net-http Net::HTTP doesn't honor parameters set in OpenSSL::Config::DEFAULT_CONFIG

Net::HTTP doesn't honor parameters set in OpenSSL::Config::DEFAULT_CONFIG_FILE

Open chudel opened this issue 1 year ago • 0 comments

I observe that Net:HTTP does not honor parameters set in OpenSSL::Config::DEFAULT_CONFIG_FILE (i.e.: /usr/lib/ssl/openssl.cnf).

For example, if you set the following parameter in /usr/lib/ssl/openssl.cnf (symlinked to /etc/ssl/openssl.cnf):

[system_default_sect]
Options = UnsafeLegacyRenegotiation,UnsafeLegacyServerConnect

Net::HTTP sessions will not honor this configuration, but a similar client-side tool (i.e.: openssl s_client) will. It appears that the values in the config file are simply ignored, or not read in at all so I'm left with wondering how to change a default openssl configuration item (absent a hack like mucking with OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options]

I had the following versions configured on an ubuntu (Ubuntu 22.04.3 LTS) host for this testing:

OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
RUBY_VERSION -> "3.1.3"

Sep 29 '23 00:09 chudel

net-http net-http copied to clipboard

Net::HTTP doesn't honor parameters set in OpenSSL::Config::DEFAULT_CONFIG_FILE

net-http
net-http copied to clipboard