class OpenSSL::SSL::Context::Server

Defined in:

openssl/ssl/context.cr

Class Method Summary

Instance methods inherited from class OpenSSL::SSL::Context

add_modes(mode : OpenSSL::SSL::Modes) add_modes, add_options(options : OpenSSL::SSL::Options) add_options, add_x509_verify_flags(flags : OpenSSL::X509VerifyFlags) add_x509_verify_flags, alpn_protocol=(protocol : String) alpn_protocol=, ca_certificates=(file_path : String) ca_certificates=, ca_certificates_path=(dir_path : String) ca_certificates_path=, certificate_chain=(file_path : String) certificate_chain=, ciphers=(ciphers : String) ciphers=, default_verify_param=(name : String) default_verify_param=, finalize finalize, modes modes, options options, private_key=(file_path : String) private_key=, remove_modes(mode : OpenSSL::SSL::Modes) remove_modes, remove_options(options : OpenSSL::SSL::Options) remove_options, set_default_verify_paths set_default_verify_paths, set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1) set_tmp_ecdh_key, to_unsafe : LibSSL::SSLContext to_unsafe, verify_mode verify_mode, verify_mode=(mode : OpenSSL::SSL::VerifyMode) verify_mode=

Class methods inherited from class OpenSSL::SSL::Context

new(method : LibSSL::SSLMethod) new

Instance methods inherited from class Reference

==(other)
==(other : self)
==
, dup dup, hash hash, inspect(io : IO) : Nil inspect, object_id : UInt64 object_id, same?(other : Reference)
same?(other : Nil)
same?
, to_s(io : IO) : Nil to_s

Instance methods inherited from class Object

!=(other) !=, !~(other) !~, ==(other) ==, ===(other)
===(other : YAML::Any)
===(other : JSON::Any)
===
, =~(other) =~, class class, crystal_type_id crystal_type_id, dup dup, hash hash, inspect(io : IO)
inspect
inspect
, itself itself, not_nil! not_nil!, tap(&block) tap, to_json to_json, to_pretty_json(indent : String = " ")
to_pretty_json(io : IO, indent : String = " ")
to_pretty_json
, to_s
to_s(io : IO)
to_s
, to_yaml
to_yaml(io : IO)
to_yaml
, try(&block) try

Class methods inherited from class Object

==(other : Class) ==, ===(other) ===, cast(other) : self cast, clone clone, dup dup, from_json(string_or_io) : self
from_json(string_or_io, root : String) : self
from_json
, from_yaml(string : String) : self from_yaml, hash hash, inspect(io) inspect, name : String name, nilable? nilable?, to_s(io) to_s, |(other : U.class) forall U |

Class Method Detail

def self.insecure(method : LibSSL::SSLMethod = LibSSL.sslv23_method) #

Returns a new TLS server context with only the given method set.

For everything else this uses the defaults of your OpenSSL. Use this only if undoing the defaults that .new sets is too much hassle.


[View source]
def self.new(method : LibSSL::SSLMethod = LibSSL.sslv23_method) #

Generates a new TLS server context with sane defaults for a server connection.

By default it defaults to the SSLv23_method which actually means that OpenSSL will negotiate the TLS or SSL protocol to use with the remote endpoint.

Don't change the method unless you must restrict a specific protocol to be used (eg: TLSv1.2) and nothing else. You should specify options to disable specific protocols, yet allow to negotiate from various other ones. For example the following snippet will enable the TLSv1, TLSv1.1 and TLSv1.2 protocols but disable the deprecated SSLv2 and SSLv3 protocols:

context = OpenSSL::SSL::Context::Server.new
context.options = OpenSSL::SSL::Options::NO_SSLV2 | OpenSSL::SSL::Options::NO_SSLV3

[View source]