Merge pull request #214 from c960657/ssl-ciphers

olleolleolle · web-flow · commit d3b9843f55b0 · 2020-11-16T11:15:11.000+01:00
Implement HTTPI::Auth::SSL#ciphers configuration
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+### Unreleased
+* Feature: [#214](https://github.com/savonrb/httpi/pull/214) Add SSL ciphers configuration
+
 ### 2.4.5
 
 * Improvement: [#209](https://github.com/savonrb/httpi/pull/209) Drop Travis CI support for Ruby < 2.3.0 and jruby.
diff --git a/httpi.gemspec b/httpi.gemspec
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
 
   s.add_development_dependency 'rubyntlm', '~> 0.3.2'
   s.add_development_dependency 'rake',     '~> 10.0'
-  s.add_development_dependency 'rspec',    '~> 2.14'
+  s.add_development_dependency 'rspec',    '~> 3.5'
   s.add_development_dependency 'mocha',    '~> 0.13'
   s.add_development_dependency 'puma',     '~> 2.3.2'
   s.add_development_dependency 'webmock'
diff --git a/lib/httpi/adapter/curb.rb b/lib/httpi/adapter/curb.rb
@@ -116,6 +116,7 @@ def setup_ssl_auth
           @client.cert_key = ssl.cert_key_file
           @client.cert = ssl.cert_file
           @client.certpassword = ssl.cert_key_password
+          @client.set(:ssl_cipher_list, ssl.ciphers.join(':')) if ssl.ciphers
 
           @client.ssl_verify_peer = ssl.verify_mode == :peer
         end
diff --git a/lib/httpi/adapter/excon.rb b/lib/httpi/adapter/excon.rb
@@ -73,6 +73,7 @@ def client_opts
           opts[:ssl_verify_peer] = false
         end
 
+        opts[:ciphers] = ssl.ciphers if ssl.ciphers
         opts[:ssl_version] = ssl.ssl_version if ssl.ssl_version
         opts[:ssl_min_version] = ssl.min_version if ssl.min_version
         opts[:ssl_max_version] = ssl.max_version if ssl.max_version
diff --git a/lib/httpi/adapter/http.rb b/lib/httpi/adapter/http.rb
@@ -61,6 +61,7 @@ def create_client
           context.min_version = @request.auth.ssl.min_version if @request.auth.ssl.min_version != nil
           context.max_version = @request.auth.ssl.max_version if @request.auth.ssl.max_version != nil
           context.verify_mode = @request.auth.ssl.openssl_verify_mode
+          context.ciphers     = @request.auth.ssl.ciphers if @request.auth.ssl.ciphers
 
           client = ::HTTP::Client.new(:ssl_context => context)
         else
diff --git a/lib/httpi/adapter/httpclient.rb b/lib/httpi/adapter/httpclient.rb
@@ -73,6 +73,7 @@ def setup_ssl_auth
           # Send client-side certificate regardless of state of SSL verify mode
           @client.ssl_config.client_cert = ssl.cert
           @client.ssl_config.client_key = ssl.cert_key
+          @client.ssl_config.ciphers = ssl.ciphers if ssl.ciphers
 
           @client.ssl_config.verify_mode = ssl.openssl_verify_mode
         end
diff --git a/lib/httpi/adapter/net_http.rb b/lib/httpi/adapter/net_http.rb
@@ -177,6 +177,7 @@ def setup_ssl_auth
           # Send client-side certificate regardless of state of SSL verify mode
           @client.key = ssl.cert_key
           @client.cert = ssl.cert
+          @client.ciphers = ssl.ciphers if ssl.ciphers
 
           @client.verify_mode = ssl.openssl_verify_mode
         end
diff --git a/lib/httpi/auth/ssl.rb b/lib/httpi/auth/ssl.rb
@@ -25,7 +25,7 @@ class SSL
 
       # Returns whether SSL configuration is present.
       def present?
-        (verify_mode == :none) || (cert && cert_key) || ca_cert_file
+        (verify_mode == :none) || (cert && cert_key) || ca_cert_file || ciphers
       rescue TypeError, Errno::ENOENT
         false
       end
@@ -48,6 +48,24 @@ def present?
       # Certificate store holds trusted CA certificates used to verify peer certificates.
       attr_accessor :cert_store
 
+      # Accessor for the SSL ciphers list.
+      attr_reader :ciphers
+
+      # Sets the available symmetric algorithms for encryption and decryption.
+      # @see OpenSSL::SSL::SSLContext#ciphers
+      # @example
+      #   ssl.ciphers = "cipher1:cipher2:..."
+      #   ssl.ciphers = [name, ...]
+      #   ssl.ciphers = [[name, version, bits, alg_bits], ...]
+      def ciphers=(ciphers)
+        @ciphers =
+          if ciphers
+            context = OpenSSL::SSL::SSLContext.new
+            context.ciphers = ciphers
+            context.ciphers.map(&:first)
+          end
+      end
+
       # Returns the cert type to validate SSL certificates PEM|DER.
       def cert_type
         @cert_type ||= :pem
diff --git a/spec/httpi/adapter/curb_spec.rb b/spec/httpi/adapter/curb_spec.rb
@@ -250,6 +250,13 @@
           request
         end
 
+        it 'sets ssl_cipher_list' do
+          request.auth.ssl.ciphers = ["AES128"]
+          curb.expects(:set).with(any_parameters).at_least(1)
+          curb.expects(:set).with(:ssl_cipher_list, anything)
+          adapter.request(:get)
+        end
+
         context 'sets ssl_version' do
           it 'defaults to nil when no ssl_version is specified' do
             curb.expects(:ssl_version=).with(nil)
diff --git a/spec/httpi/adapter/em_http_spec.rb b/spec/httpi/adapter/em_http_spec.rb
@@ -150,7 +150,7 @@
 
         it "raises an error for HTTP digest auth" do
           request.auth.digest "username", "password"
-          expect { adapter.request(:get) }.to raise_error
+          expect { adapter.request(:get) }.to raise_error HTTPI::NotSupportedError
         end
       end
 
diff --git a/spec/httpi/adapter/httpclient_spec.rb b/spec/httpi/adapter/httpclient_spec.rb
@@ -141,6 +141,13 @@
 
         adapter.request(:get)
       end
+
+      it 'should set the ciphers if specified' do
+        request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers
+        ssl_config.expects(:ciphers=).with(request.auth.ssl.ciphers)
+
+        adapter.request(:get)
+      end
     end
 
     context "(for SSL client auth)" do
diff --git a/spec/httpi/auth/ssl_spec.rb b/spec/httpi/auth/ssl_spec.rb
@@ -189,6 +189,23 @@
     end
   end
 
+  describe '#ciphers' do
+    subject { ssl.ciphers }
+    let(:ssl) { HTTPI::Auth::SSL.new }
+
+    context 'without ciphers' do
+      before { ssl.ciphers = nil }
+
+      it { is_expected.to eq(nil) }
+    end
+
+    context 'with ciphers' do
+      before { ssl.ciphers = OpenSSL::Cipher.ciphers }
+
+      it { is_expected.to be_any.and(all(be_an_instance_of(String))) }
+    end
+  end
+
   def ssl
     ssl = HTTPI::Auth::SSL.new
     ssl.cert_key_file = "spec/fixtures/client_key.pem"
diff --git a/spec/integration/curb_spec.rb b/spec/integration/curb_spec.rb
@@ -123,6 +123,15 @@
         response = HTTPI.get(request, adapter)
         expect(response.body).to eq("get")
       end
+
+      it "works with ciphers" do
+        request = HTTPI::Request.new(@server.url)
+        request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file
+        request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers
+
+        response = HTTPI.get(request, adapter)
+        expect(response.body).to eq("get")
+      end
     end
 
   end
diff --git a/spec/integration/excon_spec.rb b/spec/integration/excon_spec.rb
@@ -1,7 +1,7 @@
 require "spec_helper"
 require "integration/support/server"
 
-describe HTTPI::Adapter::HTTPClient do
+describe HTTPI::Adapter::Excon do
 
   subject(:adapter) { :excon }
 
@@ -159,6 +159,15 @@
         response = HTTPI.get(request, adapter)
         expect(response.body).to eq("get")
       end
+
+      it "works with ciphers" do
+        request = HTTPI::Request.new(@server.url)
+        request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file
+        request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers
+
+        response = HTTPI.get(request, adapter)
+        expect(response.body).to eq("get")
+      end
     end
   end
 
diff --git a/spec/integration/fixtures/ca_all.pem b/spec/integration/fixtures/ca_all.pem
@@ -1,44 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIID0DCCArigAwIBAgIBADANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
-MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
-DTA0MDEzMDAwNDIzMloXDTM2MDEyMjAwNDIzMlowPDELMAkGA1UEBgwCSlAxEjAQ
-BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQswCQYDVQQDDAJDQTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbv0x42BTKFEQOE+KJ2XmiSdZpR
-wjzQLAkPLRnLB98tlzs4xo+y4RyY/rd5TT9UzBJTIhP8CJi5GbS1oXEerQXB3P0d
-L5oSSMwGGyuIzgZe5+vZ1kgzQxMEKMMKlzA73rbMd4Jx3u5+jdbP0EDrPYfXSvLY
-bS04n2aX7zrN3x5KdDrNBfwBio2/qeaaj4+9OxnwRvYP3WOvqdW0h329eMfHw0pi
-JI0drIVdsEqClUV4pebT/F+CPUPkEh/weySgo9wANockkYu5ujw2GbLFcO5LXxxm
-dEfcVr3r6t6zOA4bJwL0W/e6LBcrwiG/qPDFErhwtgTLYf6Er67SzLyA66UCAwEA
-AaOB3DCB2TAPBgNVHRMBAf8EBTADAQH/MDEGCWCGSAGG+EIBDQQkFiJSdWJ5L09w
-ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRJ7Xd380KzBV7f
-USKIQ+O/vKbhDzAOBgNVHQ8BAf8EBAMCAQYwZAYDVR0jBF0wW4AUSe13d/NCswVe
-31EiiEPjv7ym4Q+hQKQ+MDwxCzAJBgNVBAYMAkpQMRIwEAYDVQQKDAlKSU4uR1Iu
-SlAxDDAKBgNVBAsMA1JSUjELMAkGA1UEAwwCQ0GCAQAwDQYJKoZIhvcNAQEFBQAD
-ggEBAIu/mfiez5XN5tn2jScgShPgHEFJBR0BTJBZF6xCk0jyqNx/g9HMj2ELCuK+
-r/Y7KFW5c5M3AQ+xWW0ZSc4kvzyTcV7yTVIwj2jZ9ddYMN3nupZFgBK1GB4Y05GY
-MJJFRkSu6d/Ph5ypzBVw2YMT/nsOo5VwMUGLgS7YVjU+u/HNWz80J3oO17mNZllj
-PvORJcnjwlroDnS58KoJ7GDgejv3ESWADvX1OHLE4cRkiQGeLoEU4pxdCxXRqX0U
-PbwIkZN9mXVcrmPHq8MWi4eC/V7hnbZETMHuWhUoiNdOEfsAXr3iP4KjyyRdwc7a
-d/xgcK06UVQRL/HbEYGiQL056mc=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIDaDCCAlCgAwIBAgIBATANBgkqhkiG9w0BAQUFADA8MQswCQYDVQQGDAJKUDES
-MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxCzAJBgNVBAMMAkNBMB4X
-DTA0MDEzMDAwNDMyN1oXDTM1MDEyMjAwNDMyN1owPzELMAkGA1UEBgwCSlAxEjAQ
-BgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMQ4wDAYDVQQDDAVTdWJDQTCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0Ou7AyRcRXnB/kVHv/6kwe
-ANzgg/DyJfsAUqW90m7Lu1nqyug8gK0RBd77yU0w5HOAMHTVSdpjZK0g2sgx4Mb1
-d/213eL9TTl5MRVEChTvQr8q5DVG/8fxPPE7fMI8eOAzd98/NOAChk+80r4Sx7fC
-kGVEE1bKwY1MrUsUNjOY2d6t3M4HHV3HX1V8ShuKfsHxgCmLzdI8U+5CnQedFgkm
-3e+8tr8IX5RR1wA1Ifw9VadF7OdI/bGMzog/Q8XCLf+WPFjnK7Gcx6JFtzF6Gi4x
-4dp1Xl45JYiVvi9zQ132wu8A1pDHhiNgQviyzbP+UjcB/tsOpzBQF8abYzgEkWEC
-AwEAAaNyMHAwDwYDVR0TAQH/BAUwAwEB/zAxBglghkgBhvhCAQ0EJBYiUnVieS9P
-cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUlCjXWLsReYzH
-LzsxwVnCXmKoB/owCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCJ/OyN
-rT8Cq2Y+G2yA/L1EMRvvxwFBqxavqaqHl/6rwsIBFlB3zbqGA/0oec6MAVnYynq4
-c4AcHTjx3bQ/S4r2sNTZq0DH4SYbQzIobx/YW8PjQUJt8KQdKMcwwi7arHP7A/Ha
-LKu8eIC2nsUBnP4NhkYSGhbmpJK+PFD0FVtD0ZIRlY/wsnaZNjWWcnWF1/FNuQ4H
-ySjIblqVQkPuzebv3Ror6ZnVDukn96Mg7kP4u6zgxOeqlJGRe1M949SS9Vudjl8X
-SF4aZUUB9pQGhsqQJVqaz2OlhGOp9D0q54xko/rekjAIcuDjl1mdX4F2WRrzpUmZ
-uY/bPeOBYiVsOYVe
+MIIDDjCCAfagAwIBAgIBAzANBgkqhkiG9w0BAQsFADA4MRMwEQYKCZImiZPyLGQB
+GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwHhcNMjAw
+ODAxMDAwMDAwWhcNMjQwODAxMDAwMDAwWjA4MRMwEQYKCZImiZPyLGQBGRYDbmV0
+MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQDIHxrFcS2JkRQbXLFosb32unVkVuwHSPSt6Dpl
+2jUQHP/bceAx/d9waHYf8rlbCFAIoduZDOc7XCJUidgcG5NfLJyQpkkWOU8CGWH+
+Ipl4AE8auYCcy/0T7BQqaRC41HPmrJG1CC40rqcY47lUO2haI+vj5TZFHNhAbRat
+rR1iD1veis2gBZtrMzd4IlpvEHGv6ghfnSc20za4exmapjp/uAAIOXpeFX8QHumA
+bty4dd+iHpKjDzUrhG9Qa5v28ii2K1AcbczUQ7FzSp2/GoRSjF+WY6i86N9Z1M97
+2PEgy0IG5l6JHu1P0/rd00hN0h0Owzv3V5ldMLZap7+pVFQTAgMBAAGjIzAhMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB
+AQA3GWpy4bYLOHLENDTUBeclF6cDdYiautD6gxd1SDLMWOhAUF7ywwT87OAJdr1I
++W1TUv5BRG21rNm1QsZfLbStdKA1mpiET/9nYN7m1YauL5hI3yD49TGuO9/sxcE5
+zNW7D3VBVNq+pyT21/TvLAgxCNvjjm7byzyIOcoRUyZx8WhCf8nUT6cEShXqEg4Q
+iUBSLI38tiQoZneuVzDRlXBY0PqoB19l2Kg9yThHjPTVhw5EAQSDKXCCvaxAbVw6
+ZPLNnOdK6DvqEZ3GC5WlaHQdmLxmN4OfV6AEtpgqgGY9u8K1ylTr3ET7xLK7bhcA
+oZsggEVZr1Ifx9BWIazRNwlw
 -----END CERTIFICATE-----
diff --git a/spec/integration/fixtures/server.cert b/spec/integration/fixtures/server.cert
@@ -1,19 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQGDAJKUDES
-MBAGA1UECgwJSklOLkdSLkpQMQwwCgYDVQQLDANSUlIxDjAMBgNVBAMMBVN1YkNB
-MB4XDTA0MDEzMTAzMTMxNloXDTMzMDEyMzAzMTMxNlowQzELMAkGA1UEBgwCSlAx
-EjAQBgNVBAoMCUpJTi5HUi5KUDEMMAoGA1UECwwDUlJSMRIwEAYDVQQDDAlsb2Nh
-bGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANFJTxWqup3nV9dsJAku
-p+WaXnPNIzcpAA3qMGZDJTJsfa8Du7ZxTP0XJK5mETttBrn711cJxAuP3KjqnW9S
-vtZ9lY2sXJ6Zj62sN5LwG3VVe25dI28yR1EsbHjJ5Zjf9tmggMC6am52dxuHbt5/
-vHo4ngJuKE/U+eeGRivMn6gFAgMBAAGjgYUwgYIwDAYDVR0TAQH/BAIwADAxBglg
-hkgBhvhCAQ0EJBYiUnVieS9PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
-BgNVHQ4EFgQUpZIyygD9JxFYHHOTEuWOLbCKfckwCwYDVR0PBAQDAgWgMBMGA1Ud
-JQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBwAIj5SaBHaA5X31IP
-CFCJiep96awfp7RANO0cuUj+ZpGoFn9d6FXY0g+Eg5wAkCNIzZU5NHN9xsdOpnUo
-zIBbyTfQEPrge1CMWMvL6uGaoEXytq84VTitF/xBTky4KtTn6+es4/e7jrrzeUXQ
-RC46gkHObmDT91RkOEGjHLyld2328jo3DIN/VTHIryDeVHDWjY5dENwpwdkhhm60
-DR9IrNBbXWEe9emtguNXeN0iu1ux0lG1Hc6pWGQxMlRKNvGh0yZB9u5EVe38tOV0
-jQaoNyL7qzcQoXD3Dmbi1p0iRmg/+HngISsz8K7k7MBNVsSclztwgCzTZOBiVtkM
-rRlQ
+MIIDBDCCAeygAwIBAgIBBzANBgkqhkiG9w0BAQsFADA4MRMwEQYKCZImiZPyLGQB
+GRYDbmV0MRQwEgYKCZImiZPyLGQBGRYEcHVtYTELMAkGA1UEAwwCQ0EwHhcNMjAw
+ODAxMDAwMDAwWhcNMjQwODAxMDAwMDAwWjA/MRMwEQYKCZImiZPyLGQBGRYDbmV0
+MRQwEgYKCZImiZPyLGQBGRYEcHVtYTESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXOg3gTrGJfVft9cSrfGRnEZezDB
+L93fcLwJAoaXGxbEg1RW/fOrSpSNemuqOvbzczV7m5eYTf1lHPBJsndbYyijIR1+
+Fp4tjFDp76SC3hxCIc3uYXIz0qQwSOAi1z15zobS4xF29jlsXWtfBl9fivjzdj/f
+pbZ+JPYOrlcJAf6Xmr3xh//13rOI0ytBMlWf51z/iAZBLm2wvbt+nR7B6koAdTgM
+Coe+gOtcLWYY5ApJ4qB9knGdxWoF5p7guHHw2aGTM0jyhgBowfVkFRiE2JUmODae
+g+dHsd8ogWbqhGyZTredJF/NRrLKU0h+t7ldKHvXEZy4qyqQlvKoTpODqQIDAQAB
+oxIwEDAOBgNVHQ8BAf8EBAMCBLAwDQYJKoZIhvcNAQELBQADggEBAI/bcQP4Hu9O
+OtaaIjVxN8+9jXUOrMpSogmZ4bRKImispt9SA+sbxec7iOMM2pG3Py2yi0hWGzii
+hSebWIsM1JuPj7ks9l8nGRxpGeInJwTkJorG4ZLEypoS2wW3fQZGx3o4da5V+U2Z
+HEY0wQTbPBqqnyeZ16ZFNVCzw8y9l7y7CEFjvUO3sq0pne9r7Z+XVgjGyBdBYkJS
+0kcqPBXFCMHrWH5UlacYlM5cqgoVztOp2STGmR3XR7a34oueeA10QSP+jzeYvWA1
+wTYA762uU2ReCdujfNbf8V1tZWAH36KldM3hhDNWeveAGxxj1h2R9T/k2kHl/a7D
+I3VdS59vjJY=
 -----END CERTIFICATE-----
diff --git a/spec/integration/fixtures/server.key b/spec/integration/fixtures/server.key
@@ -1,15 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDRSU8Vqrqd51fXbCQJLqflml5zzSM3KQAN6jBmQyUybH2vA7u2
-cUz9FySuZhE7bQa5+9dXCcQLj9yo6p1vUr7WfZWNrFyemY+trDeS8Bt1VXtuXSNv
-MkdRLGx4yeWY3/bZoIDAumpudncbh27ef7x6OJ4CbihP1PnnhkYrzJ+oBQIDAQAB
-AoGBAIf4CstW2ltQO7+XYGoex7Hh8s9lTSW/G2vu5Hbr1LTHy3fzAvdq8MvVR12O
-rk9fa+lU9vhzPc0NMB0GIDZ9GcHuhW5hD1Wg9OSCbTOkZDoH3CAFqonjh4Qfwv5W
-IPAFn9KHukdqGXkwEMdErsUaPTy9A1V/aROVEaAY+HJgq/eZAkEA/BP1QMV04WEZ
-Oynzz7/lLizJGGxp2AOvEVtqMoycA/Qk+zdKP8ufE0wbmCE3Qd6GoynavsHb6aGK
-gQobb8zDZwJBANSK6MrXlrZTtEaeZuyOB4mAmRzGzOUVkUyULUjEx2GDT93ujAma
-qm/2d3E+wXAkNSeRpjUmlQXy/2oSqnGvYbMCQQDRM+cYyEcGPUVpWpnj0shrF/QU
-9vSot/X1G775EMTyaw6+BtbyNxVgOIu2J+rqGbn3c+b85XqTXOPL0A2RLYkFAkAm
-syhSDtE9X55aoWsCNZY/vi+i4rvaFoQ/WleogVQAeGVpdo7/DK9t9YWoFBIqth0L
-mGSYFu9ZhvZkvQNV8eYrAkBJ+rOIaLDsmbrgkeDruH+B/9yrm4McDtQ/rgnOGYnH
-LjLpLLOrgUxqpzLWe++EwSLwK2//dHO+SPsQJ4xsyQJy
+MIIEpQIBAAKCAQEAvXOg3gTrGJfVft9cSrfGRnEZezDBL93fcLwJAoaXGxbEg1RW
+/fOrSpSNemuqOvbzczV7m5eYTf1lHPBJsndbYyijIR1+Fp4tjFDp76SC3hxCIc3u
+YXIz0qQwSOAi1z15zobS4xF29jlsXWtfBl9fivjzdj/fpbZ+JPYOrlcJAf6Xmr3x
+h//13rOI0ytBMlWf51z/iAZBLm2wvbt+nR7B6koAdTgMCoe+gOtcLWYY5ApJ4qB9
+knGdxWoF5p7guHHw2aGTM0jyhgBowfVkFRiE2JUmODaeg+dHsd8ogWbqhGyZTred
+JF/NRrLKU0h+t7ldKHvXEZy4qyqQlvKoTpODqQIDAQABAoIBAQCCtt8NkNMs2sYB
+jdc97mKtg6eTKeaBQlLCk9qblYV4uVLJUk3bVl6fTLP4/YQsvurmWMZ6ajQ5y1YS
+i3At5NB3MDitxo2SyXyfzcw6/oUU/uZaMJ4DOiqrcYGnJo6jd9UtPDURWqF77c7o
+/gZIfVGMr4w70IJc8fdDRUqH26Fpb7Gp0+RNUXtM9tSovkX/yICje7Hp4IIiJJ0t
+KGepdHfddshR4OIALh0k3jC9zfbYfSdIKZuGBf7bmjJTByLavjcG6HFLyt7aZBt3
+136hXAOvMO780WW2vQ8xAYkd+8bf4db4fjUpw3NWJ5wVdQhI9jhkAc9LhhxiDVoI
+g9IyaSUBAoGBAObajQ24JlNg11ZZffPZwmvMlMDyZ8pZ5dk/Up9nOvCp1J2+7ef/
+6wjkOhrSyIPpvJCmftOn0c9IkV7tk5673Kjmly33QiIwiEeEG3lNN6GytiXIGqFV
+ScPGznO/rNeKUsMFu3SXZNYs7aYqr9OCadwATuh+IzTQAx3T3prno4F5AoGBANIW
+kJRF2Pl4yWc7MRjF+WnGfhJHv7VOcLlmFD1fa/IIM9xuBRgikiBWHtFwLoXknsY8
+y2VqNrPEkjCp+qLpXLC8l3dzpNU33Z42h/tUfoTmgSgDUQXGggjzbcS8cf+1D55z
+KuPazKAndyiuhIENk1gE+5RKdNyjYP2sI4+L5jexAoGBANxx2rw9GywHj9n/P006
+pnO2Ol49nGsYiWp5E3bwZtIl+shf6GLgeRpWhj3TBnMhIlWnB/kpiiq8i0Tw7URo
+9H+9IqRcNqTbX2ebeXjOCc+5DkLp4LQq83OmRsM1R+HTTtC4ipb9cucqpA1HOftp
+z5isGq3ctdXaxP8YsLuPcw1RAoGAXZx0W70ryy2JAJidbd55Hiq17ktOHumOzO2x
+Qw+Lt9Lz2NqlJnXxCruVC9miwUJ3hPl93/iN21hRk6GJ7qFxDcda7nz3C5LTCzZd
+LR4fKfTTxBKGPb6QHpDpbmpRmZECHqZOjCzoVMyBCf2JST/VUbkWqKLso4uhIidb
+yRCbSmECgYEAp+IuwpnMxVPxP52/xPFVcAxH2pDfmn5TJLJCNuKEUAS9ncZuz7rh
+jJxtbC4AoGsS0+TdxnlMBvBpZE3QddQmjvey77yu/OvRUX2m/J/d+I2duTaHGR9Z
+9VMxtlFY+DbDkJI2HVVxu5XfLKMJSEsMza8K64Ntx3XY3dJLCHrR1EY=
 -----END RSA PRIVATE KEY-----
diff --git a/spec/integration/http_spec.rb b/spec/integration/http_spec.rb
@@ -141,6 +141,15 @@
         response = HTTPI.get(request, adapter)
         expect(response.body).to eq("get")
       end
+
+      it "works with ciphers" do
+        request = HTTPI::Request.new(@server.url)
+        request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file
+        request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers
+
+        response = HTTPI.get(request, adapter)
+        expect(response.body).to eq("get")
+      end
     end
   end
 
diff --git a/spec/integration/httpclient_spec.rb b/spec/integration/httpclient_spec.rb
@@ -121,6 +121,15 @@
         response = HTTPI.get(request, adapter)
         expect(response.body).to eq("get")
       end
+
+      it "works with ciphers" do
+        request = HTTPI::Request.new(@server.url)
+        request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file
+        request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers
+
+        response = HTTPI.get(request, adapter)
+        expect(response.body).to eq("get")
+      end
     end
   end
 
diff --git a/spec/integration/net_http_persistent_spec.rb b/spec/integration/net_http_persistent_spec.rb
@@ -1,7 +1,8 @@
 require "spec_helper"
 require "integration/support/server"
+require "net/http/persistent"
 
-describe HTTPI::Adapter::NetHTTP do
+describe HTTPI::Adapter::NetHTTPPersistent do
 
   subject(:adapter) { :net_http_persistent }
 
@@ -122,6 +123,17 @@
         response = HTTPI.get(request, adapter)
         expect(response.body).to eq("get")
       end
+
+      it "works with ciphers" do
+        skip("Requires net-http-persistent 3.x") unless Net::HTTP::Persistent::VERSION.start_with? "3."
+
+        request = HTTPI::Request.new(@server.url)
+        request.auth.ssl.ca_cert_file = IntegrationServer.ssl_ca_file
+        request.auth.ssl.ciphers = OpenSSL::Cipher.ciphers
+
+        response = HTTPI.get(request, adapter)
+        expect(response.body).to eq("get")
+      end
     end
   end
 
diff --git a/spec/integration/net_http_spec.rb b/spec/integration/net_http_spec.rb
