How can I force Rails to only use TLS over SSL?
Question
We are being forced to only use TLS instead of SSL when sending a request to a server, but we don't know how to make sure that the request is being sent using TLS, and if it's not, we're not sure how to force Rails to do it.
Here is how we are sending the request:
uri = URI.parse("https://someurl.com")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(uri.path)
request.body = body
http.request(request)
1 answers
solution1
1 2015-04-15 09:21:10
尝试添加
http.ssl_options = OpenSSL::SSL::OP_NO_SSLv2 + OpenSSL::SSL::OP_NO_SSLv3 + OpenSSL::SSL::OP_NO_COMPRESSION
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
In Rails 3 and ActionMailer, is it possible to send email using TLS over SSL (Not StartTLS)?
Rails + Devise how not to force SSL?
How can I force Rails cache to not escape?
Ruby on Rails Thin and force_ssl, empty response over HTTP
How can I configure puma to only allow strong TLS ciphers?
How do I set the SSL protocol needed for ActionMailer to use a TLS connection?
How can I use TinyMCE components with SSL?
How to use force_ssl with grape?
How to use force_ssl with a 302
How to force a secure cookie over HTTP with Rails
Related Tags