jruby-openssl
jruby-openssl copied to clipboard
jruby
JRuby's OpenSSL gem
from a real-world testing with `SSLSocket`s being created concurrently (using `ActiveMerchant`) after a while contetion seems to add up around [`ASN1ObjectIdentifier.getBody`](https://github.com/bcgit/bc-java/blob/r1rv52/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java#L295-L307) (using BC 1.50) **0.9.7** was initially tested, which revealed...
Repro steps: https://gist.github.com/tamird/84a1ed716862b4e96644 There seems to be no possible configuration that permits the use of any of the following ciphers (or their lowercase equivalents) under jruby with jruby-openssl present: -...
### Environment - jruby-openssl 0.9.17 - net-http-persistent 2.9.4 ### Expected Behavior Opening a new session should work. ### Actual Behavior ``` No existing session to resume: org/jruby/ext/openssl/SSLSocket.java:217:in `connect' /tmp/jetty-0.0.0.0-8080-evergreen.war-_evergreen-any-412843000765214245.dir/webapp/WEB-INF/gems/gems/net-http-persistent-2.9.4/lib/net/http/persistent/ssl_reuse.rb:70:in `connect'...
soon to be part of MRI: https://github.com/ruby/ruby/pull/569 ## --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/35349111-support-ccm-mode-e-g-aes-ccm?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github).
From http://jira.codehaus.org/browse/JRUBY-7049 See the following tests from Celluloid::IO https://github.com/celluloid/celluloid-io/blob/master/spec/celluloid/io/ssl_socket_spec.rb#L105 On MRI, these return OpenSSL::X509::V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT as expected. On JRuby, this returns 1, which does not seem to be even valid. (Note:...
... to allow users to suply BC jars from somewhere in the CP ## --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/5075042-maybe-we-need-some-option-to-not-load-any-jars?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github).
e.g. `java.security.Security.setProperty("jdk.tls.disabledAlgorithms", "SSLv3, DHE")` ## --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/25061010-use-security-setproperty-instead-of-system-setproperty?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github).
Out of the box, without calling `set_params`, jruby-openssl's SSLContext supports EXPORT cipher suites, and it prefers them over better cipher suites. Admittedly, MRI requires you to call `set_params` to remove...
To reproduce, I installed the `mechanize` gem, then hacked `Net::HTTP` to use `:TLSv1`, and then visited the site [https://www.howsmyssl.com/](https://www.howsmyssl.com/), and then copy and pasted the body into a file and...
... due BC not really supporting CFB-1 : http://www.bouncycastle.org/jira/browse/BJA-530 attempts to use such JCE `Cipher` instance will end as **java.lang.ArithmeticException: / by zero** ``` java.lang.ArithmeticException: / by zero at org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher.getUpdateOutputSize(Unknown...