Closed bentolor closed 5 months ago
@bentolor Thanks. I didn't know about this deprecation.
I see that it's since Ruby/OpenSSL 2.1.
As Ruby 2.7 is still supported by this gem, I checked the Ruby/OpenSSL version it has and it is 2.1.3:
[2] pry(main)> require "openssl"
=> true
[3] pry(main)> OpenSSL::VERSION
=> "2.1.3"
That's good as all supported versions of this gem can handle the new code - no need to version switches.
Thanks @joeyates for your quick response! I'm a total Ruby noob, hence please use your caution and feel free to drop / adapt as required.
I just stubmled over the whole issue because ssl_version
would not eat TLSv1.3 at all.
I'm running an own Dovecot IMAP server and for sake of security and to repel the bruteforce attacks on any publicy available host (and I can assure you, there are plenty of them), I only allow TLSv1.3 and elliptic cryptographics.
With this patch I got this also working for imap-backup. I'hope the intention is untouched and the constant reference notation as well as the unit test still correct.
The attribute
ssl_version
is deprecated in Ruby, and with this option set it's hard to enable TLSv1.3 connections.Migrating this to
min_version
should keep the intention but enable TLSv1.3 connections.https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html#method-i-ssl_version-3D