From 14959a98e75285aa525297c0e6a45eeb54dfb3b4 Mon Sep 17 00:00:00 2001
From: Erwan Miran <emiran.ext@orange.com>
Date: Fri, 2 Feb 2024 16:23:11 +0100
Subject: [PATCH 1/3] Ability to use ssl_min_version and/or ssl_max_version
 instead of ssl_method

---
 lib/remote_syslog_sender/tcp_sender.rb | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/remote_syslog_sender/tcp_sender.rb b/lib/remote_syslog_sender/tcp_sender.rb
index fb1a258..6e808a5 100644
--- a/lib/remote_syslog_sender/tcp_sender.rb
+++ b/lib/remote_syslog_sender/tcp_sender.rb
@@ -14,6 +14,8 @@ def initialize(remote_hostname, remote_port, options = {})
       @remote_hostname = remote_hostname
       @remote_port     = remote_port
       @ssl_method      = options[:ssl_method] || 'TLSv1_2'
+      @ssl_min_version = options[:ssl_min_version]
+      @ssl_max_version = options[:ssl_max_version]
       @ca_file         = options[:ca_file]
       @verify_mode     = options[:verify_mode]
       @timeout         = options[:timeout] || 600
@@ -63,7 +65,13 @@ def connect
           end
           if @tls
             require 'openssl'
-            context = OpenSSL::SSL::SSLContext.new(@ssl_method)
+            context = OpenSSL::SSL::SSLContext.new()
+            if @ssl_min_version || @ssl_max_version
+              context.min_version = @ssl_min_version
+              context.max_version = @ssl_max_version
+            else
+              context.ssl_version = @ssl_method
+            end
             context.ca_file = @ca_file if @ca_file
             context.verify_mode = @verify_mode if @verify_mode
 

From d2ea3b96355285c37fa89f8dce962bdce389a2ef Mon Sep 17 00:00:00 2001
From: Erwan Miran <emiran.ext@orange.com>
Date: Mon, 5 Feb 2024 14:46:29 +0100
Subject: [PATCH 2/3] both min and max + ruby 2.4

---
 lib/remote_syslog_sender/tcp_sender.rb | 36 +++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/lib/remote_syslog_sender/tcp_sender.rb b/lib/remote_syslog_sender/tcp_sender.rb
index 6e808a5..9cb72a4 100644
--- a/lib/remote_syslog_sender/tcp_sender.rb
+++ b/lib/remote_syslog_sender/tcp_sender.rb
@@ -65,12 +65,40 @@ def connect
           end
           if @tls
             require 'openssl'
+
+            min_max_available = true
+            tls_versions_map = {}
+            begin
+              tls_versions_map = {
+                TLSv1: OpenSSL::SSL::TLS1_VERSION,
+                TLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,
+                TLSv1_2: OpenSSL::SSL::TLS1_2_VERSION
+              }
+              tls_versions_map[:'TLSv1_3'] = OpenSSL::SSL::TLS1_3_VERSION if defined?(OpenSSL::SSL::TLS1_3_VERSION)
+            rescue NameError
+              # ruby 2.4 doesn't have OpenSSL::SSL::TLSXXX constants and min_version=/max_version= methods
+              tls_versions_map = {
+                TLSv1: :'TLSv1',
+                TLSv1_1: :'TLSv1_1',
+                TLSv1_2: :'TLSv1_2',
+              }
+              min_max_available = false
+            end
+
             context = OpenSSL::SSL::SSLContext.new()
-            if @ssl_min_version || @ssl_max_version
-              context.min_version = @ssl_min_version
-              context.max_version = @ssl_max_version
+            if min_max_available
+              case
+                when @ssl_min_version && @ssl_max_version
+                  context.min_version = @ssl_min_version
+                  context.max_version = @ssl_max_version
+                when (!@ssl_min_version && @ssl_max_version) || (@ssl_min_version && !@ssl_max_version)
+                  raise "Both :ssl_min_version and :ssl_max_version must be set if one is"
+              else
+                context.min_version = tls_versions_map[@ssl_min_version] || @ssl_min_version
+                context.max_version = tls_versions_map[@ssl_max_version] || @ssl_max_version
+              end
             else
-              context.ssl_version = @ssl_method
+              context.ssl_version = METHODS_MAP[@ssl_method] || @ssl_method
             end
             context.ca_file = @ca_file if @ca_file
             context.verify_mode = @verify_mode if @verify_mode

From 017a4a6c9930255087892c493b1422e360fdb28a Mon Sep 17 00:00:00 2001
From: Erwan Miran <emiran.ext@orange.com>
Date: Mon, 5 Feb 2024 14:51:09 +0100
Subject: [PATCH 3/3] current behviour

---
 lib/remote_syslog_sender/tcp_sender.rb | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/remote_syslog_sender/tcp_sender.rb b/lib/remote_syslog_sender/tcp_sender.rb
index 9cb72a4..ece0316 100644
--- a/lib/remote_syslog_sender/tcp_sender.rb
+++ b/lib/remote_syslog_sender/tcp_sender.rb
@@ -88,11 +88,14 @@ def connect
             context = OpenSSL::SSL::SSLContext.new()
             if min_max_available
               case
-                when @ssl_min_version && @ssl_max_version
-                  context.min_version = @ssl_min_version
-                  context.max_version = @ssl_max_version
-                when (!@ssl_min_version && @ssl_max_version) || (@ssl_min_version && !@ssl_max_version)
-                  raise "Both :ssl_min_version and :ssl_max_version must be set if one is"
+              when @ssl_min_version && @ssl_max_version
+                context.min_version = @ssl_min_version
+                context.max_version = @ssl_max_version
+              when (!@ssl_min_version && @ssl_max_version) || (@ssl_min_version && !@ssl_max_version)
+                raise "Both :ssl_min_version and :ssl_max_version must be set if one is"
+              when !@ssl_min_version && !@ssl_max_version
+                # Keep the current behaviour
+                context.ssl_version = METHODS_MAP[@ssl_method] || @ssl_method
               else
                 context.min_version = tls_versions_map[@ssl_min_version] || @ssl_min_version
                 context.max_version = tls_versions_map[@ssl_max_version] || @ssl_max_version