archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-09-15 08:33:58 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
ruby/ext
History
Ewoud Kohl van Wijngaarden 6213ab1a51 [ruby/openssl] Only set min_version on OpenSSL < 1.1.0 
Both Red Hat and Debian-like systems configure the minimum TLS version
to be 1.2 by default, but allow users to change this via configs.

On Red Hat and derivatives this happens via crypto-policies[1], which in
writes settings in /etc/crypto-policies/back-ends/opensslcnf.config.
Most notably, it sets TLS.MinProtocol there. For Debian there's
MinProtocol in /etc/ssl/openssl.cnf. Both default to TLSv1.2, which is
considered a secure default.

In constrast, the SSLContext has a hard coded OpenSSL::SSL::TLS1_VERSION
for min_version. TLS 1.0 and 1.1 are considered insecure. By always
setting this in the default parameters, the system wide default can't be
respected, even if a developer wants to.

This takes the approach that's also done for ciphers: it's only set for
OpenSSL < 1.1.0.

[1]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening

ae215a47ae
2024-01-17 16:41:47 +00:00
..
-test- Fix CRLF -> LF conversion on read for rb_io_fdopen & rb_file_open 2024-01-10 21:02:23 +11:00
bigdecimal [ruby/bigdecimal] Clarify that JSON methods come from the JSON gem 2023-12-06 16:14:54 +00:00
cgi/escape [ruby/cgi] Fix unescapeHTML 2023-11-30 08:19:28 +00:00
continuation Update the depend files 2023-02-28 09:09:00 -08:00
coverage [Feature #19719] Universal Parser 2023-06-12 18:23:48 +09:00
date [ruby/date] Provide a 'Changelog' link on rubygems.org/gems/date 2023-12-25 21:12:49 +09:00
digest [ruby/digest] Suppress implicit cast down warnings 2023-11-09 07:20:00 +00:00
erb/escape [ruby/erb] Skip building a native extension for JRuby 2024-01-04 22:33:16 +00:00
etc [ruby/etc] [DOC] Add minimal documents for constants 2023-12-27 10:09:24 +00:00
fcntl [ruby/fcntl] Bump up 1.1.0 2023-11-07 06:55:45 +00:00
fiddle [ruby/fiddle] Bump version 2023-12-25 21:12:49 +09:00
io [ruby/io-console] IO_CONSOLE_VERSION is no longer a macro 2024-01-03 02:12:30 +00:00
json [flori/json] Use rb_sym2str instead of SYM2ID 2023-12-25 21:12:49 +09:00
monitor rb_bug prints a newline after the message 2023-05-20 21:43:30 +09:00
nkf [ruby/nkf] Bump up nkf-0.1.3 2023-05-25 09:11:36 +00:00
objspace Revert "Mark asan fake stacks during machine stack marking" 2024-01-12 17:58:54 +11:00
openssl [ruby/openssl] Only set min_version on OpenSSL < 1.1.0 2024-01-17 16:41:47 +00:00
pathname [ruby/pathname] require fileutils in both methods using it 2023-12-28 00:07:56 +00:00
psych [ruby/psych] Provide a 'Changelog' link on rubygems.org/gems/psych 2024-01-17 00:48:52 +00:00
pty [DOC] Show PTY.getpty as an alias of PTY.spawn 2023-12-18 20:17:45 +09:00
rbconfig/sizeof Update the depend files 2023-02-28 09:09:00 -08:00
ripper Statically allocate parser config 2024-01-12 21:17:41 +09:00
rubyvm Added depend files 2019-07-14 01:31:29 +09:00
socket Revert "Mark asan fake stacks during machine stack marking" 2024-01-12 17:58:54 +11:00
stringio [ruby/stringio] Update the coderange after overwrite 2024-01-16 15:06:22 +00:00
strscan [ruby/strscan] StringScanner#captures: Return nil not "" for 2024-01-14 22:27:24 +09:00
syslog [ruby/syslog] Bump up v0.1.2 2023-12-16 13:06:37 +08:00
win32 Fix memory overread in registry.rb 2023-12-28 18:03:58 +11:00
win32ole [ruby/win32ole] [DOC] Fix indent 2023-12-31 11:52:19 +00:00
zlib [ruby/zlib] Bump up 3.1.0 2023-11-07 08:50:40 +00:00
.document [ruby/io-console] [DOC] Split .document files to sync with ruby/ruby 2023-10-22 11:09:06 +09:00
extmk.rb Use File::NULL instead of hard coded null device names 2023-07-10 19:21:47 +09:00
Setup Clean up removed directories in ext/Setup* [ci skip] 2023-01-18 12:02:27 +09:00
Setup.atheos racc/cparse is extracted from ruby/ruby repository 2023-06-08 18:05:07 +09:00
Setup.nt racc/cparse is extracted from ruby/ruby repository 2023-06-08 18:05:07 +09:00