Merge pull request #752 from rwg-stripe/rwg/ssl-security-level.0

Add ssl_security_level support
excon · Jun 28, 2021 · a63db0f · a63db0f
2 parents b43cdd7 + 035260b
commit a63db0f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/lib/excon/constants.rb b/lib/excon/constants.rb
@@ -99,6 +99,7 @@ module Excon
     :ssl_version,
     :ssl_min_version,
     :ssl_max_version,
+    :ssl_security_level,
     :ssl_proxy_headers,
     :ssl_uri_schemes,
     :tcp_nodelay,

diff --git a/lib/excon/ssl_socket.rb b/lib/excon/ssl_socket.rb
@@ -12,6 +12,11 @@ def initialize(data = {})
       # create ssl context
       ssl_context = OpenSSL::SSL::SSLContext.new
 
+      # set the security level before setting other parameters affected by it
+      if @data[:ssl_security_level]
+        ssl_context.security_level = @data[:ssl_security_level]
+      end
+
       # disable less secure options, when supported
       ssl_context_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options]
       if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)