TLS 1.3 support

[chevinbrown]

Bunny version: 2.0.19 RabbitMQ version: 3.9.13 Ruby: 2.7

Based on ruby's openssl lib, it looks like you must use min_ssl_version to use 1.3: https://github.com/ruby/openssl/issues/473#issuecomment-964252959

Using the option TLSv1_3,

Bunny.new("amqps://", ... tls_protocol: :TLSv1_3)
...
#=> ArgumentError: unknown SSL method `TLSv1_3'

It doesn't look like there is the ability to pass args through to openssl? Is 1.3 support on the horizon?

[michaelklishin]

@chevinbrown this is open source software, so things "get on the horizon" when someone motivated contributes them or at least clearly explains what has to be done to others.

Bunny allows you to configure TLS context any way you can in Ruby code.

Bunny could use OpenSSL::SSL::SSLContext#min_version= internally but that method is no available in Ruby versions older than 2.5.0. I see Bunny README already states 2.5 is the minimum version supported, which I doubt is actually the case but very convenient.

[michaelklishin]

As of #629, Bunny uses the modern methods described in https://github.com/ruby/openssl/issues/473#issuecomment-964252959.

Since TLS 1.3 is an all-or-nothing proposition, I'm not sure what to do about the test suite. As soon as I get a TLS 1.3 example running without any alerts from the server, this can be closed with a new release. I cannot promise when that might happen but with #629, anyone can try it. We've had TLS 1.3 documented in RabbitMQ docs for months now.