Project

General

Profile

Bug #9424 ยป change_ssl_defaults.diff

MartinBosslet (Martin Bosslet), 01/22/2014 12:11 PM

View differences:

ext/openssl/lib/openssl/ssl.rb (Arbeitskopie)
23 23
      DEFAULT_PARAMS = {
24 24
        :ssl_version => "SSLv23",
25 25
        :verify_mode => OpenSSL::SSL::VERIFY_PEER,
26
        :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
27
        :options => defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ?
28
          OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS :
29
          OpenSSL::SSL::OP_ALL,
26
        :ciphers => "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!aNULL:!MD5:!DSS",
27
        :options => -> {
28
          opts = OpenSSL::SSL::OP_ALL
29
          opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
30
          opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
31
          opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
32
          opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
33
          opts
34
        }.call
30 35
      }
31 36

  
32 37
      DEFAULT_CERT_STORE = OpenSSL::X509::Store.new