class OpenSSL::SSL::Context::Server
Defined in:
openssl/ssl/context.crClass Method Summary
-
.insecure(method : LibSSL::SSLMethod = LibSSL.sslv23_method)
Returns a new TLS server context with only the given method set.
-
.new(method : LibSSL::SSLMethod = LibSSL.sslv23_method)
Generates a new TLS server context with sane defaults for a server connection.
Instance methods inherited from class OpenSSL::SSL::Context
add_modes(mode : OpenSSL::SSL::Modes)
add_modes,
add_options(options : OpenSSL::SSL::Options)
add_options,
add_x509_verify_flags(flags : OpenSSL::X509VerifyFlags)
add_x509_verify_flags,
alpn_protocol=(protocol : String)
alpn_protocol=,
ca_certificates=(file_path : String)
ca_certificates=,
ca_certificates_path=(dir_path : String)
ca_certificates_path=,
certificate_chain=(file_path : String)
certificate_chain=,
ciphers=(ciphers : String)
ciphers=,
default_verify_param=(name : String)
default_verify_param=,
finalize
finalize,
modes
modes,
options
options,
private_key=(file_path : String)
private_key=,
remove_modes(mode : OpenSSL::SSL::Modes)
remove_modes,
remove_options(options : OpenSSL::SSL::Options)
remove_options,
set_default_verify_paths
set_default_verify_paths,
set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1)
set_tmp_ecdh_key,
to_unsafe : LibSSL::SSLContext
to_unsafe,
verify_mode
verify_mode,
verify_mode=(mode : OpenSSL::SSL::VerifyMode)
verify_mode=
Class methods inherited from class OpenSSL::SSL::Context
new(method : LibSSL::SSLMethod)
new
Instance methods inherited from class Reference
==(other)==(other : self) ==, dup dup, hash hash, inspect(io : IO) : Nil inspect, object_id : UInt64 object_id, same?(other : Reference)
same?(other : Nil) same?, to_s(io : IO) : Nil to_s
Instance methods inherited from class Object
!=(other)
!=,
!~(other)
!~,
==(other)
==,
===(other)===(other : YAML::Any)
===(other : JSON::Any) ===, =~(other) =~, class class, crystal_type_id crystal_type_id, dup dup, hash hash, inspect(io : IO)
inspect inspect, itself itself, not_nil! not_nil!, tap(&block) tap, to_json to_json, to_pretty_json(indent : String = " ")
to_pretty_json(io : IO, indent : String = " ") to_pretty_json, to_s
to_s(io : IO) to_s, to_yaml
to_yaml(io : IO) to_yaml, try(&block) try
Class methods inherited from class Object
==(other : Class)
==,
===(other)
===,
cast(other) : self
cast,
clone
clone,
dup
dup,
from_json(string_or_io) : selffrom_json(string_or_io, root : String) : self from_json, from_yaml(string : String) : self from_yaml, hash hash, inspect(io) inspect, name : String name, nilable? nilable?, to_s(io) to_s, |(other : U.class) forall U |
Class Method Detail
Returns a new TLS server context with only the given method set.
For everything else this uses the defaults of your OpenSSL.
Use this only if undoing the defaults that .new
sets is too much hassle.
Generates a new TLS server context with sane defaults for a server connection.
By default it defaults to the SSLv23_method
which actually means that
OpenSSL will negotiate the TLS or SSL protocol to use with the remote
endpoint.
Don't change the method unless you must restrict a specific protocol to be used (eg: TLSv1.2) and nothing else. You should specify options to disable specific protocols, yet allow to negotiate from various other ones. For example the following snippet will enable the TLSv1, TLSv1.1 and TLSv1.2 protocols but disable the deprecated SSLv2 and SSLv3 protocols:
context = OpenSSL::SSL::Context::Server.new
context.options = OpenSSL::SSL::Options::NO_SSLV2 | OpenSSL::SSL::Options::NO_SSLV3