Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL::SSL::SSLContext difficulty in assigning ciphers #3100

Open
jordansissel opened this issue Jul 2, 2015 · 1 comment
Open

OpenSSL::SSL::SSLContext difficulty in assigning ciphers #3100

jordansissel opened this issue Jul 2, 2015 · 1 comment
Labels
openssl

Comments

@jordansissel
Copy link
Contributor

Minimal reproduction:

OpenSSL::SSL::SSLContext.new.tap { |c| c.ciphers = c.ciphers }

In MRI (2.1.6), this works, but in JRuby 1.7.19 this fails with

OpenSSL::SSL::SSLError: no cipher match
  ciphers= at org/jruby/ext/openssl/SSLContext.java:462

The background is that I am working on excluding certain ciphers from the default cipher set and am having difficulty assigning #ciphers= to a subset of itself.
@jordansissel
Copy link
Contributor Author

Even something silly like choosing a random selection (and random order) of ciphers from the default list seems to always fail:

OpenSSL::SSL::SSLContext.new.tap { |ctx| o = ctx.ciphers.clone; loop { begin; ciphers = o.shuffle[0..rand(0.size)]; ctx.ciphers = ciphers  ; puts :OK; rescue => e; puts :FAIL => [e, ciphers]; end } }

Sample output:

{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["DES-CBC-SHA", "DHE-DSS-AES128-SHA", "EXP-DES-CBC-SHA", "EDH-DSS-DES-CBC3-SHA", "DES-CBC3-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["DES-CBC-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["RC4-MD5", "DHE-DSS-AES128-SHA", "AES128-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["EXP-DES-CBC-SHA", "EDH-RSA-DES-CBC-SHA", "EXP-EDH-DSS-DES-CBC-SHA", "EXP-EDH-RSA-DES-CBC-SHA", "EDH-DSS-DES-CBC3-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["AES128-SHA", "EXP-EDH-DSS-DES-CBC-SHA", "EDH-DSS-DES-CBC3-SHA", "EDH-RSA-DES-CBC-SHA", "RC4-SHA", "EXP-EDH-RSA-DES-CBC-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["RC4-MD5", "EDH-DSS-DES-CBC3-SHA", "DHE-DSS-AES128-SHA", "EDH-RSA-DES-CBC-SHA", "DES-CBC3-SHA", "DHE-RSA-AES128-SHA", "EXP-EDH-DSS-DES-CBC-SHA"]]}

@rtyler rtyler added the openssl label Jul 2, 2015
@MariuszCwikla MariuszCwikla mentioned this issue Nov 26, 2020
Merged
joshcooper added a commit to joshcooper/puppet that referenced this issue Feb 5, 2021
@joshcooper
(PUP-10889) Skip test on jruby
3042099 
JRuby doesn't allow ciphers to be set on the ssl context[1] so skip that
part.

[1] jruby/jruby#3100
joshcooper added a commit to puppetlabs/puppet that referenced this issue Feb 6, 2021
@joshcooper
(PUP-10889) Skip test on jruby
5d039ed 
JRuby doesn't allow ciphers to be set on the ssl context[1] so skip that
part.

[1] jruby/jruby#3100
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
openssl
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rtyler @jordansissel