ssl: add SSLContext#min_version= and #max_version=

Add methods that sets the minimum and maximum supported protocol
versions for the SSL context. If the OpenSSL library supports, use
SSL_CTX_set_{min,max}_proto_version() that do the exact thing.
Otherwise, simulate by combining SSL_OP_NO_{SSL,TLS}v* flags.

The new methods are meant to replace the deprecated
SSLContext#ssl_version= that cannot support multiple protocol versions.

SSLContext::DEFAULT_PARAMS is also updated to use the new
SSLContext#min_version=.

Author: rhenium

ext/openssl/ossl_ssl.c

@@ -193,6 +193,80 @@ ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
     ossl_raise(rb_eArgError, "unknown SSL method `%"PRIsVALUE"'.", m);
 }
 
+static int
+parse_proto_version(VALUE str)
+{
+    int i;
+    static const struct {
+	const char *name;
+	int version;
+    } map[] = {
+	{ "SSL2", SSL2_VERSION },
+	{ "SSL3", SSL3_VERSION },
+	{ "TLS1", TLS1_VERSION },
+	{ "TLS1_1", TLS1_1_VERSION },
+	{ "TLS1_2", TLS1_2_VERSION },
+#ifdef TLS1_3_VERSION
+	{ "TLS1_3", TLS1_3_VERSION },
+#endif
+    };
+
+    if (NIL_P(str))
+	return 0;
+    if (RB_INTEGER_TYPE_P(str))
+	return NUM2INT(str);
+
+    if (SYMBOL_P(str))
+	str = rb_sym2str(str);
+    for (i = 0; i < numberof(map); i++) {
+	if (!strcmp(map[i].name, StringValueCStr(str)))
+	    return map[i].version;
+    }
+    rb_raise(rb_eArgError, "unrecognized version %+"PRIsVALUE, str);
+}
+
+static VALUE
+ossl_sslctx_set_minmax_proto_version(VALUE self, VALUE min_v, VALUE max_v)
+{
+    SSL_CTX *ctx;
+    int min, max;
+#ifndef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
+    unsigned long sum = 0, opts = 0;
+    int i;
+    static const struct { int ver; unsigned long opts; } options_map[] = {
+	{ SSL2_VERSION, SSL_OP_NO_SSLv2 },
+	{ SSL3_VERSION, SSL_OP_NO_SSLv3 },
+	{ TLS1_VERSION, SSL_OP_NO_TLSv1 },
+	{ TLS1_1_VERSION, SSL_OP_NO_TLSv1_1 },
+	{ TLS1_2_VERSION, SSL_OP_NO_TLSv1_2 },
+#ifdef TLS1_3_VERSION
+	{ TLS1_3_VERSION, SSL_OP_NO_TLSv1_3 },
+#endif
+    };
+#endif
+
+    GetSSLCTX(self, ctx);
+    min = parse_proto_version(min_v);
+    max = parse_proto_version(max_v);
+
+#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
+    if (!SSL_CTX_set_min_proto_version(ctx, min))
+	ossl_raise(eSSLError, "SSL_CTX_set_min_proto_version");
+    if (!SSL_CTX_set_max_proto_version(ctx, max))
+	ossl_raise(eSSLError, "SSL_CTX_set_max_proto_version");
+#else
+    for (i = 0; i < numberof(options_map); i++) {
+	sum |= options_map[i].opts;
+	if (min && min > options_map[i].ver || max && max < options_map[i].ver)
+	    opts |= options_map[i].opts;
+    }
+    SSL_CTX_clear_options(ctx, sum);
+    SSL_CTX_set_options(ctx, opts);
+#endif
+
+    return Qnil;
+}
+
 static VALUE
 ossl_call_client_cert_cb(VALUE obj)
 {
@@ -2544,6 +2618,8 @@ Init_ossl_ssl(void)
     rb_define_alias(cSSLContext, "ssl_timeout", "timeout");
     rb_define_alias(cSSLContext, "ssl_timeout=", "timeout=");
     rb_define_method(cSSLContext, "ssl_version=", ossl_sslctx_set_ssl_version, 1);
+    rb_define_private_method(cSSLContext, "set_minmax_proto_version",
+			     ossl_sslctx_set_minmax_proto_version, 2);
     rb_define_method(cSSLContext, "ciphers",     ossl_sslctx_get_ciphers, 0);
     rb_define_method(cSSLContext, "ciphers=",    ossl_sslctx_set_ciphers, 1);
     rb_define_method(cSSLContext, "ecdh_curves=", ossl_sslctx_set_ecdh_curves, 1);
@@ -2747,6 +2823,26 @@ Init_ossl_ssl(void)
     rb_define_const(mSSL, "OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG", ULONG2NUM(SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG));
 
 
+    /*
+     * SSL/TLS version constants. Used by SSLContext#min_version= and
+     * #max_version=
+     */
+    /* SSL 2 */
+    rb_define_const(mSSL, "SSL2_VERSION", INT2NUM(SSL2_VERSION));
+    /* SSL 3 */
+    rb_define_const(mSSL, "SSL3_VERSION", INT2NUM(SSL3_VERSION));
+    /* TLS 1.0 */
+    rb_define_const(mSSL, "TLS1_VERSION", INT2NUM(TLS1_VERSION));
+    /* TLS 1.1 */
+    rb_define_const(mSSL, "TLS1_1_VERSION", INT2NUM(TLS1_1_VERSION));
+    /* TLS 1.2 */
+    rb_define_const(mSSL, "TLS1_2_VERSION", INT2NUM(TLS1_2_VERSION));
+#ifdef TLS1_3_VERSION /* OpenSSL 1.1.1 */
+    /* TLS 1.3 */
+    rb_define_const(mSSL, "TLS1_3_VERSION", INT2NUM(TLS1_3_VERSION));
+#endif
+
+
     sym_exception = ID2SYM(rb_intern("exception"));
     sym_wait_readable = ID2SYM(rb_intern("wait_readable"));
     sym_wait_writable = ID2SYM(rb_intern("wait_writable"));

lib/openssl/ssl.rb

@@ -17,14 +17,13 @@ module OpenSSL
   module SSL
     class SSLContext
       DEFAULT_PARAMS = { # :nodoc:
-        :ssl_version => "SSLv23",
+        :min_version => OpenSSL::SSL::TLS1_VERSION,
         :verify_mode => OpenSSL::SSL::VERIFY_PEER,
         :verify_hostname => true,
         :options => -> {
           opts = OpenSSL::SSL::OP_ALL
           opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
           opts |= OpenSSL::SSL::OP_NO_COMPRESSION
-          opts |= OpenSSL::SSL::OP_NO_SSLv2 | OpenSSL::SSL::OP_NO_SSLv3
           opts
         }.call
       }
@@ -124,9 +123,13 @@ class SSLContext
       # call-seq:
       #    SSLContext.new => ctx
       #    SSLContext.new(:TLSv1) => ctx
-      #    SSLContext.new("SSLv23_client") => ctx
+      #    SSLContext.new("SSLv23") => ctx
       #
-      # You can get a list of valid methods with OpenSSL::SSL::SSLContext::METHODS
+      # Creates a new SSL context.
+      #
+      # If an argument is given, #ssl_version= is called with the value. Note
+      # that this is deprecated and new applications should use #min_version=
+      # and #max_version= instead.
       def initialize(version = nil)
         self.options |= OpenSSL::SSL::OP_ALL
         self.ssl_version = version if version
@@ -154,6 +157,47 @@ def set_params(params={})
         end
         return params
       end
+
+      # call-seq:
+      #    ctx.min_version = OpenSSL::SSL::TLS1_2_VERSION
+      #    ctx.min_version = :TLS1_2
+      #    ctx.min_version = nil
+      #
+      # Sets the lower bound on the supported SSL/TLS protocol version. The
+      # version may be specified by an integer constant named
+      # OpenSSL::SSL::*_VERSION, a Symbol, or +nil+ which means "any version".
+      #
+      # If an invalid value is given, ArgumentError will be raised.
+      #
+      # Be careful that you don't overwrite OpenSSL::SSL::OP_NO_{SSL,TLS}v*
+      # options by #options= once you have called #min_version= and/or
+      # #max_version=.
+      #
+      # === Example
+      #   ctx = OpenSSL::SSL::SSLContext.new
+      #   ctx.min_version = OpenSSL::SSL::TLS1_1_VERSION
+      #   ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+      #
+      #   sock = OpenSSL::SSL::SSLSocket.new(tcp_sock, ctx)
+      #   sock.connect # Will negotiate with either TLS 1.1 or TLS 1.2
+      def min_version=(version)
+        set_minmax_proto_version(version, @max_proto_version ||= nil)
+        @min_proto_version = version
+      end
+
+      # call-seq:
+      #    ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+      #    ctx.max_version = :TLS1_2
+      #    ctx.max_version = nil
+      #
+      # Sets the upper bound of the supported SSL/TLS protocol version. See
+      # #min_version= for the possible values. The default is +nil+; any
+      # version which is equal or newer than the version specified by
+      # #min_version= and supported by the OpenSSL will be accepted.
+      def max_version=(version)
+        set_minmax_proto_version(@min_proto_version ||= nil, version)
+        @max_proto_version = version
+      end
     end
 
     module SocketForwarder