Ruby 1.8.7 and TLS 1.2 - ActiveMerchant 1.38.1

462 views
Skip to first unread message

Antonio Llanos

unread,
Mar 2, 2018, 1:02:48 PM3/2/18
to Active Merchant
We have a really, really old Ruby App that uses Ruby 1.8.7 and ActiveMerchant 1.38.1

We need to have TLS1.2 support, is there a way to do this without massive updates?

Thanks,

Antonio

Hassan Schroeder

unread,
Mar 2, 2018, 1:58:34 PM3/2/18
to activem...@googlegroups.com
On Fri, Mar 2, 2018 at 9:55 AM, Antonio Llanos <antonio...@gmail.com> wrote:
> We have a really, really old Ruby App that uses Ruby 1.8.7 and
> ActiveMerchant 1.38.1

Wow.

> We need to have TLS1.2 support, is there a way to do this without massive
> updates?

Assuming this is a web application (Rails?) -- what is currently doing
the actual web serving? (Apache httpd, nginx, __)

A little more info about your platform/config would help...

--
Hassan Schroeder ------------------------ hassan.s...@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote

Michael Noack

unread,
Mar 2, 2018, 9:43:30 PM3/2/18
to Active Merchant
You'lld need to check the net/http library - That's what is either going to save you or force you to upgrade.

My gut feeling though is it wouldn't AND EVEN IF IT DID, next time there's something (e.g. TLS 1.3, or some other security issue) you're going to have to upgrade eventually.

We've had this problem in the past, but we started putting tests in place, so that now when we upgrade, if the test suite passes we have extremely high confidence that our system will work.

And it's why we're on Rails 5 on a large-app and don't have to worry about ruby and rails not getting security updates, etc.

Josh Goebel

unread,
Jun 1, 2018, 9:25:24 AM6/1/18
to Active Merchant
It shouldn't be hard to setup a reverse proxy with something like nginx - if you have the ability to change the URL your application connects to.  So then you just connect to the reverse proxy instead (via SSL or even HTTP if it's all local traffic) and then let nginx talk TLS 1.2 for you to the actual backend.  
Reply all
Reply to author
Forward
0 new messages