Sha256: 97264388e18b53321169393dc865ec58532da6156bdbc9265304feab556ffcb2
Contents?: true
Size: 781 Bytes
Versions: 1
Compression:
Stored size: 781 Bytes
Contents
# frozen_string_literal: true
require 'openssl'
require 'openssl/sane_defaults/version'
module OpenSSL
# SaneDefaults
module SaneDefaults
class Error < StandardError; end
# Make OpenSSL default params safer by disabling insecure options
def self.patch!
# Disable insecure protocols, Postgres on RDS no longer accepts TLSv1
# Shamelessly taken, and slightly modified from https://gist.github.com/tam7t/86eb4793e8ecf3f55037#gistcomment-1361208
SSL::SSLContext::DEFAULT_PARAMS[:options] |= SSL::OP_NO_SSLv2
SSL::SSLContext::DEFAULT_PARAMS[:options] |= SSL::OP_NO_SSLv3
SSL::SSLContext::DEFAULT_PARAMS[:options] |= SSL::OP_NO_TLSv1
SSL::SSLContext::DEFAULT_PARAMS[:options] |= SSL::OP_NO_COMPRESSION
true
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| openssl-sane_defaults-0.1.0 | lib/openssl/sane_defaults.rb |