Project

General

Profile

Bug #9424 ยป change_ssl_defaults.2.diff

MartinBosslet (Martin Bosslet), 02/02/2014 10:34 PM

View differences:

ext/openssl/lib/openssl/ssl.rb (Arbeitskopie)
23 23
      DEFAULT_PARAMS = {
24 24
        :ssl_version => "SSLv23",
25 25
        :verify_mode => OpenSSL::SSL::VERIFY_PEER,
26
        :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
27
        :options => defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ?
28
          OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS :
29
          OpenSSL::SSL::OP_ALL,
26
        :ciphers => %w{
27
          ECDHE-ECDSA-AES128-GCM-SHA256
28
          ECDHE-RSA-AES128-GCM-SHA256
29
          ECDHE-ECDSA-AES256-GCM-SHA384
30
          ECDHE-RSA-AES256-GCM-SHA384
31
          DHE-RSA-AES128-GCM-SHA256
32
          DHE-DSS-AES128-GCM-SHA256
33
          DHE-RSA-AES256-GCM-SHA384
34
          DHE-DSS-AES256-GCM-SHA384
35
          ECDHE-ECDSA-AES128-SHA256
36
          ECDHE-RSA-AES128-SHA256
37
          ECDHE-ECDSA-AES128-SHA
38
          ECDHE-RSA-AES128-SHA
39
          ECDHE-ECDSA-AES256-SHA384
40
          ECDHE-RSA-AES256-SHA384
41
          ECDHE-ECDSA-AES256-SHA
42
          ECDHE-RSA-AES256-SHA
43
          DHE-RSA-AES128-SHA256
44
          DHE-RSA-AES256-SHA256
45
          DHE-RSA-AES128-SHA
46
          DHE-RSA-AES256-SHA
47
          DHE-DSS-AES128-SHA256
48
          DHE-DSS-AES256-SHA256
49
          DHE-DSS-AES128-SHA
50
          DHE-DSS-AES256-SHA
51
          AES128-GCM-SHA256
52
          AES256-GCM-SHA384
53
          AES128-SHA256
54
          AES256-SHA256
55
          AES128-SHA
56
          AES256-SHA
57
        }.join(":"),
58
        :options => -> {
59
          opts = OpenSSL::SSL::OP_ALL
60
          opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
61
          opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
62
          opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
63
          opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
64
        }.call
30 65
      }
31 66

  
32 67
      DEFAULT_CERT_STORE = OpenSSL::X509::Store.new