[rubygems/rubygems] Warn if TLS 1.2 is not supported

https://github.com/rubygems/rubygems/commit/e4f70a3e4f
author: Edouard CHIN <[email protected]> 2025-04-10 00:31:55 +0200
committer: Hiroshi SHIBATA <[email protected]> 2025-04-22 11:27:24 +0900
commit: 56c1a15eb70eaed2acf84cb449f19a9745dcfe44 (patch)
tree: 190778dd590cdd89d10dca9841611cbfa0218703 /lib/bundler/cli/doctor/ssl.rb
parent: ff2e0e41730f21b29660254d29cf5bb3ceffdbd4 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/lib/bundler/cli/doctor/ssl.rb b/lib/bundler/cli/doctor/ssl.rb
index 7d81e516c3..21fc4edf2d 100644
--- a/lib/bundler/cli/doctor/ssl.rb
+++ b/lib/bundler/cli/doctor/ssl.rb
@@ -105,6 +105,7 @@ module Bundler
       end.start
 
       Bundler.ui.info("Ruby net/http: success")
+      warn_on_unsupported_tls12
 
       true
     rescue StandardError => error
@@ -119,6 +120,28 @@ module Bundler
       false
     end
 
+    def warn_on_unsupported_tls12
+      ctx = OpenSSL::SSL::SSLContext.new
+      supported = true
+
+      if ctx.respond_to?(:min_version=)
+        begin
+          ctx.min_version = ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+        rescue OpenSSL::SSL::SSLError, NameError
+          supported = false
+        end
+      else
+        supported = OpenSSL::SSL::SSLContext::METHODS.include?(:TLSv1_2) # rubocop:disable Naming/VariableNumber
+      end
+
+      Bundler.ui.warn(<<~EOM) unless supported
+
+        WARNING: Although your Ruby can connect to #{host} today, your OpenSSL is very old!
+        WARNING: You will need to upgrade OpenSSL to use #{host}.
+
+      EOM
+    end
+
     module Explanation
       extend self
author	Edouard CHIN <[email protected]>	2025-04-10 00:31:55 +0200
committer	Hiroshi SHIBATA <[email protected]>	2025-04-22 11:27:24 +0900
commit	56c1a15eb70eaed2acf84cb449f19a9745dcfe44 (patch)
tree	190778dd590cdd89d10dca9841611cbfa0218703 /lib/bundler/cli/doctor/ssl.rb
parent	ff2e0e41730f21b29660254d29cf5bb3ceffdbd4 (diff)