Support negotiating up to TLS1_1 and TLS1_2 when the server supports these ssl_versions

Author: cheister

src/main/java/org/jruby/ext/openssl/SSLContext.java

@@ -122,13 +122,13 @@ public class SSLContext extends RubyObject {
         SSL_VERSION_OSSL2JSSE.put("SSLv23", "SSL");
         SSL_VERSION_OSSL2JSSE.put("SSLv23_server", "SSL");
         SSL_VERSION_OSSL2JSSE.put("SSLv23_client", "SSL");
-        ENABLED_PROTOCOLS.put("SSL", new String[] { "SSLv2", "SSLv3", "TLSv1" });
+        ENABLED_PROTOCOLS.put("SSL", new String[] { "SSLv2", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" });
 
         // Historically we were ahead of MRI to support TLS
         // ... thus the non-standard names version names :
 
         SSL_VERSION_OSSL2JSSE.put("TLS", "TLS");
-        ENABLED_PROTOCOLS.put("TLS", new String[] { "TLSv1", "TLSv1.1" });
+        ENABLED_PROTOCOLS.put("TLS", new String[] { "TLSv1", "TLSv1.1", "TLSv1.2" });
 
         SSL_VERSION_OSSL2JSSE.put("TLSv1.1", "TLSv1.1");
         ENABLED_PROTOCOLS.put("TLSv1.1", new String[] { "TLSv1.1" });

src/test/ruby/ssl/test_ssl.rb

@@ -95,4 +95,29 @@ def test_ssl_version_tlsv1
     end
   end
 
+  def test_ssl_version_tlsv1_1
+    ctx_proc = Proc.new do |ctx|
+      ctx.ssl_version = "TLSv1_1"
+    end
+    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc) do |server, port|
+      sock = TCPSocket.new("127.0.0.1", port)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock)
+      ssl.connect
+      assert_equal("TLSv1.1", ssl.ssl_version)
+      ssl.close
+    end
+  end
+
+  def test_ssl_version_tlsv1_2
+    ctx_proc = Proc.new do |ctx|
+      ctx.ssl_version = "TLSv1_2"
+    end
+    start_server(PORT, OpenSSL::SSL::VERIFY_NONE, true, :ctx_proc => ctx_proc) do |server, port|
+      sock = TCPSocket.new("127.0.0.1", port)
+      ssl = OpenSSL::SSL::SSLSocket.new(sock)
+      ssl.connect
+      assert_equal("TLSv1.2", ssl.ssl_version)
+      ssl.close
+    end
+  end
 end