Ruby 1.8.7 and TLS 1.2 - ActiveMerchant 1.38.1

[Antonio Llanos]

We have a really, really old Ruby App that uses Ruby 1.8.7 and ActiveMerchant 1.38.1

We need to have TLS1.2 support, is there a way to do this without massive updates?

Thanks,

Antonio

[Hassan Schroeder]

On Fri, Mar 2, 2018 at 9:55 AM, Antonio Llanos <antonio...@gmail.com> wrote:
> We have a really, really old Ruby App that uses Ruby 1.8.7 and
> ActiveMerchant 1.38.1

Wow.

> We need to have TLS1.2 support, is there a way to do this without massive
> updates?

Assuming this is a web application (Rails?) -- what is currently doing
the actual web serving? (Apache httpd, nginx, __)

A little more info about your platform/config would help...

--
Hassan Schroeder ------------------------ hassan.s...@gmail.com
twitter: @hassan
Consulting Availability : Silicon Valley or remote

[Michael Noack]

You'lld need to check the net/http library - That's what is either going to save you or force you to upgrade.

My gut feeling though is it wouldn't AND EVEN IF IT DID, next time there's something (e.g. TLS 1.3, or some other security issue) you're going to have to upgrade eventually.

We've had this problem in the past, but we started putting tests in place, so that now when we upgrade, if the test suite passes we have extremely high confidence that our system will work.

And it's why we're on Rails 5 on a large-app and don't have to worry about ruby and rails not getting security updates, etc.

[Josh Goebel]

It shouldn't be hard to setup a reverse proxy with something like nginx - if you have the ability to change the URL your application connects to.  So then you just connect to the reverse proxy instead (via SSL or even HTTP if it's all local traffic) and then let nginx talk TLS 1.2 for you to the actual backend.