是否可以在Ruby中启用TLS v1.2?如果是这样，怎么办?

编程入门行业动态更新时间:2024-10-27 23:23:51

本文介绍了是否可以在Ruby中启用TLS v1.2?如果是这样，怎么办?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！问题描述

是否可以在Ruby中使用TLSv.1.2或TLSv1.1?

Is it possible to use TLSv.1.2 or TLSv1.1 with Ruby?

我已经使用OpenSSL 1.0.1c(最新版本)编译了Frankenstein版本的Ruby，唯一的不同是SSLv2现在是OpenSSL::SSL::SSLContext::METHODS

I have compiled a Frankenstein version of Ruby using OpenSSL 1.0.1c (the latest available) and the only difference being is SSLv2 is now an option under OpenSSL::SSL::SSLContext::METHODS

是否可以将TLSv1.2添加到该列表?

Is it possible to add TLSv1.2 to that list?

推荐答案

是的，我们添加了TLS 1.1& 1.2支持最近.就像在SSLContext上设置ssl_version一样简单:

Yes, we added TLS 1.1 & 1.2 support recently. It's as easy as setting ssl_version on your SSLContext:

ctx = OpenSSL::SSL::SSLContext.new ctx.ssl_version = :TLSv1_2

您可能仍会继续使用更通用的:SSLv23以获得最大的互操作性.这样会产生影响，即使用对等方支持的最新协议进行连接.如果您的同龄人了解TLS 1.2，则将使用它.但是与上述示例相反，如果对等方不讲1.2，则实现将默默地退回到对等方可以理解的最佳/最新版本-在上面的示例中，连接将如果对方不认识1.2，则被对方拒绝.

You may still continue to use the more generic :SSLv23 for maximum interoperability. It will have the effect that the newest protocol supported by the peer will be used for the connection. If your peer understands TLS 1.2, then it will be used. But opposed to the above sample, if the peer does not speak 1.2, then the implementation will silently fall back to the best/newest version that the peer does understand - while in the above example, the connection would be rejected by the peer if it did not recognize 1.2.

有关更多详细信息，请参见 OpenSSL自己的文档关于该主题，您可以将有关TLSv1_method的说法转换为TLSv1_1_method和TLSv1_2_method(在Ruby中分别表示为:TLSv1，:TLSv1_1和:TLSv1_2).

For further details, also have a look at OpenSSL's own docs on the subject, you can transfer what's being said about TLSv1_method to TLSv1_1_method and TLSv1_2_method (represented in Ruby as :TLSv1, :TLSv1_1 and :TLSv1_2 respectively).

如果您的基础OpenSSL支持TLS 1.2(> = 1.0.1则支持)，那您就走了.但是，这需要当前从主干构建Ruby.但是，如果在此期间未收到负面反馈，则很可能会将其反向移植到下一个1.9.3版本.

If your underlying OpenSSL supports TLS 1.2 (>= 1.0.1 does), you're good to go. However, this requires a Ruby build from trunk currently. But if we get no negative feedback in the meantime, it might well be that it will be backported to the next 1.9.3 release.