Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

renegotiation_cb attribute missing on OpenSSL::SSL::SSLContext #120

Closed
lampad opened this issue Jan 13, 2017 · 0 comments · Fixed by #121
Closed

renegotiation_cb attribute missing on OpenSSL::SSL::SSLContext #120

lampad opened this issue Jan 13, 2017 · 0 comments · Fixed by #121

Comments

@lampad
Copy link
Contributor

lampad commented Jan 13, 2017
edited by kares

I'm not sure how well Java supports renegotiation under the hood. I've done quite a bit of digging, and there are very few documents (if any, certainly nothing official) on how to trigger secure renegotiation from a java client or handle it as a server that complies with the renegotiation RFC. Most of the searches I did returned panicked articles about CVE-2009-3555.

In any case, CRuby supports setting a renegotiation callback that gets triggered when SSL connections are established (similar to the other callbacks on the SSLContext):

2.4.0 :001 > require 'openssl'
 => true
2.4.0 :002 > ctx = OpenSSL::SSL::SSLContext.new
 => #<OpenSSL::SSL::SSLContext:0x007f9e94032e30>
2.4.0 :003 > ctx.renegotiation_cb = Proc.new { "pop" }
 => #<Proc:0x007f9e9403b670@(irb):3>

JRuby does not:

jruby-9.1.7.0 :001 > require 'openssl'
 => true
jruby-9.1.7.0 :002 > ctx = OpenSSL::SSL::SSLContext.new
 => #<OpenSSL::SSL::SSLContext:0x7966baa7>
jruby-9.1.7.0 :003 > ctx.renegotiation_cb = Proc.new { "pop" }
NoMethodError: undefined method `renegotiation_cb=' for #<OpenSSL::SSL::SSLContext:0x7966baa7>
	from (irb):3:in `<eval>'
	from org/jruby/RubyKernel.java:1000:in `eval'
	from org/jruby/RubyKernel.java:1298:in `loop'
	from org/jruby/RubyKernel.java:1120:in `catch'
	from org/jruby/RubyKernel.java:1120:in `catch'
	from /Users/dlampa/.rvm/rubies/jruby-9.1.7.0/bin/irb:13:in `<main>'

Is there a technical reason this attribute wasn't included in jruby-openssl? I'm willing to take a crack at implementing it, but wanted to make sure whether or not there was a decision to explicitly not include it.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add renegotiation cb lampad/jruby-openssl
1 participant
@lampad