在C中使用OpenSSL时,我们在上下文中设置选项以删除弱受损和受伤的协议,如SSLv2和SSLv3.从ssl.h,这里是一些有用的选项的位掩码:
#define SSL_OP_NO_SSLv2 0x01000000L
#define SSL_OP_NO_SSLv3 0x02000000L
#define SSL_OP_NO_TLSv1 0x04000000L
#define SSL_OP_NO_TLSv1_2 0x08000000L
#define SSL_OP_NO_TLSv1_1 0x10000000L
但是,我在Ruby中设置它们时遇到了麻烦:
if uri.scheme == "https"
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_PEER
http.options = OpenSSL::SSL::SSL_OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3 |
OpenSSL::SSL::SSL_OP_NO_COMPRESSION
end
结果是:
$ ./TestCert.rb
./TestCert.rb:12:in `<main>': uninitialized constant OpenSSL::SSL::SSL_OP_SSL2 (NameError)
如何在Ruby中设置TLS上下文选项?
相关:在ruby中设置SSLContext选项.但是没有办法将上下文附加到http何时http.use_ssl = true.