Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: JRuby-OpenSSL 0.6
    • Fix Version/s: JRuby-OpenSSL 0.7
    • Component/s: OpenSSL
    • Labels:
      None
    • Number of attachments :
      0

      Description

      0% /home/nahi/git/jruby/bin/jruby -ropenssl -ve
       'p OpenSSL::SSL::SSLContext.new.ciphers'
      jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-18 cf2560e) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java]
      fetching ciphers
      nil
      
      0% ruby -ropenssl -ve 'p OpenSSL::SSL::SSLContext.new.ciphers'                           
      ruby 1.8.8dev (2009-12-15 revision 25983) [i686-linux]
      [["DHE-RSA-AES256-SHA", "TLSv1/SSLv3", 256, 256], ["DHE-DSS-AES256-SHA",
       "TLSv1/SSLv3", 256, 256], ["AES256-SHA", "TLSv1/SSLv3", 256, 256],
       ["EDH-RSA-DES-CBC3-SHA", "TLSv1/SSLv3", 168, 168],
       ["EDH-DSS-DES-CBC3-SHA", "TLSv1/SSLv3", 168, 168], ["DES-CBC3-SHA",
       "TLSv1/SSLv3", 168, 168], ["DES-CBC3-MD5", "SSLv2", 168, 168],
       ["DHE-RSA-AES128-SHA", "TLSv1/SSLv3", 128, 128], ["DHE-DSS-AES128-SHA",
       "TLSv1/SSLv3", 128, 128], ["AES128-SHA", "TLSv1/SSLv3", 128, 128],
       ["RC2-CBC-MD5", "SSLv2", 128, 128], ["RC4-SHA", "TLSv1/SSLv3", 128, 128],
       ["RC4-MD5", "TLSv1/SSLv3", 128, 128], ["RC4-MD5", "SSLv2", 128, 128],
       ["EDH-RSA-DES-CBC-SHA", "TLSv1/SSLv3", 56, 56], ["EDH-DSS-DES-CBC-SHA",
       "TLSv1/SSLv3", 56, 56], ["DES-CBC-SHA", "TLSv1/SSLv3", 56, 56],
       ["DES-CBC-MD5", "SSLv2", 56, 56], ["EXP-EDH-RSA-DES-CBC-SHA",
       "TLSv1/SSLv3", 40, 56], ["EXP-EDH-DSS-DES-CBC-SHA", "TLSv1/SSLv3", 40,
       56], ["EXP-DES-CBC-SHA", "TLSv1/SSLv3", 40, 56], ["EXP-RC2-CBC-MD5",
       "TLSv1/SSLv3", 40, 128], ["EXP-RC2-CBC-MD5", "SSLv2", 40, 128],
       ["EXP-RC4-MD5", "TLSv1/SSLv3", 40, 128], ["EXP-RC4-MD5", "SSLv2", 40,
       128]]
      0% 
      

        Activity

        Hide
        Hiroshi Nakamura added a comment -

        Fixed in d6e1d49.

        Implemented OpenSSL::SSL::SSLContext#ciphers.

        Fixed SSLContext#ciphers=, too. SSL ciphersuite negotiation did not
        work properly regardless of ciphers setting. Hope opponent SSL
        server/client use proper secure ciphersuite...

        Show
        Hiroshi Nakamura added a comment - Fixed in d6e1d49. Implemented OpenSSL::SSL::SSLContext#ciphers. Fixed SSLContext#ciphers=, too. SSL ciphersuite negotiation did not work properly regardless of ciphers setting. Hope opponent SSL server/client use proper secure ciphersuite...
        Hide
        Hiroshi Nakamura added a comment -

        Setting "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW" must not include ADH.

        0% /home/nahi/git/jruby/bin/jruby -Ilib -ropenssl -ve
        'c = OpenSSL::SSL::SSLContext.new; c.ciphers =
         "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW";
         p c.ciphers.map {|e| e[0]}.sort'
        jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-22 7732569) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java]
        ["ADH-AES128-SHA", "ADH-AES256-SHA", "ADH-DES-CBC-SHA", "ADH-DES-CBC3-SHA",
         "ADH-RC4-MD5", "AES128-SHA", "AES256-SHA", "DES-CBC-SHA", "DES-CBC3-SHA",
         "DHE-DSS-AES128-SHA", "DHE-DSS-AES256-SHA", "DHE-RSA-AES128-SHA",
         "DHE-RSA-AES256-SHA", "EDH-DSS-DES-CBC3-SHA", "EDH-RSA-DES-CBC-SHA",
         "EDH-RSA-DES-CBC3-SHA", "RC4-MD5", "RC4-SHA"]
        
        Show
        Hiroshi Nakamura added a comment - Setting "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW" must not include ADH. 0% /home/nahi/git/jruby/bin/jruby -Ilib -ropenssl -ve 'c = OpenSSL::SSL::SSLContext.new; c.ciphers = "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW"; p c.ciphers.map {|e| e[0]}.sort' jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-22 7732569) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java] ["ADH-AES128-SHA", "ADH-AES256-SHA", "ADH-DES-CBC-SHA", "ADH-DES-CBC3-SHA", "ADH-RC4-MD5", "AES128-SHA", "AES256-SHA", "DES-CBC-SHA", "DES-CBC3-SHA", "DHE-DSS-AES128-SHA", "DHE-DSS-AES256-SHA", "DHE-RSA-AES128-SHA", "DHE-RSA-AES256-SHA", "EDH-DSS-DES-CBC3-SHA", "EDH-RSA-DES-CBC-SHA", "EDH-RSA-DES-CBC3-SHA", "RC4-MD5", "RC4-SHA"]
        Hide
        Hiroshi Nakamura added a comment -

        Combination by '+' like "RC4+RSA" does not work, too.

        0% /home/nahi/git/jruby/bin/jruby -Ilib -ropenssl -ve
         'c = OpenSSL::SSL::SSLContext.new; c.ciphers = ARGV.shift;
         p c.ciphers.map {|e| e[0]}' "RC4+RSA"
        jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-22 7732569) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java]
        : no cipher match (OpenSSL::SSL::SSLError)
        
        1% ruby -ropenssl -ve 'c = OpenSSL::SSL::SSLContext.new;
         c.ciphers = ARGV.shift; p c.ciphers.map {|e| e[0]}' "RC4+RSA"                           
        ruby 1.8.7 (2009-12-21 patchlevel 244) [i686-linux]
        ["RC4-SHA", "RC4-MD5", "EXP-RC4-MD5", "EXP-RC4-MD5", "RC4-MD5"]
        0%
        
        Show
        Hiroshi Nakamura added a comment - Combination by '+' like "RC4+RSA" does not work, too. 0% /home/nahi/git/jruby/bin/jruby -Ilib -ropenssl -ve 'c = OpenSSL::SSL::SSLContext.new; c.ciphers = ARGV.shift; p c.ciphers.map {|e| e[0]}' "RC4+RSA" jruby 1.5.0.dev (ruby 1.8.7 patchlevel 174) (2009-12-22 7732569) (Java HotSpot(TM) Client VM 1.6.0_16) [i386-java] : no cipher match (OpenSSL::SSL::SSLError) 1% ruby -ropenssl -ve 'c = OpenSSL::SSL::SSLContext.new; c.ciphers = ARGV.shift; p c.ciphers.map {|e| e[0]}' "RC4+RSA" ruby 1.8.7 (2009-12-21 patchlevel 244) [i686-linux] ["RC4-SHA", "RC4-MD5", "EXP-RC4-MD5", "EXP-RC4-MD5", "RC4-MD5"] 0%
        Hide
        Hiroshi Nakamura added a comment -

        Fixed in 0c89f0b4f1f91cc11d2b4fd9015e325f40dcc757.

        • leading '+' means 'move to the end of the list'. must not add new
          ciphers.
        • implemented 'name1+name2' handling. it's the logical AND operator.
        Show
        Hiroshi Nakamura added a comment - Fixed in 0c89f0b4f1f91cc11d2b4fd9015e325f40dcc757. leading '+' means 'move to the end of the list'. must not add new ciphers. implemented 'name1+name2' handling. it's the logical AND operator.

          People

          • Assignee:
            Hiroshi Nakamura
            Reporter:
            Hiroshi Nakamura
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: