2 files changed, 13 insertions, 0 deletions

diff --git a/lib/open-uri.rb b/lib/open-uri.rb
index 36bc3e7266..2bcbec5110 100644
--- a/lib/open-uri.rb
+++ b/lib/open-uri.rb
@@ -99,6 +99,7 @@ module OpenURI
     :open_timeout => true,
     :ssl_ca_cert => nil,
     :ssl_verify_mode => nil,
+    :ssl_version => nil,
     :ftp_active_mode => false,
     :redirect => true,
     :encoding => nil,
@@ -298,6 +299,8 @@ module OpenURI
       require 'net/https'
       http.use_ssl = true
       http.verify_mode = options[:ssl_verify_mode] || OpenSSL::SSL::VERIFY_PEER
+      http.ssl_version = options[:ssl_version] if options[:ssl_version] && 
+                                    OpenSSL::SSL::SSLContext::METHODS.include?(options[:ssl_version])
       store = OpenSSL::X509::Store.new
       if options[:ssl_ca_cert]
         Array(options[:ssl_ca_cert]).each do |cert|
diff --git a/test/open-uri/test_ssl.rb b/test/open-uri/test_ssl.rb
index 4f645d83b9..a4e20b553f 100644
--- a/test/open-uri/test_ssl.rb
+++ b/test/open-uri/test_ssl.rb
@@ -107,6 +107,16 @@ class TestOpenURISSL
     }
   end
 
+  def test_validation_ssl_version
+    with_https {|srv, dr, url|
+      setup_validation(srv, dr)
+      URI.open("#{url}/data", :ssl_verify_mode => OpenSSL::SSL::VERIFY_NONE, :ssl_version => :TLSv1_2) {|f|
+        assert_equal("200", f.status[0])
+        assert_equal("ddd", f.read)
+      }
+    }
+  end
+
   def with_https_proxy(proxy_log_tester=lambda {|proxy_log, proxy_access_log| assert_equal([], proxy_log) })
     proxy_log = []
     proxy_logger = WEBrick::Log.new(proxy_log, WEBrick::BasicLog::WARN)