Respect the SSL options set by default by SSL_CTX() or by the system-wide OpenSSL configuration file.
OpenSSL::SSL::SSLContext#initialize currently adds OpenSSL::SSL::OP_ALL on top of the default SSL options. Let's stop doing it.
OpenSSL::SSL::OP_ALL is a set of options that changes OpenSSL's behavior to workaround various TLS implementation bugs. Using it is considered usually safe, but is not completely harmless.
Also:
ssl: do not clear existing SSL options in SSLContext#set_params
Apply SSL options set in DEFAULT_PARAMSwithout clearing existing options, which may be set by a system-wide configuration file.
With a fresh installation of OpenSSL 3.3.1, this change will enable the OpenSSL::SSL::OP_ENABLE_MIDDLEBOX_COMPAT option for users of SSLContext#set_params.
Respect the SSL options set by default by
SSL_CTX()or by the system-wide OpenSSL configuration file.OpenSSL::SSL::SSLContext#initializecurrently addsOpenSSL::SSL::OP_ALLon top of the default SSL options. Let's stop doing it.OpenSSL::SSL::OP_ALLis a set of options that changes OpenSSL's behavior to workaround various TLS implementation bugs. Using it is considered usually safe, but is not completely harmless.Also:
ssl: do not clear existing SSL options in
SSLContext#set_paramsApply SSL options set in
DEFAULT_PARAMSwithout clearing existing options, which may be set by a system-wide configuration file.With a fresh installation of OpenSSL 3.3.1, this change will enable the
OpenSSL::SSL::OP_ENABLE_MIDDLEBOX_COMPAToption for users ofSSLContext#set_params.The last commit in this PR fixes https://github.com/ruby/openssl/issues/765.