Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: d030e6d2f275
Choose a base ref
...
head repository: jruby/jruby-openssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4b22d38205a2
Choose a head ref
  • 2 commits
  • 2 files changed
  • 2 contributors

Commits on Aug 23, 2015

  1. Support negotiating up to TLS1_1 and TLS1_2 when the server supports … 

    …these ssl_versions
    @cheister @kares
    cheister authored and kares committed Aug 23, 2015
    Copy the full SHA
    f3fd531 View commit details

  2. do the test skips on Java 6 using existing helpers instead of adding new

    @kares
    kares committed Aug 23, 2015
    Copy the full SHA
    4b22d38 View commit details
Showing with 33 additions and 2 deletions.
  1. +7 −2 src/main/java/org/jruby/ext/openssl/SSLContext.java
  2. +26 −0 src/test/ruby/ssl/test_ssl.rb
9 changes: 7 additions & 2 deletions src/main/java/org/jruby/ext/openssl/SSLContext.java
View file
Original file line number Diff line number Diff line change
@@ -122,13 +122,18 @@ public class SSLContext extends RubyObject {
SSL_VERSION_OSSL2JSSE.put("SSLv23", "SSL");
SSL_VERSION_OSSL2JSSE.put("SSLv23_server", "SSL");
SSL_VERSION_OSSL2JSSE.put("SSLv23_client", "SSL");
ENABLED_PROTOCOLS.put("SSL", new String[] { "SSLv2", "SSLv3", "TLSv1" });

if ( OpenSSL.javaVersion7(true) ) { // >= 1.7
ENABLED_PROTOCOLS.put("SSL", new String[] { "SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" });
} else {
ENABLED_PROTOCOLS.put("SSL", new String[] { "SSLv2", "SSLv3", "TLSv1" });
}

// Historically we were ahead of MRI to support TLS
// ... thus the non-standard names version names :

SSL_VERSION_OSSL2JSSE.put("TLS", "TLS");
ENABLED_PROTOCOLS.put("TLS", new String[] { "TLSv1", "TLSv1.1" });
ENABLED_PROTOCOLS.put("TLS", new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" });

SSL_VERSION_OSSL2JSSE.put("TLSv1.1", "TLSv1.1");
ENABLED_PROTOCOLS.put("TLSv1.1", new String[] { "TLSv1.1" });
26 changes: 26 additions & 0 deletions src/test/ruby/ssl/test_ssl.rb
View file
Original file line number Diff line number Diff line change
@@ -95,4 +95,30 @@ def test_ssl_version_tlsv1
end
end

def test_ssl_version_tlsv1_1
ctx_proc = Proc.new do |ctx|
ctx.ssl_version = "TLSv1_1"
end
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc) do |server, port|
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect
assert_equal("TLSv1.1", ssl.ssl_version)
ssl.close
end
end unless java6? # TLS1_1 is not supported by JDK 6

def test_ssl_version_tlsv1_2
ctx_proc = Proc.new do |ctx|
ctx.ssl_version = "TLSv1_2"
end
start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc) do |server, port|
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect
assert_equal("TLSv1.2", ssl.ssl_version)
ssl.close
end
end unless java6? # TLS1_2 is not supported by JDK 6

end