@@ -1419,6 +1419,56 @@ def test_minmax_version_system_default
14191419 }
14201420 end
14211421
1422+ def test_respect_system_default_min
1423+ omit "LibreSSL does not support OPENSSL_CONF" if libressl?
1424+
1425+ Tempfile . create ( "openssl.cnf" ) { |f |
1426+ f . puts ( <<~EOF )
1427+ openssl_conf = default_conf
1428+ [default_conf]
1429+ ssl_conf = ssl_sect
1430+ [ssl_sect]
1431+ system_default = ssl_default_sect
1432+ [ssl_default_sect]
1433+ MinProtocol = TLSv1.3
1434+ EOF
1435+ f . close
1436+
1437+ ctx_proc = proc { |ctx |
1438+ ctx . min_version = ctx . max_version = OpenSSL ::SSL ::TLS1_2_VERSION
1439+ }
1440+ start_server ( ctx_proc : ctx_proc , ignore_listener_error : true ) do |port |
1441+ assert_separately ( [ { "OPENSSL_CONF" => f . path } , "-ropenssl" , "-" , port . to_s ] , <<~"end;" )
1442+ sock = TCPSocket.new("127.0.0.1", ARGV[0].to_i)
1443+ ctx = OpenSSL::SSL::SSLContext.new
1444+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
1445+ ssl.sync_close = true
1446+ assert_raise_with_message(OpenSSL::SSL::SSLError,
1447+ /tlsv1 alert protocol version/) do
1448+ ssl.connect
1449+ end
1450+ ssl.close
1451+ end;
1452+ end
1453+
1454+ ctx_proc = proc { |ctx |
1455+ ctx . min_version = ctx . max_version = OpenSSL ::SSL ::TLS1_3_VERSION
1456+ }
1457+ start_server ( ctx_proc : ctx_proc , ignore_listener_error : true ) do |port |
1458+ assert_separately ( [ { "OPENSSL_CONF" => f . path } , "-ropenssl" , "-" , port . to_s ] , <<~"end;" )
1459+ sock = TCPSocket.new("127.0.0.1", ARGV[0].to_i)
1460+ ctx = OpenSSL::SSL::SSLContext.new
1461+ ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
1462+ ssl.sync_close = true
1463+ ssl.connect
1464+ assert_equal("TLSv1.3", ssl.ssl_version)
1465+ ssl.puts("abc"); assert_equal("abc\n ", ssl.gets)
1466+ ssl.close
1467+ end;
1468+ end
1469+ }
1470+ end
1471+
14221472 def test_options_disable_versions
14231473 # It's recommended to use SSLContext#{min,max}_version= instead in real
14241474 # applications. The purpose of this test case is to check that SSL options
0 commit comments