Merge pull request #287 from OpenVoxProject/remove-sslv3-monkey-patch

bastelfreak · web-flow · commit 9336df16a116 · 2025-12-23T09:41:28.000+01:00
Do not explicitly disable SSLv3
diff --git a/lib/puppet/util/monkey_patches.rb b/lib/puppet/util/monkey_patches.rb
@@ -52,12 +52,6 @@ def self.exists?(file_name)
 require_relative '../../puppet/ssl/openssl_loader'
 unless Puppet::Util::Platform.jruby_fips?
   class OpenSSL::SSL::SSLContext
-    if DEFAULT_PARAMS[:options]
-      DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_NO_SSLv3
-    else
-      DEFAULT_PARAMS[:options] = OpenSSL::SSL::OP_NO_SSLv3
-    end
-
     alias __original_initialize initialize
     private :__original_initialize
 
diff --git a/spec/unit/util/monkey_patches_spec.rb b/spec/unit/util/monkey_patches_spec.rb
@@ -71,17 +71,6 @@
 end
 
 describe OpenSSL::SSL::SSLContext do
-  it 'disables SSLv3 via the SSLContext#options bitmask' do
-    expect(subject.options & OpenSSL::SSL::OP_NO_SSLv3).to eq(OpenSSL::SSL::OP_NO_SSLv3)
-  end
-
-  it 'does not exclude SSLv3 ciphers shared with TLSv1' do
-    cipher_str = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:ciphers]
-    if cipher_str
-      expect(cipher_str.split(':')).not_to include('!SSLv3')
-    end
-  end
-
   it 'sets parameters on initialization' do
     expect_any_instance_of(described_class).to receive(:set_params)
     subject
