Merge pull request #710 from ekohl/dont-set-min_version-by-default

Only set min_version on OpenSSL < 1.1.0
ruby · Jan 17, 2024 · 559b8ed · 559b8ed
2 parents 8aa3849 + ae215a4
commit 559b8ed
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/openssl/ssl.rb b/lib/openssl/ssl.rb
@@ -22,7 +22,6 @@ module OpenSSL
   module SSL
     class SSLContext
       DEFAULT_PARAMS = { # :nodoc:
-        :min_version => OpenSSL::SSL::TLS1_VERSION,
         :verify_mode => OpenSSL::SSL::VERIFY_PEER,
         :verify_hostname => true,
         :options => -> {
@@ -55,6 +54,7 @@ class SSLContext
       if !(OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL") &&
            OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000)
         DEFAULT_PARAMS.merge!(
+          min_version: OpenSSL::SSL::TLS1_VERSION,
           ciphers: %w{
             ECDHE-ECDSA-AES128-GCM-SHA256
             ECDHE-RSA-AES128-GCM-SHA256