tag name | v1.12.2 (d5f8330c27479f81e74fcea5b13b148d88bd0d03) |
tag date | 2016-03-01 01:55:38 +0000 |
tagged by | Eric Wong <e@80x24.org> |
tagged object | commit 21f2bb507b... |
download | yahns-1.12.2.tar.gz |
---|
yahns 1.12.2 - minor doc and TLS fixes
This release ensures OpenSSL::SSL::SSLContext#session_id_context is always set for OpenSSL users. It won't overwrite existing settings, but setting it to a random value is necessary to ensure clients do not get aborted connections when attempting to use a session cache. No need to actually upgrade if you're on 1.12.1, you may add the following to your yahns_config(5) file where OpenSSL::SSL::SSLContext is configured: # recommended, not required. This sets safer defaults # provided by Ruby on top of what OpenSSL gives: ssl_ctx.set_params # required, and done by default in v1.12.2: ssl_ctx.session_id_context ||= OpenSSL::Random.random_bytes(32) yahns gives you full control of of how OpenSSL::SSL::SSLContext is configured. To avoid bugs, yahns only ensures OpenSSL::SSL::SSLContext#session_id_context is set (if not previously set by the user) and calls OpenSSL::SSL::SSLContext#setup before spawning threads to avoid race conditions. yahns itself does not and will not enforce any opinion on the compatibility/performance/security trade-offs regarding TLS configuration. Note: keep in mind using an SSL session cache may be less useful with yahns because HTTP/1.1 persistent connections may live forever :) 3 bug/doc fixes on top of v1.12.1: document OpenSSL::SSL::SSLContext#set_params use ssl: ensure is session_id_context is always set test/*: fix mktmpdir usage for 1.9.3