File tree Expand file tree Collapse file tree 4 files changed +67
-7
lines changed Expand file tree Collapse file tree 4 files changed +67
-7
lines changed Original file line number Diff line number Diff line change 1+ Thu Oct 24 12:00:55 2014 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org>
2+
3+ * ext/openssl/lib/openssl/ssl-internal.rb (DEFAULT_PARAMS): override
4+ options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined.
5+ this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424]
6+
7+ Thu Oct 24 12:00:55 2014 Martin Bosslet <Martin.Bosslet@gmail.com>
8+
9+ * test/openssl/test_ssl.rb: Reuse TLS default options from
10+ OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.
11+
12+ Thu Oct 24 12:00:55 2014 Martin Bosslet <Martin.Bosslet@gmail.com>
13+
14+ * lib/openssl/ssl-internal.rb: Explicitly whitelist the default
15+ SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable
16+ compression by default.
17+ Reported by Jeff Hodges.
18+ [ruby-core:59829] [Bug #9424]
19+
120Sat Sep 6 09:13:55 2014 Zachary Scott <e@zzak.io>
221
322 * lib/rdoc/generator/template/darkfish/js/jquery.js: Backport
Original file line number Diff line number Diff line change @@ -23,8 +23,49 @@ class SSLContext
2323 DEFAULT_PARAMS = {
2424 :ssl_version => "SSLv23" ,
2525 :verify_mode => OpenSSL ::SSL ::VERIFY_PEER ,
26- :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW" ,
27- :options => OpenSSL ::SSL ::OP_ALL ,
26+ :ciphers => %w{
27+ ECDHE-ECDSA-AES128-GCM-SHA256
28+ ECDHE-RSA-AES128-GCM-SHA256
29+ ECDHE-ECDSA-AES256-GCM-SHA384
30+ ECDHE-RSA-AES256-GCM-SHA384
31+ DHE-RSA-AES128-GCM-SHA256
32+ DHE-DSS-AES128-GCM-SHA256
33+ DHE-RSA-AES256-GCM-SHA384
34+ DHE-DSS-AES256-GCM-SHA384
35+ ECDHE-ECDSA-AES128-SHA256
36+ ECDHE-RSA-AES128-SHA256
37+ ECDHE-ECDSA-AES128-SHA
38+ ECDHE-RSA-AES128-SHA
39+ ECDHE-ECDSA-AES256-SHA384
40+ ECDHE-RSA-AES256-SHA384
41+ ECDHE-ECDSA-AES256-SHA
42+ ECDHE-RSA-AES256-SHA
43+ DHE-RSA-AES128-SHA256
44+ DHE-RSA-AES256-SHA256
45+ DHE-RSA-AES128-SHA
46+ DHE-RSA-AES256-SHA
47+ DHE-DSS-AES128-SHA256
48+ DHE-DSS-AES256-SHA256
49+ DHE-DSS-AES128-SHA
50+ DHE-DSS-AES256-SHA
51+ AES128-GCM-SHA256
52+ AES256-GCM-SHA384
53+ AES128-SHA256
54+ AES256-SHA256
55+ AES128-SHA
56+ AES256-SHA
57+ ECDHE-ECDSA-RC4-SHA
58+ ECDHE-RSA-RC4-SHA
59+ RC4-SHA
60+ } . join ( ":" ) ,
61+ :options => -> {
62+ opts = OpenSSL ::SSL ::OP_ALL
63+ opts &= ~OpenSSL ::SSL ::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined? ( OpenSSL ::SSL ::OP_DONT_INSERT_EMPTY_FRAGMENTS )
64+ opts |= OpenSSL ::SSL ::OP_NO_COMPRESSION if defined? ( OpenSSL ::SSL ::OP_NO_COMPRESSION )
65+ opts |= OpenSSL ::SSL ::OP_NO_SSLv2 if defined? ( OpenSSL ::SSL ::OP_NO_SSLv2 )
66+ opts |= OpenSSL ::SSL ::OP_NO_SSLv3 if defined? ( OpenSSL ::SSL ::OP_NO_SSLv3 )
67+ opts
68+ } . call
2869 }
2970
3071 DEFAULT_CERT_STORE = OpenSSL ::X509 ::Store . new
Original file line number Diff line number Diff line change @@ -273,7 +273,7 @@ def test_sslctx_set_params
273273 ctx = OpenSSL ::SSL ::SSLContext . new
274274 ctx . set_params
275275 assert_equal ( OpenSSL ::SSL ::VERIFY_PEER , ctx . verify_mode )
276- assert_equal ( OpenSSL ::SSL ::OP_ALL , ctx . options )
276+ assert_equal ( OpenSSL ::SSL ::SSLContext :: DEFAULT_PARAMS [ :options ] , ctx . options )
277277 ciphers = ctx . ciphers
278278 ciphers_versions = ciphers . collect { |_ , v , _ , _ | v }
279279 ciphers_names = ciphers . collect { |v , _ , _ , _ | v }
Original file line number Diff line number Diff line change 11#define RUBY_VERSION "1.9.3"
2- #define RUBY_PATCHLEVEL 548
2+ #define RUBY_PATCHLEVEL 549
33
4- #define RUBY_RELEASE_DATE "2014-09-06 "
4+ #define RUBY_RELEASE_DATE "2014-10-24 "
55#define RUBY_RELEASE_YEAR 2014
6- #define RUBY_RELEASE_MONTH 9
7- #define RUBY_RELEASE_DAY 6
6+ #define RUBY_RELEASE_MONTH 10
7+ #define RUBY_RELEASE_DAY 24
88
99#include "ruby/version.h"
1010
You can’t perform that action at this time.
0 commit comments