min_max_ssl 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +8 -0
  3. data/Gemfile +4 -0
  4. data/Gemfile.lock +24 -0
  5. data/README.md +40 -0
  6. data/Rakefile +10 -0
  7. data/bin/console +14 -0
  8. data/bin/setup +8 -0
  9. data/lib/min_max_ssl.rb +15 -0
  10. data/lib/min_max_ssl/version.rb +3 -0
  11. data/min_max_ssl.gemspec +28 -0
  12. metadata +113 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 0fc97ed3ec204cef8d64b1f27b3f9bc3f38f1ff9
4
+ data.tar.gz: 6f77b6b34424b4825b874d23b06617fff27d2381
5
+ SHA512:
6
+ metadata.gz: 5631a7dbce2ec1cc8d0a9673de9fb4dd847de5d2c999b03e115b51046272c243a0e08776651edd0a9b78ebc102684ddf7c812f7df5cfbe1136e52665ec8f08e3
7
+ data.tar.gz: 1939519283230d7b85f3c13afcf07ffe5684e772f3e844d4a27bdaf8bf1f9237c378409386d67c7e41cfa6092e477b66e5915836873ba9121d2c0d23416f7d80
data/.gitignore ADDED
@@ -0,0 +1,8 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in min_max_ssl.gemspec
4
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,24 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ min_max_ssl (0.1.0)
5
+ openssl (~> 2.1)
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ minitest (5.11.3)
11
+ openssl (2.1.1)
12
+ rake (12.3.1)
13
+
14
+ PLATFORMS
15
+ ruby
16
+
17
+ DEPENDENCIES
18
+ bundler (~> 1.16)
19
+ min_max_ssl!
20
+ minitest (~> 5.0)
21
+ rake (~> 12.0)
22
+
23
+ BUNDLED WITH
24
+ 1.16.1
data/README.md ADDED
@@ -0,0 +1,40 @@
1
+ # MinMaxSSL
2
+
3
+ This gem backports `Net::HTTP#min_version=` and `#max_version=` from Ruby 2.5. These are more flexible than `#ssl_version=` which locks the connection to allow only one specific version, and close the door on future versions down the road (TLS 1.3).
4
+
5
+ The motivation for this gem is guaranteeing client side compliance with the PCI Data Security Standard (PCI DSS) [June 30 2018 deadline](https://blog.pcisecuritystandards.org/are-you-ready-for-30-june-2018-sayin-goodbye-to-ssl-early-tls) for phasing out TLS 1.0 connections for safeguarding credit card payment data.
6
+
7
+ The heavy lifting is [done by](https://github.com/ruby/openssl/pull/142) OpenSSL gem 2.1+, which is only compatible with Ruby 2.3 and 2.4.
8
+
9
+ ## Installation
10
+
11
+ Add the following line to your application's Gemfile:
12
+
13
+ ```ruby
14
+ gem 'min_max_ssl'
15
+ ```
16
+
17
+ If you have a gem that uses feature detection of `#min_version=`, you might need to add this line before that gem definition.
18
+
19
+ ## Usage
20
+
21
+ ```ruby
22
+ uri = URI("https://tls-1-1-and-higher-only.example.com/")
23
+ http = Net::HTTP.new(uri.host, uri.port)
24
+ http.use_ssl = true
25
+ http.min_version = :TLS1_1
26
+ http.get("/") # everything works
27
+
28
+ ```
29
+
30
+ ```ruby
31
+ uri = URI("https://tls-1-1-and-higher-only.example.com/")
32
+ http = Net::HTTP.new(uri.host, uri.port)
33
+ http.use_ssl = true
34
+ http.max_version = :TLS1_0
35
+ http.get("/") # raises OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unsupported protocol
36
+ ```
37
+
38
+ ## License
39
+
40
+ The gem is available as open source under the terms of the [Ruby License](https://www.ruby-lang.org/en/about/license.txt), like the original work by @nurse in https://github.com/ruby/ruby/commit/dcea9198a9d80bdf4eeacd9d9e9d883850a4a8d2
data/Rakefile ADDED
@@ -0,0 +1,10 @@
1
+ require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+
4
+ Rake::TestTask.new(:test) do |t|
5
+ t.libs << "test"
6
+ t.libs << "lib"
7
+ t.test_files = FileList["test/**/*_test.rb"]
8
+ end
9
+
10
+ task :default => :test
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "min_max_ssl"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/lib/min_max_ssl.rb ADDED
@@ -0,0 +1,15 @@
1
+ require "min_max_ssl/version"
2
+ require "net/http"
3
+
4
+ module MinMaxSSL
5
+ NEW_SSL_IVNAMES = ::Net::HTTP::SSL_IVNAMES + [:@min_version, :@max_version]
6
+ ::Net::HTTP.send(:remove_const, "SSL_IVNAMES")
7
+ ::Net::HTTP.const_set("SSL_IVNAMES", NEW_SSL_IVNAMES)
8
+
9
+ NEW_SSL_ATTRIBUTES = ::Net::HTTP::SSL_ATTRIBUTES + [:min_version, :max_version]
10
+ ::Net::HTTP.send(:remove_const, "SSL_ATTRIBUTES")
11
+ ::Net::HTTP.const_set("SSL_ATTRIBUTES", NEW_SSL_ATTRIBUTES)
12
+
13
+ ::Net::HTTP.send(:attr_accessor, :min_version)
14
+ ::Net::HTTP.send(:attr_accessor, :max_version)
15
+ end
data/lib/min_max_ssl/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module MinMaxSSL
2
+ VERSION = "0.1.0"
3
+ end
data/min_max_ssl.gemspec ADDED
@@ -0,0 +1,28 @@
1
+
2
+ lib = File.expand_path("../lib", __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require "min_max_ssl/version"
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "min_max_ssl"
8
+ spec.version = MinMaxSSL::VERSION
9
+ spec.authors = ["Bart de Water"]
10
+ spec.email = ["bartdewater@gmail.com"]
11
+
12
+ spec.summary = %q{Ruby 2.5 Net::HTTP#min_version/max_version backport for Ruby 2.3 and 2.4}
13
+ spec.license = "Ruby"
14
+
15
+ spec.files = `git ls-files -z`.split("\x0").reject do |f|
16
+ f.match(%r{^(test|spec|features)/})
17
+ end
18
+ spec.bindir = "exe"
19
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
+ spec.require_paths = ["lib"]
21
+
22
+ spec.required_ruby_version = [">= 2.3.0", "< 2.5.0"]
23
+
24
+ spec.add_dependency "openssl", "~> 2.1"
25
+ spec.add_development_dependency "bundler", "~> 1.16"
26
+ spec.add_development_dependency "rake", "~> 12.0"
27
+ spec.add_development_dependency "minitest", "~> 5.0"
28
+ end
metadata ADDED
@@ -0,0 +1,113 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: min_max_ssl
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Bart de Water
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2018-06-03 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: openssl
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.1'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.1'
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.16'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.16'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '12.0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '12.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: minitest
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '5.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '5.0'
69
+ description:
70
+ email:
71
+ - bartdewater@gmail.com
72
+ executables: []
73
+ extensions: []
74
+ extra_rdoc_files: []
75
+ files:
76
+ - ".gitignore"
77
+ - Gemfile
78
+ - Gemfile.lock
79
+ - README.md
80
+ - Rakefile
81
+ - bin/console
82
+ - bin/setup
83
+ - lib/min_max_ssl.rb
84
+ - lib/min_max_ssl/version.rb
85
+ - min_max_ssl.gemspec
86
+ homepage:
87
+ licenses:
88
+ - Ruby
89
+ metadata: {}
90
+ post_install_message:
91
+ rdoc_options: []
92
+ require_paths:
93
+ - lib
94
+ required_ruby_version: !ruby/object:Gem::Requirement
95
+ requirements:
96
+ - - ">="
97
+ - !ruby/object:Gem::Version
98
+ version: 2.3.0
99
+ - - "<"
100
+ - !ruby/object:Gem::Version
101
+ version: 2.5.0
102
+ required_rubygems_version: !ruby/object:Gem::Requirement
103
+ requirements:
104
+ - - ">="
105
+ - !ruby/object:Gem::Version
106
+ version: '0'
107
+ requirements: []
108
+ rubyforge_project:
109
+ rubygems_version: 2.5.2
110
+ signing_key:
111
+ specification_version: 4
112
+ summary: Ruby 2.5 Net::HTTP#min_version/max_version backport for Ruby 2.3 and 2.4
113
+ test_files: []