I have a Rails application that uses Amazon S3 for image upload storage. Upload is handled directly in the browser, file manipulation is handled on the serverside. Recently I received an automail that Amazon discontinues support for SSLv3. I wanted to clarify whether my application that uses an older version of Ruby SDK (aws-sdk-v1 1.61.0) could be affected because of that, since I am not sure what mechanism it uses for the ssl handshake. Thank you in advance.
Short answer: it depends.
The old aws sdk allows you to provide (as a configuration setting) the http handler to use - the answer is dependant on the http handler user. Assuming you're using the default net/http based handler, then it depends on which ruby version you use and which openssl version it was built against.
As of ruby 2.1.4, 2.0.0p594, 1.9.3p550, ruby will not allow SSL3 connections by default (see the announcement). If you are running such a version of ruby, then SSL3 connections shouldn't be attempted, unless you go out of your way to do so.
If you use an earlier version then ruby may default to SSLv3 (depending on the openssl version built against) but if that fails it should be able to switch to a newer protocol instead. I'd highly recommend updating to the latest version in the ruby series you are already using, but I don't think you'll run into problems when SSLv3 is disabled.