I am working on fixing a SSL-related bug with the Ruby Mail module in JRuby. This Github issue explains (and provides a monkey patch to) this bug.
The gist of the bug is that sometime after JRuby-1.7.19, a change was introduced that changes the Net::SMTP behavior with respect with MRI. In order to fix this issue, we must use the following TLS version TLSv1_2_client for OpenSSL::SSL::SSLContext in order to send mail through SSL/TLS.
The person that opened an issue suggested the following monkey patch for the Mail module:
require 'net/smtp'
class << Net::SMTP
remove_method :default_ssl_context # if defined?(Net::SMTP.default_ssl_context)
end
module Net
class SMTP
def SMTP.default_ssl_context
OpenSSL::SSL::SSLContext.new('TLSv1_2_client')
end
end
end
I tried this, and it does fix the Algorithm NONE problem I had by monkey patching SSLContext to use TLSv1_2_client, but I am not liking this solution at all because it's:
- a monkey patch.
- it's applying a giant bandaid over the core issue, which is an incorrect TLS version being supplied.
The solution I came up with for my app is that I simply have a dropdown populated by values in OpenSSL::SSL::SSLCOntext::METHODS. The output to METHODS is:
0> OpenSSL::SSL::SSLContext::METHODS
=> [:TLSv1, :TLSv1_server, :TLSv1_client, :SSLv3, :SSLv3_server, :SSLv3_client, :SSLv23, :SSLv23_server, :SSLv23_client, :TLS, :TLSv1_1_server, :TLSv1_1_client, :TLSv1_1, :TLSv1_2, :TLSv1_2_server, :TLSv1_2_client]
Right now I intend to fork the Ruby Mail module, and modify the smtp.rb file to allow myself to manually set the SSL version.
I am okay with having to fork the Ruby Mail module and make the changes myself.
I tried the following:
OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ssl_version] = :TLSv1_2_client
which did indeed set the default SSL version, but did not fix my issue.
How can I manually set the SSL version without relying on a monkey patch like the above example?