2

I am working on OpenSSL's SSLContext right now and created a Ruby OpenSSL object like this:

0> ssl_object = OpenSSL::SSL::SSLContext.new("TLSv1_2_client")
=> #<OpenSSL::SSL::SSLContext:0x7acec6db>

which created an instance of the SSLContext object. I can change this SSLContext object by using:

ssl_object.ssl_version="SSLv2_3"

However, I want to understand/get that ssl_version of ssl_object. How do I do that?

When I do:

0> ssl_object.ssl_version
=> undefined method `ssl_version' for #<OpenSSL::SSL::SSLContext:0x38106bc4>
Did you mean?  ssl_version=

According to the documentation, there's only a setter, not a getter.

the Tin Man
  • 158,662
  • 42
  • 215
  • 303
theGreenCabbage
  • 5,197
  • 19
  • 79
  • 169

1 Answers1

2

Looks like you can create a fake socket:

OpenSSL::SSL::SSLSocket.new(
  UNIXSocket.pair.first, 
  OpenSSL::SSL::SSLContext.new("SSLv3")
).ssl_version
=> "SSLv3"
Bart
  • 2,606
  • 21
  • 32
  • This seems to return `"SSLv23"` regardless of what you set it – theGreenCabbage May 26 '17 at 00:10
  • You sure this doesn't just return the default ssl_version? – theGreenCabbage May 26 '17 at 00:12
  • @theGreenCabbage if so, there is no other way as the C wrapper doesn't define a getter: https://github.com/ruby/openssl/blob/3dd75865b7bf7bd5b89eb760c2e131a27bdd1d43/ext/openssl/ossl_ssl.c#L2542 – Bart May 26 '17 at 00:21
  • Yeah that's what I saw and what I believed was true as well. Thanks for trying! – theGreenCabbage May 26 '17 at 00:21
  • @theGreenCabbage see my update, looks like `SSLSocket` defines the `ssl_version` getter. – Bart May 26 '17 at 00:32
  • Hm. As far as I can tell, I don't use `SSLSocket` (I could be wrong). – theGreenCabbage May 26 '17 at 00:33
  • Please explain why the code is appropriate. [Teach, don't merely answer](https://meta.stackoverflow.com/a/291533/128421) Also, don't use "update" or "edit" tags in your text. Incorporate the change as if it'd been there initially. See "[Should 'Edit:' in edits be discouraged?](https://meta.stackoverflow.com/a/255685/128421)" – the Tin Man May 26 '17 at 00:35
  • @theGreenCabbage Create a fake one to get the version :) – Bart May 26 '17 at 00:35
  • I'm not "being a pain". I'm trying to educate a user how the site is supposed to look. The linked information is the consensus of our peers on the site's "look and feel" and it takes everyone's effort to get there. – the Tin Man May 26 '17 at 00:40
  • now version is deprecated, you must use min_version and max_version – Yvain Feb 05 '22 at 14:42