Add SSLSocket ssl_version property like MRI has #38
Conversation
|
Thanks again Jason, the removed test should be valuable (for some time period) locally (until we hit the same with a JDK update) ... could you maybe add a |
driskell
force-pushed
the
sslsocket_ssl_version_property
branch
from
d94a07a to
2ce855b
Compare
|
I've had it call skip() if running in Travis. Tested with 1.6.0_65 and 1.7.0_76 Oracle JDK and it seems when running jruby under 1.6.0_65 JDK it works. When running under 1.7.0_76 JDK the SSL server reports "No appropriate protocol (protocol is disable or cipher suites are inappropriate)" - got that error by adding diagnostic in test_helper's server_loop. |
|
Looks like since 1.7.0_75, SSLv3 is disabled by default. So there's the culprit. Though I don't know why jruby-openssl isn't able to re-enable it internally... |
|
Though I guess the ultimate problem is enabling SSLv3 again would enable it for other parts of the JVM, and is thus too dangerous. So something to live with I guess! Maybe the SSLv3 test should just be removed - it was really only to test the return value of ssl_version. |
|
Thanks! 👍 |
When using Ruby 2.0 we can call .ssl_version on an SSLSocket to see what protocol was negotiated in the handshake. With JRuby this is not possible.
This adds the ssl_version method so we can now do the same thing.
I can't say for certain, but this might be what @jordansissel needs in order to resolve #26 too.
(The Ruby commit: ruby/ruby@060184c)