Project

General

Profile

Actions
Copy link

Bug #20458

closed

OpensSSL::SSL::SSLContext#min_version= and #max_version no longer accept Symbol values

Added by postmodern (Hal Brodigan) 6 months ago. Updated 6 months ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.3.1 (2024-04-23 revision c56cd86388) [x86_64-linux]
Backport:
3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN
[ruby-core:117715]

Description

It appears that OpenSSL::SSL::SSLContext#min_version= and #max_version= no longer accept Symbol values, contrary to their documentation. Instead it appears they are being converted to Strings.

Steps To Reproduce

require 'openssl'
context = OpenSSL::SSL::SSLContext.new
context.min_version = :TLSv1

require 'openssl'
context = OpenSSL::SSL::SSLContext.new
context.max_version = :TLSv1_2

Expected Results

Sets min_version and max_version to the according OpenSSL::SSL::TLS1_VERSION and OpenSSL::SSL::TLS1_2_VERSION values, respectively.

Actual Results

/usr/share/ruby/openssl/ssl.rb:179:in `set_minmax_proto_version': unrecognized version "TLSv1" (ArgumentError)

        set_minmax_proto_version(version, @max_proto_version ||= nil)
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	from /usr/share/ruby/openssl/ssl.rb:179:in `min_version='

/usr/share/ruby/openssl/ssl.rb:191:in `set_minmax_proto_version': unrecognized version "TLSv1_2" (ArgumentError)

        set_minmax_proto_version(@min_proto_version ||= nil, version)
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	from /usr/share/ruby/openssl/ssl.rb:191:in `max_version='

Version Info

Tested on:

  • ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-linux] and openssl gem version 3.1.0
  • ruby 3.3.1 (2024-04-23 revision c56cd86388) [x86_64-linux] and openssl gem version 3.2.0
Actions
Copy link
 #1 [ruby-core:117716]

Updated by postmodern (Hal Brodigan) 6 months ago

Ah I see the problem now. OpenSSL::SSL::SSLContext#ssl_version accepts :TLSv1* symbols, but #min_version and #max_version only seem to accept :TLS1* symbols without the v. This seems inconsistent and prone to causing confusion.

Actions
Copy link
 #2 [ruby-core:117717]

Updated by postmodern (Hal Brodigan) 6 months ago

Also I just now noticed that SSLContext#ssl_version= is deprecated. This issue can be closed.

Actions
Copy link
 #3

Updated by jeremyevans0 (Jeremy Evans) 6 months ago

  • Status changed from Open to Closed
Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0