How to Enable Tls V1.2 in Ruby? If So, How

Is it possible to enable TLS v1.2 in Ruby? If so, how?

Yes, we added TLS 1.1 & 1.2 support recently. It's as easy as setting ssl_version on your SSLContext:

ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :TLSv1_2

You may still continue to use the more generic :SSLv23 for maximum interoperability. It will have the effect that the newest protocol supported by the peer will be used for the connection. If your peer understands TLS 1.2, then it will be used. But opposed to the above sample, if the peer does not speak 1.2, then the implementation will silently fall back to the best/newest version that the peer does understand - while in the above example, the connection would be rejected by the peer if it did not recognize 1.2.

For further details, also have a look at OpenSSL's own docs on the subject, you can transfer what's being said about TLSv1_method to TLSv1_1_method and TLSv1_2_method (represented in Ruby as :TLSv1, :TLSv1_1 and :TLSv1_2 respectively).

If your underlying OpenSSL supports TLS 1.2 (>= 1.0.1 does), you're good to go. However, this requires a Ruby build from trunk currently. But if we get no negative feedback in the meantime, it might well be that it will be backported to the next 1.9.3 release.

Savon—configure to use TLS 1.2

Savon uses HTTPI as a common interface for Ruby's HTTP libraries

Configure Savon to use a specific library with:

HTTPI.adapter = :httpclient
HTTPI.adapter = :curb
...

it currently tries the libs in the following order:

[:httpclient, :curb, :em_http, :excon, :net_http, :net_http_persistent]

If you haven't installed httpclient, it will try curbnext and so on.

You should try setting an explicit lib and see if it works for you.

How to use Ruby and mysql2 gem to connect mysql database via TLS1.2

You are right about mysql2 using connector/c.

Not sure where the 6.1.1 version comes from. Did you mean MariaDB-connector-c-3.1.11? who's release notes advertised TLS-1.3 in the openssl version of this.

I checked the centos8 binary download from the above link and its linked against the system openssl (looking at ldd ./lib/mariadb/libmariadb.so).

As far as I know there's no community vs enterprise differentiation here.


Related Topics

How to Get a Backtrace from a Systemstackerror: Stack Level Too Deep

Rails - Rspec - Difference Between "Let" and "Let!"

Ruby on Rails: How to Get Error Messages from a Child Resource Displayed

Rubytest in Sublime Text 2

Differencebetween Tr and Gsub

Convert a String to Regular Expression Ruby

How to Run a Ruby File in a Rails Environment

In Ruby, How to Make a Hash from an Array

Why Is Rake Db:Migrate:Reset Not Listed in Rake -T

Ruby: What Is the Easiest Method to Update Hash Values

Vim Slow with Ruby Syntax Highlighting

Populating an Association with Children in Factory_Girl

Ruby Cannot Load Such File - Active_Support/Core_Ext/Object/Blank

Dynamic Method Calling in Ruby

Allow Public Connections to Local Ruby on Rails Development Server

How to Stub Applicationcontroller Method in Request Spec

Lisp and Erlang Atoms, Ruby and Scheme Symbols. How Useful Are They

What's the Difference Between These Ruby Namespace Conventions


Leave a reply



Submit