Implement SSLContext#ciphers

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: JRuby-OpenSSL 0.6
Fix Version/s: JRuby-OpenSSL 0.7
Component/s: OpenSSL
Labels:
None

Number of attachments :
0

Description

0% /home/nahi/git/jruby/bin/jruby -ropenssl -ve
 'p OpenSSL::SSL::SSLContext.new.ciphers'
jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-18 cf2560e) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java]
fetching ciphers
nil

0% ruby -ropenssl -ve 'p OpenSSL::SSL::SSLContext.new.ciphers'                           
ruby 1.8.8dev (2009-12-15 revision 25983) [i686-linux]
[["DHE-RSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["DHE-DSS-AES256-SHA",
 "TLSv1/SSLv3", 256, 256], ["AES256-SHA", "TLSv1/SSLv3", 256, 256],
 ["EDH-RSA-DES-CBC3-SHA", "TLSv1/SSLv3", 168, 168],
 ["EDH-DSS-DES-CBC3-SHA", "TLSv1/SSLv3", 168, 168], ["DES-CBC3-SHA",
 "TLSv1/SSLv3", 168, 168], ["DES-CBC3-MD5", "SSLv2", 168, 168],
 ["DHE-RSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["DHE-DSS-AES128-SHA",
 "TLSv1/SSLv3", 128, 128], ["AES128-SHA", "TLSv1/SSLv3", 128, 128],
 ["RC2-CBC-MD5", "SSLv2", 128, 128], ["RC4-SHA", "TLSv1/SSLv3", 128, 128],
 ["RC4-MD5", "TLSv1/SSLv3", 128, 128], ["RC4-MD5", "SSLv2", 128, 128],
 ["EDH-RSA-DES-CBC-SHA", "TLSv1/SSLv3", 56, 56], ["EDH-DSS-DES-CBC-SHA",
 "TLSv1/SSLv3", 56, 56], ["DES-CBC-SHA", "TLSv1/SSLv3", 56, 56],
 ["DES-CBC-MD5", "SSLv2", 56, 56], ["EXP-EDH-RSA-DES-CBC-SHA",
 "TLSv1/SSLv3", 40, 56], ["EXP-EDH-DSS-DES-CBC-SHA", "TLSv1/SSLv3", 40,
 56], ["EXP-DES-CBC-SHA", "TLSv1/SSLv3", 40, 56], ["EXP-RC2-CBC-MD5",
 "TLSv1/SSLv3", 40, 128], ["EXP-RC2-CBC-MD5", "SSLv2", 40, 128],
 ["EXP-RC4-MD5", "TLSv1/SSLv3", 40, 128], ["EXP-RC4-MD5", "SSLv2", 40,
 128]]
0%

Activity

Ascending order - Click to sort in descending order

Hiroshi Nakamura made changes - 18/Dec/09 6:50 AM

Field	Original Value	New Value
Assignee		Hiroshi Nakamura [ nahi ]

Hide

Permalink

Hiroshi Nakamura added a comment - 18/Dec/09 10:01 AM

Fixed in d6e1d49.

Implemented OpenSSL::SSL::SSLContext#ciphers.

Fixed SSLContext#ciphers=, too. SSL ciphersuite negotiation did not
work properly regardless of ciphers setting. Hope opponent SSL
server/client use proper secure ciphersuite...

Show

Hiroshi Nakamura added a comment - 18/Dec/09 10:01 AM Fixed in d6e1d49. Implemented OpenSSL::SSL::SSLContext#ciphers. Fixed SSLContext#ciphers=, too. SSL ciphersuite negotiation did not work properly regardless of ciphers setting. Hope opponent SSL server/client use proper secure ciphersuite...

Hiroshi Nakamura made changes - 18/Dec/09 10:01 AM

Resolution		Fixed [ 1 ]
Status	Open [ 1 ]	Resolved [ 5 ]

Hide

Permalink

Hiroshi Nakamura added a comment - 24/Dec/09 8:41 AM

Setting "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW" must not include ADH.

0% /home/nahi/git/jruby/bin/jruby -Ilib -ropenssl -ve
'c = OpenSSL::SSL::SSLContext.new; c.ciphers =
 "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
 p c.ciphers.map {|e| e[0]}.sort'
jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-22 7732569) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java]
["ADH-AES128-SHA", "ADH-AES256-SHA", "ADH-DES-CBC-SHA", "ADH-DES-CBC3-SHA",
 "ADH-RC4-MD5", "AES128-SHA", "AES256-SHA", "DES-CBC-SHA", "DES-CBC3-SHA",
 "DHE-DSS-AES128-SHA", "DHE-DSS-AES256-SHA", "DHE-RSA-AES128-SHA",
 "DHE-RSA-AES256-SHA", "EDH-DSS-DES-CBC3-SHA", "EDH-RSA-DES-CBC-SHA",
 "EDH-RSA-DES-CBC3-SHA", "RC4-MD5", "RC4-SHA"]

Show

Hiroshi Nakamura added a comment - 24/Dec/09 8:41 AM Setting "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW" must not include ADH. 0% /home/nahi/git/jruby/bin/jruby -Ilib -ropenssl -ve 'c = OpenSSL::SSL::SSLContext.new; c.ciphers = "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW"; p c.ciphers.map {|e| e[0]}.sort' jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-22 7732569) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java] ["ADH-AES128-SHA", "ADH-AES256-SHA", "ADH-DES-CBC-SHA", "ADH-DES-CBC3-SHA", "ADH-RC4-MD5", "AES128-SHA", "AES256-SHA", "DES-CBC-SHA", "DES-CBC3-SHA", "DHE-DSS-AES128-SHA", "DHE-DSS-AES256-SHA", "DHE-RSA-AES128-SHA", "DHE-RSA-AES256-SHA", "EDH-DSS-DES-CBC3-SHA", "EDH-RSA-DES-CBC-SHA", "EDH-RSA-DES-CBC3-SHA", "RC4-MD5", "RC4-SHA"]

Hiroshi Nakamura made changes - 24/Dec/09 8:41 AM

Status	Resolved [ 5 ]	Reopened [ 4 ]
Resolution	Fixed [ 1 ]

Hide

Permalink

Hiroshi Nakamura added a comment - 24/Dec/09 9:05 AM

Combination by '+' like "RC4+RSA" does not work, too.

0% /home/nahi/git/jruby/bin/jruby -Ilib -ropenssl -ve
 'c = OpenSSL::SSL::SSLContext.new; c.ciphers = ARGV.shift;
 p c.ciphers.map {|e| e[0]}' "RC4+RSA"
jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-22 7732569) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java]
: no cipher match (OpenSSL::SSL::SSLError)

1% ruby -ropenssl -ve 'c = OpenSSL::SSL::SSLContext.new;
 c.ciphers = ARGV.shift; p c.ciphers.map {|e| e[0]}' "RC4+RSA"                           
ruby 1.8.7 (2009-12-21 patchlevel 244) [i686-linux]
["RC4-SHA", "RC4-MD5", "EXP-RC4-MD5", "EXP-RC4-MD5", "RC4-MD5"]
0%

Show

Hiroshi Nakamura added a comment - 24/Dec/09 9:05 AM Combination by '+' like "RC4+RSA" does not work, too. 0% /home/nahi/git/jruby/bin/jruby -Ilib -ropenssl -ve 'c = OpenSSL::SSL::SSLContext.new; c.ciphers = ARGV.shift; p c.ciphers.map {|e| e[0]}' "RC4+RSA" jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-22 7732569) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java] : no cipher match (OpenSSL::SSL::SSLError) 1% ruby -ropenssl -ve 'c = OpenSSL::SSL::SSLContext.new; c.ciphers = ARGV.shift; p c.ciphers.map {|e| e[0]}' "RC4+RSA" ruby 1.8.7 (2009-12-21 patchlevel 244) [i686-linux] ["RC4-SHA", "RC4-MD5", "EXP-RC4-MD5", "EXP-RC4-MD5", "RC4-MD5"] 0%

Hiroshi Nakamura made changes - 24/Dec/09 9:06 AM

Description

{noformat}
0% /home/nahi/git/jruby/bin/jruby -ropenssl -ve 'p OpenSSL::SSL::SSLContext.new.ciphers'
jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-18 cf2560e) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java]
fetching ciphers
nil

0% ruby -ropenssl -ve 'p OpenSSL::SSL::SSLContext.new.ciphers'
ruby 1.8.8dev (2009-12-15 revision 25983) [i686-linux]
[["DHE-RSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["DHE-DSS-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["AES256-SHA", "TLSv1/SSLv3", 256, 256], ["EDH-RSA-DES-CBC3-SHA", "TLSv1/SSLv3", 168, 168], ["EDH-DSS-DES-CBC3-SHA", "TLSv1/SSLv3", 168, 168], ["DES-CBC3-SHA", "TLSv1/SSLv3", 168, 168], ["DES-CBC3-MD5", "SSLv2", 168, 168], ["DHE-RSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["DHE-DSS-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["AES128-SHA", "TLSv1/SSLv3", 128, 128], ["RC2-CBC-MD5", "SSLv2", 128, 128], ["RC4-SHA", "TLSv1/SSLv3", 128, 128], ["RC4-MD5", "TLSv1/SSLv3", 128, 128], ["RC4-MD5", "SSLv2", 128, 128], ["EDH-RSA-DES-CBC-SHA", "TLSv1/SSLv3", 56, 56], ["EDH-DSS-DES-CBC-SHA", "TLSv1/SSLv3", 56, 56], ["DES-CBC-SHA", "TLSv1/SSLv3", 56, 56], ["DES-CBC-MD5", "SSLv2", 56, 56], ["EXP-EDH-RSA-DES-CBC-SHA", "TLSv1/SSLv3", 40, 56], ["EXP-EDH-DSS-DES-CBC-SHA", "TLSv1/SSLv3", 40, 56], ["EXP-DES-CBC-SHA", "TLSv1/SSLv3", 40, 56], ["EXP-RC2-CBC-MD5", "TLSv1/SSLv3", 40, 128], ["EXP-RC2-CBC-MD5", "SSLv2", 40, 128], ["EXP-RC4-MD5", "TLSv1/SSLv3", 40, 128], ["EXP-RC4-MD5", "SSLv2", 40, 128]]
0%
{noformat}

{noformat}
0% /home/nahi/git/jruby/bin/jruby -ropenssl -ve
'p OpenSSL::SSL::SSLContext.new.ciphers'
jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-18 cf2560e) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java]
fetching ciphers
nil

0% ruby -ropenssl -ve 'p OpenSSL::SSL::SSLContext.new.ciphers'
ruby 1.8.8dev (2009-12-15 revision 25983) [i686-linux]
[["DHE-RSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["DHE-DSS-AES256-SHA",
"TLSv1/SSLv3", 256, 256], ["AES256-SHA", "TLSv1/SSLv3", 256, 256],
["EDH-RSA-DES-CBC3-SHA", "TLSv1/SSLv3", 168, 168],
["EDH-DSS-DES-CBC3-SHA", "TLSv1/SSLv3", 168, 168], ["DES-CBC3-SHA",
"TLSv1/SSLv3", 168, 168], ["DES-CBC3-MD5", "SSLv2", 168, 168],
["DHE-RSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["DHE-DSS-AES128-SHA",
"TLSv1/SSLv3", 128, 128], ["AES128-SHA", "TLSv1/SSLv3", 128, 128],
["RC2-CBC-MD5", "SSLv2", 128, 128], ["RC4-SHA", "TLSv1/SSLv3", 128, 128],
["RC4-MD5", "TLSv1/SSLv3", 128, 128], ["RC4-MD5", "SSLv2", 128, 128],
["EDH-RSA-DES-CBC-SHA", "TLSv1/SSLv3", 56, 56], ["EDH-DSS-DES-CBC-SHA",
"TLSv1/SSLv3", 56, 56], ["DES-CBC-SHA", "TLSv1/SSLv3", 56, 56],
["DES-CBC-MD5", "SSLv2", 56, 56], ["EXP-EDH-RSA-DES-CBC-SHA",
"TLSv1/SSLv3", 40, 56], ["EXP-EDH-DSS-DES-CBC-SHA", "TLSv1/SSLv3", 40,
56], ["EXP-DES-CBC-SHA", "TLSv1/SSLv3", 40, 56], ["EXP-RC2-CBC-MD5",
"TLSv1/SSLv3", 40, 128], ["EXP-RC2-CBC-MD5", "SSLv2", 40, 128],
["EXP-RC4-MD5", "TLSv1/SSLv3", 40, 128], ["EXP-RC4-MD5", "SSLv2", 40,
128]]
0%
{noformat}

Hide

Permalink

Hiroshi Nakamura added a comment - 24/Dec/09 10:54 AM

Fixed in 0c89f0b4f1f91cc11d2b4fd9015e325f40dcc757.

leading '+' means 'move to the end of the list'. must not add new
ciphers.
implemented 'name1+name2' handling. it's the logical AND operator.

Show

Hiroshi Nakamura added a comment - 24/Dec/09 10:54 AM Fixed in 0c89f0b4f1f91cc11d2b4fd9015e325f40dcc757. leading '+' means 'move to the end of the list'. must not add new ciphers. implemented 'name1+name2' handling. it's the logical AND operator.

Hiroshi Nakamura made changes - 24/Dec/09 10:54 AM

Status	Reopened [ 4 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Hiroshi Nakamura made changes - 27/Apr/10 1:56 AM

Fix Version/s

JRuby-OpenSSL 0.7 [ 16411 ]

Charles Oliver Nutter made changes - 09/Feb/11 12:21 PM

Status

Resolved [ 5 ]

Closed [ 6 ]

People

Assignee:

Hiroshi Nakamura

Reporter:

Hiroshi Nakamura

Vote (0)

Watch (0)

Dates

Created:

18/Dec/09 4:24 AM

Updated:

09/Feb/11 12:21 PM

Resolved:

24/Dec/09 10:54 AM