Ruby Issue Tracking System

01/24/2014

11:11 PM Ruby Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

Why do people think it's impossible to disable TLS compression on 0.9.8 with zlib installed? jmhodges (Jeff Hodges)

01/22/2014

04:25 PM Ruby Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

On my local machine, that patch does give a Probably Okay response, having removed the TLS compression and the weak cipher suites. Thank you very much for your work and patience. jmhodges (Jeff Hodges)

01/20/2014

11:33 PM Ruby Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

That was how it was laid out originally, but GitHub wouldn't display the last 6 or so emails and said "Not showing 6 files" or something. jmhodges (Jeff Hodges)

01/17/2014

06:14 PM Ruby Bug #9424: ruby 1.9 & 2.x has insecure SSL/TLS client defaults

I've published the email thread with security@ruby-lang.org https://gist.github.com/jmhodges/d6480f5f81f25b0dfa15 jmhodges (Jeff Hodges)

05:39 PM Ruby Bug #9424 (Closed): ruby 1.9 & 2.x has insecure SSL/TLS client defaults

Ruby 1.9, 2.0, and 2.1 use insecure defaults for SSL/TLS client connections. They have inherited or overridden configs that make the OpenSSL-controlled connections insecure. Note: both OpenSSL's and Ruby's defaults in all tested versions... jmhodges (Jeff Hodges)