The DEFAULT_PARAMS constant defined by OpenSSL::SSL::SSLContext indicates that instances of this class will use "SSLv23" by default. I ran a number of tests and now I believe that the most secure version (supported) of the protocol is what is actually used. This means that client systems using openssl v1.0.1 will default to TLS v1.2.
Unfortunately, a large number of CAS servers do not support communication using TLS v1.1. or v1.2. Hence, we need a way to configure a different protocol version when and where necessary. The enhancement provides that option while maintaining the original behavior when it is unspecified.
The
DEFAULT_PARAMSconstant defined byOpenSSL::SSL::SSLContextindicates that instances of this class will use "SSLv23" by default. I ran a number of tests and now I believe that the most secure version (supported) of the protocol is what is actually used. This means that client systems using openssl v1.0.1 will default to TLS v1.2.Unfortunately, a large number of CAS servers do not support communication using TLS v1.1. or v1.2. Hence, we need a way to configure a different protocol version when and where necessary. The enhancement provides that option while maintaining the original behavior when it is unspecified.