Issue #21879 has been updated by ahorek (Pavel Rosický). The default SSL parameters are secure https://apidock.com/ruby/OpenSSL/SSL/SSLContext/set_params If you're not using them or explicitly disabling verification with ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE it's not a critical security vulnerability in Ruby, it’s a problem in your code. Check the Python documentation at https://docs.python.org/3/library/ssl.html#ssl-security . Ruby’s documentation could be more explicit about this, though. ---------------------------------------- Bug #21879: SSLBypass https://bugs.ruby-lang.org/issues/21879#change-116448 * Author: sh2ll (Chmouel Taieb) * Status: Open * Backport: 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN, 4.0: UNKNOWN ---------------------------------------- There is not enough space for photos upload ---Files-------------------------------- Critical SSL Verification Bypass Report.pdf (87.4 KB) ScriptsPOC.pdf (49.5 KB) -- https://bugs.ruby-lang.org/