Net::HTTP.ssl_context_accessor(:tmp_dh_callback)
http = Net::HTTP.new('www.example.com', 443)
http.tmp_dh_callback = proc {
OpenSSL::PKey::DH.new(IO.read('dhparams')) }
http.use_ssl = true
There are a few options for how you create the Diffie-Hellman params. The code above assumes you've got a file with pre-generated params (this is perfectly acceptable from a security standpoint). You can create the file with the "openssl dhparam" command, or a little Ruby script. You could also generate the DH params on the fly, although this can be quite slow:
Net::HTTP.ssl_context_accessor(:tmp_dh_callback)
http = Net::HTTP.new('www.example.com', 443)
http.tmp_dh_callback = proc { OpenSSL::PKey::DH.new(2048) }
http.use_ssl = true
Or if you just want the warning to go away and aren't concerned about the security implications you can just use as empty proc as zenspider did. I've tried to look at the Ruby OpenSSL library source and figure out what happens when the proc doesn't return anything but the code is a bit too obtuse for me to figure out.
Net::HTTP.ssl_context_accessor(:tmp_dh_callback)
http = Net::HTTP.new('www.example.com', 443)
http.tmp_dh_callback = proc {}
http.use_ssl = true
2 comments:
Hello Jason, this is Jae.
I stumbled upon this blog post while trying to resolve an error involving
Net::HTTP.ssl_context_accessor.
It occurs when I use nVentory client with Ruby 1.9.3 as ssl_context_accessor is not defined in v1.9.3
Does Ruby still generate the warning? I did some tests with a dhparams file but couldn't get the warning in v1.8.7 nor v1.9.3.
I can't reproduce the warning with ruby-1.8.7-p357 or ruby-1.9.3-p194, so this workaround is probably no longer necessary and could be removed from nventory.
Post a Comment