Issue #9640 has been updated by Tomoyuki Chikanaga. I thought before it cannot be backported because it seems to cause compatibility issues. But now I feel the necessity of rethink about it according to the change of circumstance (ex. POODLE). I think users can protect themselves via configuration or update OpenSSL itself, not the by ruby C extension library. Is it correct? I think r45274 changes only default settings, so users who need SSLv3 or old ciphers have some workarounds, for example via Net::HTTP#ssl_version= or Net::HTTP#ciphers=). Is it correct? ---------------------------------------- Backport #9640: Please backport SSL fixes to 2.1 https://bugs.ruby-lang.org/issues/9640#change-49519 * Author: Christian Hofstaedtler * Status: Open * Priority: Normal * Assignee: ---------------------------------------- Please backport the fixes for issue #9424 to 2.1. https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/45274/diff/ext/openssl/lib/openssl/ssl.rb -- https://bugs.ruby-lang.org/