squished.md

JRuby SSL Hit List

Lookout looking at currently:

• #1331 - 'bad_record_mac' when uploading things through SSL under particular conditions
• Might be related to #1080 - Bundling gems constantly fails

Of interest/at large

• #1737 - JRuby does not support all SSL/TLS versions supported by Java (aka #1874)
• #1738 - JRuby does not support SSL ciphers offered by newer Java releases (7 and 8)
• No reproduction case, but Lookout has seen performance issues with encrypting, decrypting and signing of AES-256 payloads which do not yet have a issue and repro case
• #2195 - OpenSSL::SSL::SSLSocket + IO::select hangs sometimes
• #2194 - OpenSSL ciphers with Mozilla's "Modern" set are... limited

• jruby/jruby#2195 - IO::select on SSLSocket is :(
• Probably related to #1738 - jruby/jruby#2194 - Mozilla's "Modern" cipher set under JRuby is really small.
• jruby/jruby#1874 is a dup of #1737

Related to #2195, but I can't find it, is that nonblocking IO on SSLSocket is a general recipe for having a bad time under JRuby.

I think we could probably crunch through #1737 and #1738 in a few hours together, and this would solve a bunch good things.

Solving #1331 is less critical for me these days now that I tell bundler to retry like 30 times, but it would be lovely to fix.

In truth, my best hope is to abandon the OpenSSL API in Ruby, but I doubt that will ever happen. The krypt project seems abandoned. :(