search

jruby / jruby-openssl

JRuby's OpenSSL gem
http://www.jruby.org
Other
45 stars 80 forks source link

SSLContext#ciphers= does not appear to work for any usage #221

Closed p-mongo closed 3 years ago

p-mongo commented 3 years ago

https://ruby-doc.org/stdlib-2.7.0/libdoc/openssl/rdoc/OpenSSL/SSL/SSLContext.html documents 3 usages of cipher=:

None of these appear to work in JRuby:

irb(main):021:0> c=OpenSSL::SSL::SSLContext.new
=> #<OpenSSL::SSL::SSLContext:0x697a34af>
irb(main):022:0> c.ciphers
=> [["ECDHE-ECDSA-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 256], ["ECDHE-RSA-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 256], ["AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 256], ["ECDH-ECDSA-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 256], ["ECDH-RSA-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 256], ["DHE-RSA-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 256], ["DHE-DSS-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 256], ["ECDHE-ECDSA-AES128-SHA256", "TLSv1/SSLv3", 128, 256], ["ECDHE-RSA-AES128-SHA256", "TLSv1/SSLv3", 128, 256], ["AES128-SHA256", "TLSv1/SSLv3", 128, 256], ["ECDH-ECDSA-AES128-SHA256", "TLSv1/SSLv3", 128, 256], ["ECDH-RSA-AES128-SHA256", "TLSv1/SSLv3", 128, 256], ["DHE-RSA-AES128-SHA256", "TLSv1/SSLv3", 128, 256], ["DHE-DSS-AES128-SHA256", "TLSv1/SSLv3", 128, 256], ["ECDHE-ECDSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["ECDHE-RSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["AES128-SHA", "TLSv1/SSLv3", 128, 128], ["ECDH-ECDSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["ECDH-RSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["DHE-RSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["DHE-DSS-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["ECDHE-ECDSA-AES256-GCM-SHA384", "TLSv1/SSLv3", 256, 384], ["ECDHE-RSA-AES256-GCM-SHA384", "TLSv1/SSLv3", 256, 384], ["AES256-GCM-SHA384", "TLSv1/SSLv3", 256, 384], ["ECDH-ECDSA-AES256-GCM-SHA384", "TLSv1/SSLv3", 256, 384], ["ECDH-RSA-AES256-GCM-SHA384", "TLSv1/SSLv3", 256, 384], ["DHE-RSA-AES256-GCM-SHA384", "TLSv1/SSLv3", 256, 384], ["DHE-DSS-AES256-GCM-SHA384", "TLSv1/SSLv3", 256, 384], ["ECDHE-ECDSA-AES256-SHA384", "TLSv1/SSLv3", 256, 384], ["ECDHE-RSA-AES256-SHA384", "TLSv1/SSLv3", 256, 384], ["AES256-SHA256", "TLSv1/SSLv3", 256, 256], ["ECDH-ECDSA-AES256-SHA384", "TLSv1/SSLv3", 256, 384], ["ECDH-RSA-AES256-SHA384", "TLSv1/SSLv3", 256, 384], ["DHE-RSA-AES256-SHA256", "TLSv1/SSLv3", 256, 256], ["DHE-DSS-AES256-SHA256", "TLSv1/SSLv3", 256, 256], ["ECDHE-ECDSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["ECDHE-RSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["AES256-SHA", "TLSv1/SSLv3", 256, 256], ["ECDH-ECDSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["ECDH-RSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["DHE-RSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["DHE-DSS-AES256-SHA", "TLSv1/SSLv3", 256, 256]]

irb(main):023:0> c.ciphers.first
=> ["ECDHE-ECDSA-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 256]

irb(main):024:0> c.ciphers = 'ECDHE-ECDSA-AES128-GCM-SHA256'
Traceback (most recent call last):
        7: from /home/w/.rbenv/versions/jruby-9.2.13/bin/irb:13:in `<main>'
        6: from org/jruby/RubyKernel.java:1189:in `catch'
        5: from org/jruby/RubyKernel.java:1189:in `catch'
        4: from org/jruby/RubyKernel.java:1442:in `loop'
        3: from org/jruby/RubyKernel.java:1048:in `eval'
        2: from (irb):24:in `evaluate'
        1: from org/jruby/ext/openssl/SSLContext.java:507:in `ciphers='
OpenSSL::SSL::SSLError (no cipher match)

irb(main):025:0> c.ciphers = ['ECDHE-ECDSA-AES128-GCM-SHA256']
Traceback (most recent call last):
        7: from /home/w/.rbenv/versions/jruby-9.2.13/bin/irb:13:in `<main>'
        6: from org/jruby/RubyKernel.java:1189:in `catch'
        5: from org/jruby/RubyKernel.java:1189:in `catch'
        4: from org/jruby/RubyKernel.java:1442:in `loop'
        3: from org/jruby/RubyKernel.java:1048:in `eval'
        2: from (irb):25:in `evaluate'
        1: from org/jruby/ext/openssl/SSLContext.java:507:in `ciphers='
OpenSSL::SSL::SSLError (no cipher match)

irb(main):026:0> c.ciphers = ["ECDHE-ECDSA-AES128-GCM-SHA256", "TLSv1/SSLv3", 128, 256]
Traceback (most recent call last):
        7: from /home/w/.rbenv/versions/jruby-9.2.13/bin/irb:13:in `<main>'
        6: from org/jruby/RubyKernel.java:1189:in `catch'
        5: from org/jruby/RubyKernel.java:1189:in `catch'
        4: from org/jruby/RubyKernel.java:1442:in `loop'
        3: from org/jruby/RubyKernel.java:1048:in `eval'
        2: from (irb):26:in `evaluate'
        1: from org/jruby/ext/openssl/SSLContext.java:507:in `ciphers='
OpenSSL::SSL::SSLError (no cipher match)
p-mongo commented 3 years ago

jruby 9.2.13.0 (2.5.7) 2020-08-03 9a89c94bcc OpenJDK 64-Bit Server VM 11.0.9+11-post-Debian-1 on 11.0.9+11-post-Debian-1 +jit [linux-x86_64]