diff options
author | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-12-20 00:29:07 +0000 |
---|---|---|
committer | emboss <emboss@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2012-12-20 00:29:07 +0000 |
commit | a3b753b28214ad321e7335afada7f1b06d036836 (patch) | |
tree | c405de7ac3b8a087774472e6d31ee7de7642863c /NEWS | |
parent | e3e4e9dfe77c103ac8a46e5ad15ef6b36e6f0653 (diff) |
* ext/openssl/ossl.c: add OpenSSL.fips_mode= to allow enabling FIPS
mode manually.
* test/openssl/utils.rb: turn off FIPS mode for tests. This prevents
OpenSSL installations with FIPS mode enabled by default from raising
FIPS-related errors during the tests.
* test/openssl/test_fips.rb: add tests for FIPS-capable OpenSSL
installations.
[Feature #6946] [ruby-core:47345]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@38480 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 15 |
1 files changed, 8 insertions, 7 deletions
@@ -245,6 +245,10 @@ with all sufficient information, see the ChangeLog file. also allows to programmatically decline (client) renegotiation attempts. * Support for "0/n" splitting of records as BEAST mitigation via OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. + * The default options for OpenSSL::SSL::SSLContext have changed to + OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS + instead of OpenSSL::SSL::OP_ALL only. This enables the countermeasure for + the BEAST attack by default. * OpenSSL requires passwords for decrypting PEM-encoded files to be at least four characters long. This led to awkward situations where an export with a password with fewer than four characters was possible, but accessing the @@ -255,13 +259,10 @@ with all sufficient information, see the ChangeLog file. * SSL/TLS support for the Next Protocol Negotiation extension. Supported with OpenSSL 1.0.1 and higher. * OpenSSL::OPENSSL_FIPS allows client applications to detect whether OpenSSL - is running in FIPS mode and to react to the special requirements this - might imply. - * The default options for OpenSSL::SSL::SSLContext have changed to - OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS - instead of OpenSSL::SSL::OP_ALL only. This enables the countermeasure for - the BEAST attack by default. - + is FIPS-enabled. OpenSSL.fips_mode= allows turning on and off FIPS mode + manually in order to adapt to situations where FIPS mode would be an + explicit requirement. + * ostruct * new methods: * OpenStruct#[], []= |