43

Activity

03/30/2015

11:40 AM Ruby master Bug #10968 (Feedback): [BUG] object allocation during garbage collection phase in /opt/rubies/ruby-2.2.1/lib/ruby/2.2.0/openssl/ssl.rb:177
This [1] seems to be the section of the code where the error happened.
@ko1: Could this be a GC issue?
[1] http... MartinBosslet (Martin Bosslet)

03/07/2014

03:15 AM Ruby master Revision 92a5ebb4 (git): * test/openssl/test_ssl.rb: Reuse TLS default options from
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@45280 b2dd03c8-39d4-4d8... MartinBosslet (Martin Bosslet)

03/06/2014

01:52 AM Ruby master Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults
The patch has been committed. After discussing the issue with Dirkjan, the decision was made to additionally add
... MartinBosslet (Martin Bosslet)
01:43 AM Ruby master Revision 699b209c (git): * lib/openssl/ssl.rb: Explicitly whitelist the default
SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable
compression by default.
Reported by Jeff Hodges.
[ruby-core:59... MartinBosslet (Martin Bosslet)

02/02/2014

10:37 PM Ruby master Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults
Attached the last patch updated with a whitelist of 30 ciphers. The rationale:
- prefer ephemeral DH to enable fo... MartinBosslet (Martin Bosslet)

01/29/2014

10:50 PM Ruby master Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults
After discussing the issue with Dirkjan and also internally, I feel that updating our own TLS cipher list is the best... MartinBosslet (Martin Bosslet)

01/27/2014

02:15 AM Ruby master Feature #9439: Remove OpenSSL from stdlib
Aaron Patterson wrote:
> On Sat, Jan 25, 2014 at 12:32:12AM +0000, mame@tsg.ne.jp wrote:
> > Issue #9439 has been ... MartinBosslet (Martin Bosslet)
01:47 AM Ruby master Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults
Yusuke Endoh wrote:
> Cooperatively with some committers, I investigated the current condition of default settings i... MartinBosslet (Martin Bosslet)

01/23/2014

04:25 PM Ruby master Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults
Yusuke Endoh wrote:
>
> Emboss, thank you as always with all your great work!
>
Np, thank you!

B Kelly wro... MartinBosslet (Martin Bosslet)

01/22/2014

12:12 PM Ruby master Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults
First some words why I (and others here) believe that it's not a good idea to deviate from OpenSSL defaults:
Secur... MartinBosslet (Martin Bosslet)

Also available in: Atom