ruby · Athishpranav2003 · Mar 9, 2025
diff --git a/lib/webrick/ssl.rb b/lib/webrick/ssl.rb
@@ -78,6 +78,8 @@ module Config
       :SSLVerifyClient      => ::OpenSSL::SSL::VERIFY_NONE,
       :SSLVerifyDepth       => nil,
       :SSLVerifyCallback    => nil,   # custom verification
+      :SSLMinVersion        => OpenSSL::SSL::TLS1_VERSION,
+      :SSLMaxVersion        => OpenSSL::SSL::TLS1_2_VERSION,
       :SSLTimeout           => nil,
       :SSLOptions           => nil,
       :SSLCiphers           => nil,
@@ -201,6 +203,8 @@ def setup_ssl_context(config) # :nodoc:
       ctx.verify_mode = config[:SSLVerifyClient]
       ctx.verify_depth = config[:SSLVerifyDepth]
       ctx.verify_callback = config[:SSLVerifyCallback]
+      ctx.min_version = config[:SSLMinVersion]
+      ctx.max_version = config[:SSLMaxVersion]
       ctx.servername_cb = config[:SSLServerNameCallback] || proc { |args| ssl_servername_callback(*args) }
       ctx.timeout = config[:SSLTimeout]
       ctx.options = config[:SSLOptions]

diff --git a/test/webrick/test_ssl_server.rb b/test/webrick/test_ssl_server.rb
@@ -20,6 +20,15 @@ def test_self_signed_cert_server
     )
   end
 
+  def test_tls1_3
+    assert_self_signed_cert(
+      :SSLEnable => true,
+      :SSLCertName => [["C", "JP"], ["O", "www.ruby-lang.org"], ["CN", "Ruby"]],
+      :SSLMinVersion => OpenSSL::SSL::TLS1_3_VERSION,
+      :SSLMaxVersion => OpenSSL::SSL::TLS1_3_VERSION
+    )
+  end
+
   def test_self_signed_cert_server_with_string
     assert_self_signed_cert(
       :SSLEnable => true,