[ruby/openssl] ssl: do not enable OpenSSL::SSL::OP_ALL by default

Respect the SSL options set by default by SSL_CTX() and by the system-wide OpenSSL configuration file. OpenSSL::SSL::SSLContext#initialize currently adds OpenSSL::SSL::OP_ALL on top of the default SSL options. Let's stop doing it. OpenSSL::SSL::OP_ALL is a set of options that changes OpenSSL's behavior to workaround various TLS implementation bugs. Using it is considered usually safe, but is not completely harmless. https://github.com/ruby/openssl/commit/00bec0d905
author: Kazuki Yamaguchi <[email protected]> 2024-06-12 02:29:46 +0900
committer: git <[email protected]> 2024-12-07 08:15:08 +0000
commit: 510c190739b83cfa4fdb56e9d9c0578af25c9c6a (patch)
tree: accbf0568cda3a1dfb4c2bfa9fc7fdfbb96cfed3 /ext/openssl/lib
parent: 33196b7ab007c82ebd3fa3759850b1ddc10d50ef (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index 2186f5f43a..f28239babd 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -125,7 +125,6 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
       # that this form is deprecated. New applications should use #min_version=
       # and #max_version= as necessary.
       def initialize(version = nil)
-        self.options |= OpenSSL::SSL::OP_ALL
         self.ssl_version = version if version
         self.verify_mode = OpenSSL::SSL::VERIFY_NONE
         self.verify_hostname = false
author	Kazuki Yamaguchi <[email protected]>	2024-06-12 02:29:46 +0900
committer	git <[email protected]>	2024-12-07 08:15:08 +0000
commit	510c190739b83cfa4fdb56e9d9c0578af25c9c6a (patch)
tree	accbf0568cda3a1dfb4c2bfa9fc7fdfbb96cfed3 /ext/openssl/lib
parent	33196b7ab007c82ebd3fa3759850b1ddc10d50ef (diff)