OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
But I had no luck with that.
That does not appear to make any sense. It appears you are assigning VERIFY_NONE to VERIFY_PEER. Those are OpenSSL constants, not variables. So you can't do that.
Those are OpenSSL context options. According to the Ruby docs, you need to set them with verify_mode:
verify_mode
Session verification mode.
Valid modes are VERIFY_NONE, VERIFY_PEER, VERIFY_CLIENT_ONCE, VERIFY_FAIL_IF_NO_PEER_CERT and defined on OpenSSL::SSL
It is mentioned in one of the responses that you may be able change the program to send a different client hello. Is it possible to do this in a ruby script?
There are two types of ClientHellos. One is the old SSL ClientHello, and the other is a TLS ClientHello. Because the original SSL specification did not have versioning info, it was hard to tell which was being sent. As I understand it, a particular byte is examined to tell which is used. Some clients and servers still don't handle it well.
As far as I know, Ruby has a few options for the OpenSSL method. From the Ruby docs:
new => ctx
new(:TLSv1) => ctx
new("SSLv23_client") => ctx
You want to send a ClientHello which corresponds to OpenSSL's SSLv23_method. This affords most compatibility. However, it enables SSLv2 protocol and above (SSLv2, SSLv3, TLS1.0, TLS1.1, and TLS1.2)
To remove the broken, weak and wounded protocols (like SSLv2 and SSLv3), you have to set some context options. Unfortunately, Ruby does not appear to offer OpenSSL::SSL::SSL_OP_NO_SSLv2 and other context options (or I could not find them). See How to set TLS context options in Ruby (like OpenSSL::SSL::SSL_OP_NO_SSLv2).
So I think you are stuck at the moment.
