From: nagachika00@... Date: 2015-10-31T18:43:09+00:00 Subject: [ruby-core:71286] [Ruby trunk - Bug #10046] OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failures Issue #10046 has been updated by Tomoyuki Chikanaga. Backport changed from 2.0.0: UNKNOWN, 2.1: REQUIRED to 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE Backported into `ruby_2_2` branch at r52413. ---------------------------------------- Bug #10046: OpenSSL::TestSSLSession#test_ctx_server_session_cb and OpenSSL::TestSSLSession#test_ctx_client_session_cb test failures https://bugs.ruby-lang.org/issues/10046#change-54661 * Author: Vit Ondruch * Status: Closed * Priority: Normal * Assignee: * ruby -v: ruby 2.1.2p95 (2014-05-08 revision 45877) [x86_64-linux] * Backport: 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE ---------------------------------------- I observe following test failures in Fedora 21 and Rawhide: ~~~ 4) Error: OpenSSL::TestSSLSession#test_ctx_server_session_cb: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure /builddir/build/BUILD/ruby-2.1.2/test/openssl/test_ssl_session.rb:351:in `connect' /builddir/build/BUILD/ruby-2.1.2/test/openssl/test_ssl_session.rb:351:in `block (2 levels) in test_ctx_server_session_cb' /builddir/build/BUILD/ruby-2.1.2/test/openssl/test_ssl_session.rb:346:in `times' /builddir/build/BUILD/ruby-2.1.2/test/openssl/test_ssl_session.rb:346:in `block in test_ctx_server_session_cb' /builddir/build/BUILD/ruby-2.1.2/test/openssl/utils.rb:298:in `call' /builddir/build/BUILD/ruby-2.1.2/test/openssl/utils.rb:298:in `start_server' /builddir/build/BUILD/ruby-2.1.2/test/openssl/test_ssl_session.rb:344:in `test_ctx_server_session_cb' 5) Error: OpenSSL::TestSSLSession#test_ctx_client_session_cb: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server hello A: sslv3 alert handshake failure /builddir/build/BUILD/ruby-2.1.2/test/openssl/test_ssl_session.rb:294:in `connect' /builddir/build/BUILD/ruby-2.1.2/test/openssl/test_ssl_session.rb:294:in `block in test_ctx_client_session_cb' /builddir/build/BUILD/ruby-2.1.2/test/openssl/utils.rb:298:in `call' /builddir/build/BUILD/ruby-2.1.2/test/openssl/utils.rb:298:in `start_server' /builddir/build/BUILD/ruby-2.1.2/test/openssl/test_ssl_session.rb:290:in `test_ctx_client_session_cb' ~~~ I believe, that I observer these failures since openssl-1.0.1h-5.fc21 was build. From the changelog of OpenSSL, it seems that there was disabled SSLv2 and SSLv3: ~~~ * Mon Jun 30 2014 Tom���� Mr��z 1.0.1h-5 - disable SSLv2 and SSLv3 protocols by default (can be enabled via appropriate SSL_CTX_clear_options() call) ~~~ According to the OpenSSL maintainer, they are going to be disabled in upstream release of OpenSSL 1.0.3 as well, since they are not secure enough. So I am wondering, what can do Ruby about this? ---Files-------------------------------- 0001-Don-t-use-obsolete-SSLv3-for-tests.patch (1.33 KB) -- https://bugs.ruby-lang.org/