From: nagachika00@...
Date: 2015-11-11T21:06:50+00:00
Subject: [ruby-core:71453] [Ruby trunk - Bug #11376] Stop using SSLv3 methods

Issue #11376 has been updated by Tomoyuki Chikanaga.

Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED

----------------------------------------
Bug #11376: Stop using SSLv3 methods
https://bugs.ruby-lang.org/issues/11376#change-54824

* Author: Kurt Roeckx
* Status: Closed
* Priority: Normal
* Assignee: 
* ruby -v: 
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED, 2.2: REQUIRED
----------------------------------------
If openssl is compiled using the OPENSSL_NO_SSL3_METHOD you can't compile ruby anymore since it will still try to use the SSLv3_*_method()s.

Please stop using those method at least when they're not available.

It would also be nice that you actually stopped version specific methods like TLSv1_1_*_method() and that you only use the SSLv23_*_method()s or TLS_*_methods (only available in development branch).  If you want to restrict the version that can be instead please use things like SSL_OP_NO_SSLv3.

---Files--------------------------------
ruby-sslv3.diff (1.13 KB)


-- 
https://bugs.ruby-lang.org/