* [ruby-core:70018] [Ruby trunk - Bug #11366] [Open] Don't force SSLv3 in test, as it is insecure and may not be supported
[not found] <redmine.issue-11366.20150717213608@ruby-lang.org>
@ 2015-07-17 21:36 ` merch-redmine
2015-07-18 12:21 ` [ruby-core:70029] [Ruby trunk - Bug #11366] " v.ondruch
` (3 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: merch-redmine @ 2015-07-17 21:36 UTC (permalink / raw)
To: ruby-core
Issue #11366 has been reported by Jeremy Evans.
----------------------------------------
Bug #11366: Don't force SSLv3 in test, as it is insecure and may not be supported
https://bugs.ruby-lang.org/issues/11366
* Author: Jeremy Evans
* Status: Open
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.3.0dev (2015-07-16 openbsd 51261) [x86_64-openbsd]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
LibreSSL disables SSLv3 by default, and there's no reason this code
should require SSLv3.
---Files--------------------------------
0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch (932 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [ruby-core:70029] [Ruby trunk - Bug #11366] Don't force SSLv3 in test, as it is insecure and may not be supported
[not found] <redmine.issue-11366.20150717213608@ruby-lang.org>
2015-07-17 21:36 ` [ruby-core:70018] [Ruby trunk - Bug #11366] [Open] Don't force SSLv3 in test, as it is insecure and may not be supported merch-redmine
@ 2015-07-18 12:21 ` v.ondruch
2015-07-18 15:38 ` [ruby-core:70032] " merch-redmine
` (2 subsequent siblings)
4 siblings, 0 replies; 5+ messages in thread
From: v.ondruch @ 2015-07-18 12:21 UTC (permalink / raw)
To: ruby-core
Issue #11366 has been updated by Vit Ondruch.
This was reported as #10046, but I am not sure if this patch actually works everywhere ...
----------------------------------------
Bug #11366: Don't force SSLv3 in test, as it is insecure and may not be supported
https://bugs.ruby-lang.org/issues/11366#change-53454
* Author: Jeremy Evans
* Status: Open
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.3.0dev (2015-07-16 openbsd 51261) [x86_64-openbsd]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
LibreSSL disables SSLv3 by default, and there's no reason this code
should require SSLv3.
---Files--------------------------------
0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch (932 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [ruby-core:70032] [Ruby trunk - Bug #11366] Don't force SSLv3 in test, as it is insecure and may not be supported
[not found] <redmine.issue-11366.20150717213608@ruby-lang.org>
2015-07-17 21:36 ` [ruby-core:70018] [Ruby trunk - Bug #11366] [Open] Don't force SSLv3 in test, as it is insecure and may not be supported merch-redmine
2015-07-18 12:21 ` [ruby-core:70029] [Ruby trunk - Bug #11366] " v.ondruch
@ 2015-07-18 15:38 ` merch-redmine
2015-10-31 18:56 ` [ruby-core:71287] " nagachika00
2015-11-18 11:48 ` [ruby-core:71551] " usa
4 siblings, 0 replies; 5+ messages in thread
From: merch-redmine @ 2015-07-18 15:38 UTC (permalink / raw)
To: ruby-core
Issue #11366 has been updated by Jeremy Evans.
I think this change may require #11367 to work correctly. I thought the patches were not related, but it's possible if you are using TLS instead of SSLv3, then you also need to turn off tickets for external session callbacks to work.
----------------------------------------
Bug #11366: Don't force SSLv3 in test, as it is insecure and may not be supported
https://bugs.ruby-lang.org/issues/11366#change-53456
* Author: Jeremy Evans
* Status: Open
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.3.0dev (2015-07-16 openbsd 51261) [x86_64-openbsd]
* Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN
----------------------------------------
LibreSSL disables SSLv3 by default, and there's no reason this code
should require SSLv3.
---Files--------------------------------
0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch (932 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [ruby-core:71287] [Ruby trunk - Bug #11366] Don't force SSLv3 in test, as it is insecure and may not be supported
[not found] <redmine.issue-11366.20150717213608@ruby-lang.org>
` (2 preceding siblings ...)
2015-07-18 15:38 ` [ruby-core:70032] " merch-redmine
@ 2015-10-31 18:56 ` nagachika00
2015-11-18 11:48 ` [ruby-core:71551] " usa
4 siblings, 0 replies; 5+ messages in thread
From: nagachika00 @ 2015-10-31 18:56 UTC (permalink / raw)
To: ruby-core
Issue #11366 has been updated by Tomoyuki Chikanaga.
Backport changed from 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN to 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE
r51569 and r51649 were backported into `ruby_2_2` branch at r52414.
----------------------------------------
Bug #11366: Don't force SSLv3 in test, as it is insecure and may not be supported
https://bugs.ruby-lang.org/issues/11366#change-54662
* Author: Jeremy Evans
* Status: Closed
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.3.0dev (2015-07-16 openbsd 51261) [x86_64-openbsd]
* Backport: 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE
----------------------------------------
LibreSSL disables SSLv3 by default, and there's no reason this code
should require SSLv3.
---Files--------------------------------
0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch (932 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* [ruby-core:71551] [Ruby trunk - Bug #11366] Don't force SSLv3 in test, as it is insecure and may not be supported
[not found] <redmine.issue-11366.20150717213608@ruby-lang.org>
` (3 preceding siblings ...)
2015-10-31 18:56 ` [ruby-core:71287] " nagachika00
@ 2015-11-18 11:48 ` usa
4 siblings, 0 replies; 5+ messages in thread
From: usa @ 2015-11-18 11:48 UTC (permalink / raw)
To: ruby-core
Issue #11366 has been updated by Usaku NAKAMURA.
Backport changed from 2.0.0: UNKNOWN, 2.1: REQUIRED, 2.2: DONE to 2.0.0: UNKNOWN, 2.1: DONE, 2.2: DONE
ruby_2_1 r52638 merged revision(s) 51569,51649.
----------------------------------------
Bug #11366: Don't force SSLv3 in test, as it is insecure and may not be supported
https://bugs.ruby-lang.org/issues/11366#change-54933
* Author: Jeremy Evans
* Status: Closed
* Priority: Normal
* Assignee:
* ruby -v: ruby 2.3.0dev (2015-07-16 openbsd 51261) [x86_64-openbsd]
* Backport: 2.0.0: UNKNOWN, 2.1: DONE, 2.2: DONE
----------------------------------------
LibreSSL disables SSLv3 by default, and there's no reason this code
should require SSLv3.
---Files--------------------------------
0004-Don-t-force-SSLv3-in-test-as-it-is-insecure-and-may-.patch (932 Bytes)
--
https://bugs.ruby-lang.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-11-18 11:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <redmine.issue-11366.20150717213608@ruby-lang.org>
2015-07-17 21:36 ` [ruby-core:70018] [Ruby trunk - Bug #11366] [Open] Don't force SSLv3 in test, as it is insecure and may not be supported merch-redmine
2015-07-18 12:21 ` [ruby-core:70029] [Ruby trunk - Bug #11366] " v.ondruch
2015-07-18 15:38 ` [ruby-core:70032] " merch-redmine
2015-10-31 18:56 ` [ruby-core:71287] " nagachika00
2015-11-18 11:48 ` [ruby-core:71551] " usa
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).