Ruby

Matt Dressel wrote:

https://github.com/ruby/ruby/pull/762/files

What exception is raised?

The following code works fine on my box (x86_64-linux):

  def test_allow_tls_v1_for_client
    # server does not support SSLv2 / SSLv3
    ctx_proc = Proc.new { |ctx| ctx.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv3 | OpenSSL::SSL::OP_NO_SSLv2 }
    start_server_version(:TLSv1_1, ctx_proc) { |server, port|
      ctx = OpenSSL::SSL::SSLContext.new
      # It appears that explicitly calling 'ssl_version=' directly
      # is required rather than allowing `set_params` to call it via `__send__`
      ctx.set_params(ssl_version: :TLSv1_1, # soils the ssl_version
                     verify_mode: OpenSSL::SSL::VERIFY_NONE)
      assert_nothing_raised(*HANDSHAKE_ERRORS) { server_connect(port, ctx) { |ssl| } }
    }
  end

I had to add verify_mode: to bypass certificate verification.

As commented at the GitHub PR, there doesn't seem to be anything wrong. ssl_socket.set_params(ssl_version: :TLSv1) should be equivalent to ssl_socket.set_params; ssl_socket.ssl_version = :TLSv1.