[ruby/openssl] ssl: use SSL_CTX_set_dh_auto() by default

Rely on OpenSSL's builtin DH parameters for TLS 1.2 and earlier instead
of providing a default SSLContext#tmp_dh_callback proc.
SSL_CTX_set_dh_auto() has been available since OpenSSL 1.1.0.

The parameters can still be overridden by specifying
SSLContext#tmp_dh_callback or #tmp_dh, as confirmed by existing tests.

SSLContext#tmp_dh_callback depends on a deprecated OpenSSL feature. We
also prefer not to hard-code parameters, which is a maintenance burden.
This change also improves Ractor compatibility by removing the
unshareable proc.

https://github.com/ruby/openssl/commit/9cfec9bf5e

ext/openssl/lib/openssl/ssl.rb

@@ -32,25 +32,6 @@ module OpenSSL
         }.call
       }
 
-      if defined?(OpenSSL::PKey::DH)
-        DH_ffdhe2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
-+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
-87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
-YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
-7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
-ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
------END DH PARAMETERS-----
-        _end_of_pem_
-        private_constant :DH_ffdhe2048
-
-        DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
-          warn "using default DH parameters." if $VERBOSE
-          DH_ffdhe2048
-        }
-      end
-
       if !OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL")
         DEFAULT_PARAMS.merge!(
           min_version: OpenSSL::SSL::TLS1_VERSION,
@@ -457,7 +438,7 @@ ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
       end
 
       def tmp_dh_callback
-        @context.tmp_dh_callback || OpenSSL::SSL::SSLContext::DEFAULT_TMP_DH_CALLBACK
+        @context.tmp_dh_callback
       end
 
       def session_new_cb

ext/openssl/ossl_ssl.c

@@ -47,7 +47,7 @@ static ID id_i_cert_store, id_i_ca_file, id_i_ca_path, id_i_verify_mode,
 	  id_i_session_id_context, id_i_session_get_cb, id_i_session_new_cb,
 	  id_i_session_remove_cb, id_i_npn_select_cb, id_i_npn_protocols,
 	  id_i_alpn_select_cb, id_i_alpn_protocols, id_i_servername_cb,
-	  id_i_verify_hostname, id_i_keylog_cb;
+	  id_i_verify_hostname, id_i_keylog_cb, id_i_tmp_dh_callback;
 static ID id_i_io, id_i_context, id_i_hostname;
 
 static int ossl_ssl_ex_ptr_idx;
@@ -90,6 +90,7 @@ ossl_sslctx_s_alloc(VALUE klass)
         ossl_raise(eSSLError, "SSL_CTX_new");
     }
     SSL_CTX_set_mode(ctx, mode);
+    SSL_CTX_set_dh_auto(ctx, 1);
     RTYPEDDATA_DATA(obj) = ctx;
     SSL_CTX_set_ex_data(ctx, ossl_sslctx_ex_ptr_idx, (void *)obj);
 
@@ -703,7 +704,10 @@ ossl_sslctx_setup(VALUE self)
     GetSSLCTX(self, ctx);
 
 #if !defined(OPENSSL_NO_DH)
-    SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback);
+    if (!NIL_P(rb_attr_get(self, id_i_tmp_dh_callback))) {
+        SSL_CTX_set_tmp_dh_callback(ctx, ossl_tmp_dh_callback);
+        SSL_CTX_set_dh_auto(ctx, 0);
+    }
 #endif
 
 #if !defined(OPENSSL_IS_AWSLC) /* AWS-LC has no support for TLS 1.3 PHA. */
@@ -1178,6 +1182,9 @@ ossl_sslctx_set_tmp_dh(VALUE self, VALUE arg)
         ossl_raise(eSSLError, "SSL_CTX_set_tmp_dh");
 #endif
 
+    // Turn off the "auto" DH parameters set by ossl_sslctx_s_alloc()
+    SSL_CTX_set_dh_auto(ctx, 0);
+
     return arg;
 }
 #endif
@@ -3289,6 +3296,7 @@ Init_ossl_ssl(void)
     DefIVarID(servername_cb);
     DefIVarID(verify_hostname);
     DefIVarID(keylog_cb);
+    DefIVarID(tmp_dh_callback);
 
     DefIVarID(io);
     DefIVarID(context);

test/openssl/test_ssl.rb

@@ -2129,11 +2129,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
       ctx.tmp_dh_callback = nil
     }
     start_server(ctx_proc: ctx_proc) do |port|
-      EnvUtil.suppress_warning { # uses default callback
-        assert_nothing_raised {
-          server_connect(port) { }
-        }
-      }
+      assert_nothing_raised { server_connect(port) { } }
     end
   end