Is it possible to enable TLS v1.2 in Ruby? If so, how?
Yes, we added TLS 1.1 & 1.2 support recently. It's as easy as setting ssl_version
on your SSLContext
:
ctx = OpenSSL::SSL::SSLContext.new
ctx.ssl_version = :TLSv1_2
You may still continue to use the more generic :SSLv23
for maximum interoperability. It will have the effect that the newest protocol supported by the peer will be used for the connection. If your peer understands TLS 1.2, then it will be used. But opposed to the above sample, if the peer does not speak 1.2, then the implementation will silently fall back to the best/newest version that the peer does understand - while in the above example, the connection would be rejected by the peer if it did not recognize 1.2.
For further details, also have a look at OpenSSL's own docs on the subject, you can transfer what's being said about TLSv1_method to TLSv1_1_method and TLSv1_2_method (represented in Ruby as :TLSv1
, :TLSv1_1
and :TLSv1_2
respectively).
If your underlying OpenSSL supports TLS 1.2 (>= 1.0.1 does), you're good to go. However, this requires a Ruby build from trunk currently. But if we get no negative feedback in the meantime, it might well be that it will be backported to the next 1.9.3 release.
Savon—configure to use TLS 1.2
Savon uses HTTPI as a common interface for Ruby's HTTP libraries
Configure Savon to use a specific library with:
HTTPI.adapter = :httpclient
HTTPI.adapter = :curb
...
it currently tries the libs in the following order:
[:httpclient, :curb, :em_http, :excon, :net_http, :net_http_persistent]
If you haven't installed httpclient
, it will try curb
next and so on.
You should try setting an explicit lib and see if it works for you.
How to use Ruby and mysql2 gem to connect mysql database via TLS1.2
You are right about mysql2 using connector/c.
Not sure where the 6.1.1 version comes from. Did you mean MariaDB-connector-c-3.1.11? who's release notes advertised TLS-1.3 in the openssl version of this.
I checked the centos8 binary download from the above link and its linked against the system openssl (looking at ldd ./lib/mariadb/libmariadb.so
).
As far as I know there's no community vs enterprise differentiation here.
Related Topics
How to Get a Backtrace from a Systemstackerror: Stack Level Too Deep
Rails - Rspec - Difference Between "Let" and "Let!"
Ruby on Rails: How to Get Error Messages from a Child Resource Displayed
Convert a String to Regular Expression Ruby
How to Run a Ruby File in a Rails Environment
In Ruby, How to Make a Hash from an Array
Why Is Rake Db:Migrate:Reset Not Listed in Rake -T
Ruby: What Is the Easiest Method to Update Hash Values
Vim Slow with Ruby Syntax Highlighting
Populating an Association with Children in Factory_Girl
Ruby Cannot Load Such File - Active_Support/Core_Ext/Object/Blank
Dynamic Method Calling in Ruby
Allow Public Connections to Local Ruby on Rails Development Server
How to Stub Applicationcontroller Method in Request Spec
Lisp and Erlang Atoms, Ruby and Scheme Symbols. How Useful Are They
What's the Difference Between These Ruby Namespace Conventions