I need to https connect an apache server that only support tls1
protocol.
How do I switch to use ONLY tls1 in https module? I searched over
internet for a long while and found nothing useful for me.
The apache server itself is ok. I could connect to it with IE by using
tls1.
My ruby scripts are also ok to https connect the other regular apache
server.
And from the httpd log, it is confirmed that it is raised by wrong
version number.
I need to https connect an apache server that only support tls1
protocol.
How do I switch to use ONLY tls1 in https module? I searched over
internet for a long while and found nothing useful for me.
Have a look in the source code, probably somewhere like
/usr/lib/ruby/1.8/net/https.rb
You can see there is an instance variable @ssl_context which keeps the
SSL state. Now see the docs for this:
It looks like you should be able to replace
SSLContext.new
with
SSLContext.new(:TLSv1)
Looking through the code, I think you can do this without
monkey-patching, by setting the @ssl_context variable before calling
use_ssl=true. Something like this (untested):
uri = URI.parse(ARGV[0] || 'https://localhost/')
http = Net::HTTP.new(uri.host, uri.port)
if uri.scheme == "https"
http.instance_eval { @ssl_context =
OpenSSL::SSL::SSLContext.new(:TLSv1) }
http.use_ssl = true
end
If this works, then go to redmine.ruby-lang.org and submit a ticket
suggesting this be made available as a feature, e.g.
— https.rb.orig 2009-12-03 09:27:56.000000000 +0000
+++ https.rb 2009-12-03 09:30:18.000000000 +0000
@@ -121,7 +121,7 @@
raise IOError, “use_ssl value changed, but session already
started”
if started? and @use_ssl != flag
if flag and not @ssl_context
@ssl_context = OpenSSL::SSL::SSLContext.new
@ssl_context = flag == true ? OpenSSL::SSL::SSLContext.new :
OpenSSL::SSL::SSLContext.new(flag)
end @use_ssl = flag
end
if uri.scheme == "https"
http.instance_eval { @ssl_context =
OpenSSL::SSL::SSLContext.new(:TLSv1) }
http.use_ssl = true
end
Thanks a lot! It works for me.
if started? and @use_ssl != flag
if flag and not @ssl_context
@ssl_context = OpenSSL::SSL::SSLContext.new
@ssl_context = flag == true ? OpenSSL::SSL::SSLContext.new :
OpenSSL::SSL::SSLContext.new(flag)
end
Sorry, I do not understand the code segment. What kind of improvement
do you mean? I think the current usage is ok for me.
if uri.scheme == "https"
http.instance_eval { @ssl_context =
OpenSSL::SSL::SSLContext.new(:TLSv1) }
http.use_ssl = true
end
Thanks a lot! It works for me.
if started? and @use_ssl != flag
if flag and not @ssl_context
@ssl_context = OpenSSL::SSL::SSLContext.new
@ssl_context = flag == true ? OpenSSL::SSL::SSLContext.new :
OpenSSL::SSL::SSLContext.new(flag)
end
Sorry, I do not understand the code segment. What kind of improvement
do you mean? I think the current usage is ok for me.
Thanks, I got it. I tried your diff, and with a little change, it does
work.
Here is the final diff.
flag = (flag ? true : false)
raise IOError, “use_ssl value changed, but session already
started”
if started? and @use_ssl != flag
if flag and not @ssl_context
@ssl_context = OpenSSL::SSL::SSLContext.new
@ssl_context = flag == true ? OpenSSL::SSL::SSLContext.new :
OpenSSL::SSL::SSLContext.new(flag)
end @use_ssl = flag
end