[ruby-cvs:55260] usa:r48110 (ruby_2_0_0): merge revision(s) 45274, 45278, 45280, 48097: [Backport #9424]

usa at ruby-lang.org usa at ruby-lang.org
Thu Oct 23 18:59:41 JST 2014


usa	2014-10-23 18:59:40 +0900 (Thu, 23 Oct 2014)

  New Revision: 48110

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=48110

  Log:
    merge revision(s) 45274,45278,45280,48097: [Backport #9424]
    
    * lib/openssl/ssl.rb: Explicitly whitelist the default
      SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable
      compression by default.
      Reported by Jeff Hodges.
      [ruby-core:59829] [Bug #9424]
    
    * test/openssl/test_ssl.rb: Reuse TLS default options from
      OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.
    
    * ext/openssl/lib/openssl/ssl.rb (DEFAULT_PARAMS): override
      options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined.
      this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424]

  Modified directories:
    branches/ruby_2_0_0/
  Modified files:
    branches/ruby_2_0_0/ChangeLog
    branches/ruby_2_0_0/ext/openssl/lib/openssl/ssl.rb
    branches/ruby_2_0_0/test/openssl/test_ssl.rb
    branches/ruby_2_0_0/version.h


More information about the ruby-cvs mailing list