Failure to connect with TLS v1.3

[ezeaguerre]

Hi! I have set up a server with only TLSv1.3 support and I can't connect with the Ruby client.

The problem is that in the following line the TLS version is hardcoded as 1.2

vault-ruby/lib/vault/client.rb

Line 117 in 714a305

@nhp.ssl_version = "TLSv1_2"

The Ruby OpenSSL maintainers say this shouldn't be used, instead we should just set a minimum version using the min_version method.

If I change connection.ssl_version to connection.min_version:

vault-ruby/lib/vault/persistent.rb

Line 1047 in 714a305

connection.ssl_version = @ssl_version if @ssl_version

and "TLSv1_2" to :TLS1_2 here:

vault-ruby/lib/vault/client.rb

Line 117 in 714a305

@nhp.ssl_version = "TLSv1_2"

the problem gets fixed and I can connect to the server :-)

Of course, you'll probably want to change ssl_version to min_ssl_version or something like that to reflect the actual semantics of the constraint. Or, if you really want to constraint to a specific SSL version then you should set both, min_version and max_version, and I guess it would be a good idea to let the user of the library choose the constraint.

[santhosh1329]

i have changed these two configuration but still im getting rubies/ruby-2.6.6/lib/ruby/2.6.0/net/protocol.rb:44:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: wrong version number (OpenSSL::SSL::SSLError) this error could you please help me out :)