change_ssl_defaults.diff - Ruby master - Ruby Issue Tracking System

Bug #9424 » change_ssl_defaults.diff

           DEFAULT_PARAMS = {
             :ssl_version => "SSLv23",
             :verify_mode => OpenSSL::SSL::VERIFY_PEER,
             :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
             :options => defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ?
               OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS :
               OpenSSL::SSL::OP_ALL,
             :ciphers => "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AES:!aNULL:!MD5:!DSS",
             :options => -> {
               opts = OpenSSL::SSL::OP_ALL
               opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
               opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
               opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
               opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
               opts
             }.call
+          }
           DEFAULT_CERT_STORE = OpenSSL::X509::Store.new

(2-2/3)