Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL::SSL::SSLContext difficulty in assigning ciphers #3100

Open
jordansissel opened this issue Jul 2, 2015 · 1 comment
Open

OpenSSL::SSL::SSLContext difficulty in assigning ciphers #3100

jordansissel opened this issue Jul 2, 2015 · 1 comment
Labels

Comments

@jordansissel
Copy link
Contributor

Minimal reproduction:

OpenSSL::SSL::SSLContext.new.tap { |c| c.ciphers = c.ciphers }

In MRI (2.1.6), this works, but in JRuby 1.7.19 this fails with

OpenSSL::SSL::SSLError: no cipher match
  ciphers= at org/jruby/ext/openssl/SSLContext.java:462

The background is that I am working on excluding certain ciphers from the default cipher set and am having difficulty assigning #ciphers= to a subset of itself.

@jordansissel
Copy link
Contributor Author

Even something silly like choosing a random selection (and random order) of ciphers from the default list seems to always fail:

OpenSSL::SSL::SSLContext.new.tap { |ctx| o = ctx.ciphers.clone; loop { begin; ciphers = o.shuffle[0..rand(0.size)]; ctx.ciphers = ciphers  ; puts :OK; rescue => e; puts :FAIL => [e, ciphers]; end } }

Sample output:

{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["DES-CBC-SHA", "DHE-DSS-AES128-SHA", "EXP-DES-CBC-SHA", "EDH-DSS-DES-CBC3-SHA", "DES-CBC3-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["DES-CBC-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["RC4-MD5", "DHE-DSS-AES128-SHA", "AES128-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["EXP-DES-CBC-SHA", "EDH-RSA-DES-CBC-SHA", "EXP-EDH-DSS-DES-CBC-SHA", "EXP-EDH-RSA-DES-CBC-SHA", "EDH-DSS-DES-CBC3-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["AES128-SHA", "EXP-EDH-DSS-DES-CBC-SHA", "EDH-DSS-DES-CBC3-SHA", "EDH-RSA-DES-CBC-SHA", "RC4-SHA", "EXP-EDH-RSA-DES-CBC-SHA"]]}
{:FAIL=>[#<OpenSSL::SSL::SSLError: no cipher match>, ["RC4-MD5", "EDH-DSS-DES-CBC3-SHA", "DHE-DSS-AES128-SHA", "EDH-RSA-DES-CBC-SHA", "DES-CBC3-SHA", "DHE-RSA-AES128-SHA", "EXP-EDH-DSS-DES-CBC-SHA"]]}

@rtyler rtyler added the openssl label Jul 2, 2015
joshcooper added a commit to joshcooper/puppet that referenced this issue Feb 5, 2021
JRuby doesn't allow ciphers to be set on the ssl context[1] so skip that
part.

[1] jruby/jruby#3100
joshcooper added a commit to puppetlabs/puppet that referenced this issue Feb 6, 2021
JRuby doesn't allow ciphers to be set on the ssl context[1] so skip that
part.

[1] jruby/jruby#3100
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants