No longer use OpenSSL::SSL::SSLContext#ssl_version= (closes #498).

* Set both `OpenSSL::SSL::SSLContext#min_version=` and
  `OpenSSL::SSL::SSLContext#max_version=` when a specific version is
  requested.
* Use `OpenSSL::SSL::TLS1*_VERSION` constants instead of symbols.
  * Map TLS version `1` to `OpenSSL::SSL::TLS1_VERSION`.
  * Map TLS version `1.1` to `OpenSSL::SSL::TLS1_1_VERSION`.
  * Map TLS version `1.2` to `OpenSSL::SSL::TLS1_2_VERSION`.
* Still support legacy `:TLSv1*` symbols:
  * Map the legacy `:TLSv1` symbol to ``OpenSSL::SSL::TLS1_VERSION`.
  * Map the legacy `:TLSv1_1` symbol to ``OpenSSL::SSL::TLS1_1_VERSION`.
  * Map the legacy `:TLSv1_2` symbol to ``OpenSSL::SSL::TLS1_2_VERSION`.
* Drop support for accept String versions (ex: `"SSLv23"`).

Author: postmodern

lib/ronin/support/network/http.rb

@@ -365,7 +365,13 @@ def initialize_ssl(ca_bundle:        nil,
           @http.key              = key              if key
 
           @http.ssl_timeout = timeout if timeout
-          @http.ssl_version = SSL::VERSIONS.fetch(version,version) if version
+
+          if version
+            version = SSL::VERSIONS.fetch(version,version)
+
+            @http.min_version = @http.max_version = version
+          end
+
           @http.min_version = min_version if min_version
           @http.max_version = max_version if max_version
 

lib/ronin/support/network/ssl.rb

@@ -32,9 +32,14 @@ module Network
       module SSL
         # SSL/TLS versions
         VERSIONS = {
-          1   => :TLSv1,
-          1.1 => :TLSv1_1,
-          1.2 => :TLSv1_2
+          1   => OpenSSL::SSL::TLS1_VERSION,
+          1.1 => OpenSSL::SSL::TLS1_1_VERSION,
+          1.2 => OpenSSL::SSL::TLS1_2_VERSION,
+
+          # deprecated TLS version symbols
+          :TLSv1   => OpenSSL::SSL::TLS1_VERSION,
+          :TLSv1_1 => OpenSSL::SSL::TLS1_1_VERSION,
+          :TLSv1_2 => OpenSSL::SSL::TLS1_2_VERSION
         }
 
         # SSL verify modes
@@ -96,7 +101,7 @@ def self.cert=(new_cert)
         #
         # Creates a new SSL Context.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The SSL version to use.
         #
         # @param [Symbol, Boolean] verify
@@ -144,7 +149,9 @@ def self.context(version:   nil,
           context = OpenSSL::SSL::SSLContext.new
 
           if version
-            context.ssl_version = VERSIONS.fetch(version,version)
+            version = VERSIONS.fetch(version,version)
+
+            context.min_version = context.max_version = version
           end
 
           context.verify_mode = VERIFY[verify]

lib/ronin/support/network/ssl/mixin.rb

@@ -32,7 +32,7 @@ module Mixin
           # @param [Hash{Symbol => Object}] kwargs
           #   Additional keyword arguments.
           #
-          # @option kwargs [1, 1.1, 1.2, String, Symbol, nil] :version
+          # @option kwargs [1, 1.1, 1.2, Symbol, nil] :version
           #   The SSL version to use.
           #
           # @option kwargs [Symbol, Boolean] :verify

lib/ronin/support/network/tls.rb

@@ -31,7 +31,7 @@ module TLS
         #
         # Creates a new SSL Context.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The SSL version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -52,7 +52,7 @@ def self.context(version: 1.2, **kwargs)
         # @param [TCPSocket] socket
         #   The existing TCP socket.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -105,7 +105,7 @@ def self.socket(socket, version: 1.2, **kwargs)
         # @param [Integer] port
         #   The port to connect to.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -175,7 +175,7 @@ def self.open?(host,port, version: 1.2, **kwargs)
         # @param [Integer] port
         #   The port to connect to.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -257,7 +257,7 @@ def self.connect(host,port, version: 1.2, **kwargs, &block)
         # @param [Integer] port
         #   The port to connect to.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -319,7 +319,7 @@ def self.connect_and_send(data,host,port, version: 1.2, **kwargs, &block)
         # @param [Integer] port
         #   The port to connect to.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -380,7 +380,7 @@ def self.get_cert(host,port, version: 1.2, **kwargs)
         # @param [Integer] port
         #   The port to connect to.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -453,7 +453,7 @@ def self.banner(host,port, version: 1.2, **kwargs, &block)
         # @param [Integer] port
         #   The port to connect to.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -514,7 +514,7 @@ def self.send(data,host,port, version: 1.2, **kwargs)
         # @param [TCPSocket] socket
         #   The existing TCP socket.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -543,7 +543,7 @@ def self.server_socket(socket, version: 1.2, **kwargs)
         #
         # Creates a new TLS server listening on a given host and port.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -602,7 +602,7 @@ def self.server(version: 1.2, **kwargs, &block)
         #
         # Creates a new temporary TLS server listening on a given host and port.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -663,7 +663,7 @@ def self.server_session(version: 1.2, **kwargs, &block)
         # Creates a new SSL socket listening on a given host and port,
         # accepting clients in a loop.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs
@@ -732,7 +732,7 @@ def self.server_loop(version: 1.2, **kwargs, &block)
         # Creates a new SSL socket listening on a given host and port,
         # accepts only one client and then stops listening.
         #
-        # @param [1, 1.1, 1.2, String, Symbol, nil] version
+        # @param [1, 1.1, 1.2, Symbol, nil] version
         #   The TLS version to use.
         #
         # @param [Hash{Symbol => Object}] kwargs

lib/ronin/support/network/tls/mixin.rb

@@ -32,7 +32,7 @@ module Mixin
           #
           # Creates a new TLS Context.
           #
-          # @param [1, 1.1, 1.2, String, Symbol, nil] version
+          # @param [1, 1.1, 1.2, Symbol, nil] version
           #   The TLS version to use.
           #
           # @param [Hash{Symbol => Object}] kwargs

spec/network/ssl/mixin_spec.rb

@@ -49,56 +49,81 @@
         let(:context) { double(OpenSSL::SSL::SSLContext) }
 
         context "and it's 1" do
-          it "must call OpenSSL::SSL::SSLContext#ssl_version= with :TLSv1" do
+          it "must call OpenSSL::SSL::SSLContext#min_version= and #max_version= with OpenSSL::SSL::TLS1_VERSION" do
             expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
-            expect(context).to receive(:ssl_version=).with(:TLSv1)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+            expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_VERSION)
             allow(context).to receive(:verify_mode=).with(0)
 
             subject.ssl_context(version: 1)
           end
         end
 
         context "and it's 1.1" do
-          it "must call OpenSSL::SSL::SSLContext#ssl_version= with :TLSv1_1" do
+          it "must call OpenSSL::SSL::SSLContext#min_version= and #max_version= with OpenSSL::SSL::TLS1_1_VERSION" do
             expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
-            expect(context).to receive(:ssl_version=).with(:TLSv1_1)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_1_VERSION)
+            expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_1_VERSION)
             allow(context).to receive(:verify_mode=).with(0)
 
             subject.ssl_context(version: 1.1)
           end
         end
 
         context "and it's 1_2" do
-          it "must call OpenSSL::SSL::SSLContext#ssl_version= with :TLSv1_2" do
+          it "must call OpenSSL::SSL::SSLContext#min_version= and #max_version= with OpenSSL::SSL::TLS1_2_VERSION" do
             expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
-            expect(context).to receive(:ssl_version=).with(:TLSv1_2)
+            expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
+            expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
             allow(context).to receive(:verify_mode=).with(0)
 
             subject.ssl_context(version: 1.2)
           end
         end
 
         context "and it's a Symbol" do
-          let(:symbol) { :TLSv1 }
+          let(:symbol) { :TLS1 }
 
-          it "must call OpenSSL::SSL::SSLContext#ssl_version= with the Symbol" do
+          it "must call OpenSSL::SSL::SSLContext#min_version= and #max_version= with the Symbol" do
             expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
-            expect(context).to receive(:ssl_version=).with(symbol)
+            expect(context).to receive(:min_version=).with(symbol)
+            expect(context).to receive(:max_version=).with(symbol)
             allow(context).to receive(:verify_mode=).with(0)
 
             subject.ssl_context(version: symbol)
           end
-        end
 
-        context "and it's a String" do
-          let(:string) { "SSLv23" }
+          context "but it's :TLSv1" do
+            it "must call OpenSSL::SSL::SSLContext#min_version= and #max_version= with OpenSSL::SSL::TLS1_VERSION" do
+              expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+              expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_VERSION)
+              expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_VERSION)
+              allow(context).to receive(:verify_mode=).with(0)
 
-          it "must call OpenSSL::SSL::SSLContext#ssl_version= with the String" do
-            expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
-            expect(context).to receive(:ssl_version=).with(string)
-            allow(context).to receive(:verify_mode=).with(0)
+              subject.ssl_context(version: :TLSv1)
+            end
+          end
+
+          context "but it's :TLSv1_1" do
+            it "must call OpenSSL::SSL::SSLContext#min_version= and #max_version= with OpenSSL::SSL::TLS1_1_VERSION" do
+              expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+              expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_1_VERSION)
+              expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_1_VERSION)
+              allow(context).to receive(:verify_mode=).with(0)
 
-            subject.ssl_context(version: string)
+              subject.ssl_context(version: :TLSv1_1)
+            end
+          end
+
+          context "but it's :TLSv1_2" do
+            it "must call OpenSSL::SSL::SSLContext#min_version= and #max_version= with OpenSSL::SSL::TLS1_2_VERSION" do
+              expect(OpenSSL::SSL::SSLContext).to receive(:new).and_return(context)
+              expect(context).to receive(:min_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
+              expect(context).to receive(:max_version=).with(OpenSSL::SSL::TLS1_2_VERSION)
+              allow(context).to receive(:verify_mode=).with(0)
+
+              subject.ssl_context(version: :TLSv1_2)
+            end
           end
         end
       end