abstract class OpenSSL::SSL::Context
Direct Known Subclasses
Defined in:
openssl/ssl/context.crConstant Summary
-
CIPHERS =
(["ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES128-SHA", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA", "ECDHE-ECDSA-DES-CBC3-SHA", "ECDHE-RSA-DES-CBC3-SHA", "EDH-RSA-DES-CBC3-SHA", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", "AES256-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "!RC4", "!aNULL", "!eNULL", "!LOW", "!3DES", "!MD5", "!EXP", "!PSK", "!SRP", "!DSS"] of ::String).join(' ')
-
The list of secure ciphers (intermediate security) as of May 2016 as per https://wiki.mozilla.org/Security/Server_Side_TLS
Class Method Summary
Instance Method Summary
-
#add_modes(mode : OpenSSL::SSL::Modes)
Adds modes to the TLS context.
-
#add_options(options : OpenSSL::SSL::Options)
Adds options to the TLS context.
-
#add_x509_verify_flags(flags : OpenSSL::X509VerifyFlags)
Sets the given
OpenSSL::X509VerifyFlags
in this context, additionally to the already set ones. -
#alpn_protocol=(protocol : String)
Specifies an ALPN protocol to negotiate with the remote endpoint.
-
#ca_certificates=(file_path : String)
Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.
-
#ca_certificates_path=(dir_path : String)
Sets the path to a directory containing all CA certificates used to validate the peers certificate.
-
#certificate_chain=(file_path : String)
Specify the path to the certificate chain file to use.
-
#ciphers=(ciphers : String)
Specify a list of TLS ciphers to use or discard.
-
#default_verify_param=(name : String)
Set this context verify param to the default one of the given name.
- #finalize
-
#modes
Returns the current modes set on the TLS context.
-
#options
Returns the current options set on the TLS context.
-
#private_key=(file_path : String)
Specify the path to the private key to use.
-
#remove_modes(mode : OpenSSL::SSL::Modes)
Removes modes from the TLS context.
-
#remove_options(options : OpenSSL::SSL::Options)
Removes options from the TLS context.
-
#set_default_verify_paths
Sets the default paths for
ca_certiifcates=
and#ca_certificates_path=
. -
#set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1)
Adds a temporary ECDH key curve to the TLS context.
- #to_unsafe : LibSSL::SSLContext
-
#verify_mode
Returns the current verify mode.
-
#verify_mode=(mode : OpenSSL::SSL::VerifyMode)
Sets the verify mode.
Instance methods inherited from class Reference
==(other)==(other : self) ==, dup dup, hash hash, inspect(io : IO) : Nil inspect, object_id : UInt64 object_id, same?(other : Reference)
same?(other : Nil) same?, to_s(io : IO) : Nil to_s
Instance methods inherited from class Object
!=(other)
!=,
!~(other)
!~,
==(other)
==,
===(other)===(other : YAML::Any)
===(other : JSON::Any) ===, =~(other) =~, class class, crystal_type_id crystal_type_id, dup dup, hash hash, inspect(io : IO)
inspect inspect, itself itself, not_nil! not_nil!, tap(&block) tap, to_json to_json, to_pretty_json(indent : String = " ")
to_pretty_json(io : IO, indent : String = " ") to_pretty_json, to_s
to_s(io : IO) to_s, to_yaml
to_yaml(io : IO) to_yaml, try(&block) try
Class methods inherited from class Object
==(other : Class)
==,
===(other)
===,
cast(other) : self
cast,
clone
clone,
dup
dup,
from_json(string_or_io) : selffrom_json(string_or_io, root : String) : self from_json, from_yaml(string : String) : self from_yaml, hash hash, inspect(io) inspect, name : String name, nilable? nilable?, to_s(io) to_s, |(other : U.class) forall U |
Class Method Detail
Instance Method Detail
Adds options to the TLS context.
Example:
context.add_options( OpenSSL::SSL::Options::ALL | # various workarounds OpenSSL::SSL::Options::NO_SSLV2 | # disable overly deprecated SSLv2 OpenSSL::SSL::Options::NO_SSLV3 # disable deprecated SSLv3 )
Sets the given OpenSSL::X509VerifyFlags
in this context, additionally to
the already set ones.
Specifies an ALPN protocol to negotiate with the remote endpoint. This is required to negotiate HTTP/2 with browsers, since browser vendors decided not to implement HTTP/2 over insecure connections.
Example:
context.alpn_protocol = "h2"
Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.
Sets the path to a directory containing all CA certificates used to
validate the peers certificate. The certificates should be in PEM format
and the c_rehash(1)
utility must have been run in the directory.
Specify the path to the certificate chain file to use. In server mode this is presented to the client, in client mode this used as client certificate.
Set this context verify param to the default one of the given name.
Depending on the OpenSSL version, the available defaults are default, pkcs7, smime_sign, ssl_client and ssl_server
Specify the path to the private key to use. The key must in PEM format.
The key must correspond to the entity certificate set by #certificate_chain=
.
Removes options from the TLS context.
Example:
context.remove_options(OpenSSL::SSL::NO_SSLV3)
Sets the default paths for ca_certiifcates=
and #ca_certificates_path=
.
Adds a temporary ECDH key curve to the TLS context. This is required to enable the EECDH cipher suites. By default the prime256 curve will be used.
Returns the current verify mode. See the SSL_CTX_set_verify(3)
manpage for more details.
Sets the verify mode. See the SSL_CTX_set_verify(3)
manpage for more details.