merge revision(s) 45274,45278,45280,48097: [Backport #9424]

* ext/openssl/lib/openssl/ssl-internal.rb (DEFAULT_PARAMS): override options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined. this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424] * test/openssl/test_ssl.rb: Reuse TLS default options from OpenSSL::SSL::SSLContext::DEFAULT_PARAMS. * lib/openssl/ssl-internal.rb: Explicitly whitelist the default SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable compression by default. Reported by Jeff Hodges. [ruby-core:59829] [Bug #9424] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_3@48121 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-10-24 03:06:36 +0000
committer: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2014-10-24 03:06:36 +0000
commit: 26c0acf5a77e122fb3f4a25b924bc3982dfb1408 (patch)
tree: 8056d896c8512152d0189eba133640ec0264af24 /test
parent: c79117f6886132a401b5398e4dd9e2be8e76129e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 2b92cf9701..0620490ef4 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -273,7 +273,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
       ctx = OpenSSL::SSL::SSLContext.new
       ctx.set_params
       assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode)
-      assert_equal(OpenSSL::SSL::OP_ALL, ctx.options)
+      assert_equal(OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options], ctx.options)
       ciphers = ctx.ciphers
       ciphers_versions = ciphers.collect{|_, v, _, _| v }
       ciphers_names = ciphers.collect{|v, _, _, _| v }
author	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-10-24 03:06:36 +0000
committer	usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2014-10-24 03:06:36 +0000
commit	26c0acf5a77e122fb3f4a25b924bc3982dfb1408 (patch)
tree	8056d896c8512152d0189eba133640ec0264af24 /test
parent	c79117f6886132a401b5398e4dd9e2be8e76129e (diff)