abstract class OpenSSL::SSL::Context
Direct Known Subclasses
Defined in:
openssl/ssl/context.crConstant Summary
-
CIPHERS =
(["ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES128-SHA", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA", "ECDHE-ECDSA-DES-CBC3-SHA", "ECDHE-RSA-DES-CBC3-SHA", "EDH-RSA-DES-CBC3-SHA", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", "AES256-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "!RC4", "!aNULL", "!eNULL", "!LOW", "!3DES", "!MD5", "!EXP", "!PSK", "!SRP", "!DSS"] of ::String).join(' ')
-
The list of secure ciphers (intermediate security) as of May 2016 as per https://wiki.mozilla.org/Security/Server_Side_TLS
Class Method Summary
Instance Method Summary
-
#add_modes(mode : OpenSSL::SSL::Modes)
Adds modes to the TLS context.
-
#add_options(options : OpenSSL::SSL::Options)
Adds options to the TLS context.
-
#ca_certificates=(file_path : String)
Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.
-
#ca_certificates_path=(dir_path : String)
Sets the path to a directory containing all CA certificates used to validate the peers certificate.
-
#certificate_chain=(file_path : String)
Specify the path to the certificate chain file to use.
-
#ciphers=(ciphers : String)
Specify a list of TLS ciphers to use or discard.
- #finalize
-
#modes
Returns the current modes set on the TLS context.
-
#options
Returns the current options set on the TLS context.
-
#private_key=(file_path : String)
Specify the path to the private key to use.
-
#remove_modes(mode : OpenSSL::SSL::Modes)
Removes modes from the TLS context.
-
#remove_options(options : OpenSSL::SSL::Options)
Removes options from the TLS context.
-
#set_default_verify_paths
Sets the default paths for
ca_certiifcates=
and#ca_certificates_path=
. -
#set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1)
Adds a temporary ECDH key curve to the TLS context.
- #to_unsafe : LibSSL::SSLContext
-
#verify_mode
Returns the current verify mode.
-
#verify_mode=(mode : OpenSSL::SSL::VerifyMode)
Sets the verify mode.
Instance methods inherited from class Reference
==(other)==(other : self) ==, dup dup, hash hash, inspect(io : IO) : Nil inspect, object_id : UInt64 object_id, same?(other : Reference)
same?(other : Nil) same?, to_s(io : IO) : Nil to_s
Instance methods inherited from class Object
!=(other)
!=,
!~(other)
!~,
==(other)
==,
===(other)===(other : YAML::Any)
===(other : JSON::Any) ===, =~(other) =~, class class, crystal_type_id crystal_type_id, dup dup, hash hash, inspect(io : IO)
inspect inspect, itself itself, not_nil! not_nil!, tap(&block) tap, to_json to_json, to_pretty_json(io : IO)
to_pretty_json to_pretty_json, to_s
to_s(io : IO) to_s, to_yaml
to_yaml(io : IO) to_yaml, try(&block) try
Class methods inherited from class Object
==(other : Class)
==,
===(other)
===,
cast(other) : self
cast,
clone
clone,
dup
dup,
from_json(string_or_io, root : String) : selffrom_json(string_or_io) : self from_json, from_yaml(string : String) : self from_yaml, hash hash, inspect(io) inspect, name : String name, to_s(io) to_s, |(other : U.class) |
Class Method Detail
Instance Method Detail
Adds options to the TLS context.
Example:
context.add_options(
OpenSSL::SSL::Options::ALL | # various workarounds
OpenSSL::SSL::Options::NO_SSLV2 | # disable overly deprecated SSLv2
OpenSSL::SSL::Options::NO_SSLV3 # disable deprecated SSLv3
)
Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.
Sets the path to a directory containing all CA certificates used to
validate the peers certificate. The certificates should be in PEM format
and the c_rehash(1)
utility must have been run in the directory.
Specify the path to the certificate chain file to use. In server mode this is presented to the client, in client mode this used as client certificate.
Specify the path to the private key to use. The key must in PEM format.
The key must correspond to the entity certificate set by #certificate_chain=
.
Removes options from the TLS context.
Example:
context.remove_options(OpenSSL::SSL::NO_SSLV3)
Sets the default paths for ca_certiifcates=
and #ca_certificates_path=
.
Adds a temporary ECDH key curve to the TLS context. This is required to enable the EECDH cipher suites. By default the prime256 curve will be used.
Returns the current verify mode. See the SSL_CTX_set_verify(3)
manpage for more details.
Sets the verify mode. See the SSL_CTX_set_verify(3)
manpage for more details.