Broken check for weak ciphers with OpenSSL 1.1.0 or newer

Question

Broken check for weak ciphers with OpenSSL 1.1.0 or newer

larissa opened this issue 8 years ago · 1 comments

RestClient checks for weak ciphers on OpenSSL::SSL::SSLContext::DEFAULT_PARAMS but ciphers param was removed from the defaults for openssl 2.0 built with OpenSSL version 1.1.0 or newer, since it was a workaround for OpenSSL bad DEFAULT. See PR ruby/openssl#66

So for ruby 2.4 and openssl 2.0.2 built with OpenSSL 1.1.0 I'm getting KeyError: key not found: :ciphers.

One way of checking for default ciphers with openssl built with OpenSSL 1.1.0 is

 OpenSSL::SSL::SSLContext.new.ciphers.map { |v,_,_,_,_| v }.join(':')

Answer 1 · 2017-02-17T11:47:00.000Z

Just started getting this error today. Doesn't seem to be a workaround other than re-installing Ruby to build off of OpenSSL 1.0.2, so a fix would be very appreciated.