Did you receive an email indicating that a critical service is deprecating support for TLSv1.0 or TLSv1.1? Even worse, is your app running ruby 1.9?
All hope is not lost! Let’s get you on TLSv1.2!
Ruby 1.9.0 was first released on Christmas of 2007. Support for the 1.9 branch ended on February 23, 2015. It had a good run.
The 1.9 branch supported SSLv2, SSLv2.3, SSLv3 and TLSv1. Perfectly acceptable for the time. But 1.9 apps still exist, and the world of services around them are changing for PCI compliance and other valid security concerns.
Is your OpenSSL version, adequate?
If the system is running an OpenSSL version >=
1.0.1 there is no immediate need to upgrade. Skip to the ruby section
If the system is running an OpenSSL version <
1.0.1 then you need to upgrade OpenSSL to support TLSv1.2
You now know that you must upgrade OpenSSL. I take zero responsibility for knowing your environment, so please investigate your appropriate procedures. Here are a few options for popular systems:
I currently enjoy using rbenv to manage my local and server ruby installations. Check to ensure that your version of rbenv can install your desired ruby version
Are you ready for the big show?! The following assumes that we’re attempting to build ruby version 1.9.2-p180.
For our ruby test we will use HTTParty. It’s tried and true. If it’s available try the following in a ruby REPL of your choice
Let’s be honest, running ruby 1.9 is risky. It is in your best interest to upgrade as soon as possible. But legacy apps exist in the wild. I hope that all critical applications eventually receive the attention and upgrades they deserve – but only do so after adequately planning the procedure. There’s no need to rush through an upgrade for the TLS support.