SSL: Migrate deprecated `ssl_version` to `min_version` to support TLSv1.3 connections out of the box

[bentolor]

I'm running an own Dovecot IMAP server and for sake of security and to repel the bruteforce attacks on any publicy available host (and I can assure you, there are plenty of them), I only allow TLSv1.3 and elliptic cryptographics.

With this patch I got this also working for imap-backup. I'hope the intention is untouched and the constant reference notation as well as the unit test still correct.

The attribute ssl_version is deprecated in Ruby, and with this option set it's hard to enable TLSv1.3 connections.

Migrating this to min_version should keep the intention but enable TLSv1.3 connections.

https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#method-i-ssl_version-3D

[joeyates]

@bentolor Thanks. I didn't know about this deprecation.

I see that it's since Ruby/OpenSSL 2.1.

As Ruby 2.7 is still supported by this gem, I checked the Ruby/OpenSSL version it has and it is 2.1.3:

[2] pry(main)> require "openssl"
=> true
[3] pry(main)> OpenSSL::VERSION
=> "2.1.3"

That's good as all supported versions of this gem can handle the new code - no need to version switches.

[bentolor]

Thanks @joeyates for your quick response! I'm a total Ruby noob, hence please use your caution and feel free to drop / adapt as required.

I just stubmled over the whole issue because ssl_version would not eat TLSv1.3 at all.

[joeyates]

All good. Thanks!

Released as v14.5.0