From: kurt@...
Date: 2015-07-19T20:54:34+00:00
Subject: [ruby-core:70045] [Ruby trunk - Bug #11376] [Open] Stop using SSLv3	methods

Issue #11376 has been reported by Kurt Roeckx.

----------------------------------------
Bug #11376: Stop using SSLv3 methods
https://bugs.ruby-lang.org/issues/11376

* Author: Kurt Roeckx
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: 
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
If openssl is compiled using the OPENSSL_NO_SSL3_METHOD you can't compile ruby anymore since it will still try to use the SSLv3_*_method()s.

Please stop using those method at least when they're not available.

It would also be nice that you actually stopped version specific methods like TLSv1_1_*_method() and that you only use the SSLv23_*_method()s or TLS_*_methods (only available in development branch).  If you want to restrict the version that can be instead please use things like SSL_OP_NO_SSLv3.



-- 
https://bugs.ruby-lang.org/