Savon uses the HTTPi library for the network requests but this library does not support setting SSL ciphers, as can be seen from the list of SSL options in the documentation.
From the question tags I suppose that you use Curb as the network adapter for Savon/HTTPi and Curb luckily supports setting various SSL options, including the allowed ciphers list through the general set method on the curl client.
So I guess your only option is to monkey-patch HTTPi to set the appropriate cipher when calling setting up the Curb client. A cleaner approach would be to also monkey patch Savon to pass a "ssl_ciphers" option to the HTTPi library but I'll leave that as an exercise for you if you want it :).
The most straightforward place to patch is the setup_ssl_auth method in the curb adapter of HTTPi. The following patch redefines this method to also explicitly deny the DH ciphers in the list of allowed SSL ciphers:
module HTTPI
module Adapter
class Curb
alias_method :orig_setup_ssl_auth, :setup_ssl_auth
private
def setup_ssl_auth
orig_setup_ssl_auth
@client.set(:SSL_CIPHER_LIST, "DEFAULT:!DH")
end
end
end
end
The patch calls the original set_ssl_auth method first and then denies the DH ciphers on the client. Note that this patch denies the DH ciphers everywhere Savon / HTTPi is used in your application!
Further notes on setting SSL ciphers can be found in the libcurl docs.
