abstract class OpenSSL::SSL::Context
Direct Known Subclasses
Defined in:
openssl/ssl/context.crConstant Summary
-
CIPHERS =
(["ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES128-SHA", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA", "ECDHE-ECDSA-DES-CBC3-SHA", "ECDHE-RSA-DES-CBC3-SHA", "EDH-RSA-DES-CBC3-SHA", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", "AES256-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "!RC4", "!aNULL", "!eNULL", "!LOW", "!3DES", "!MD5", "!EXP", "!PSK", "!SRP", "!DSS"] of ::String).join(' ')
-
The list of secure ciphers (intermediate security) as of May 2016 as per https://wiki.mozilla.org/Security/Server_Side_TLS
Constructors
Instance Method Summary
-
#add_modes(mode : OpenSSL::SSL::Modes)
Adds modes to the TLS context.
-
#add_options(options : OpenSSL::SSL::Options)
Adds options to the TLS context.
-
#add_x509_verify_flags(flags : OpenSSL::X509VerifyFlags)
Sets the given
OpenSSL::X509VerifyFlags
in this context, additionally to the already set ones. -
#alpn_protocol=(protocol : String)
Specifies an ALPN protocol to negotiate with the remote endpoint.
-
#ca_certificates=(file_path : String)
Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.
-
#ca_certificates_path=(dir_path : String)
Sets the path to a directory containing all CA certificates used to validate the peers certificate.
-
#certificate_chain=(file_path : String)
Specify the path to the certificate chain file to use.
-
#ciphers=(ciphers : String)
Specify a list of TLS ciphers to use or discard.
-
#default_verify_param=(name : String)
Set this context verify param to the default one of the given name.
- #finalize
-
#modes
Returns the current modes set on the TLS context.
-
#options
Returns the current options set on the TLS context.
-
#private_key=(file_path : String)
Specify the path to the private key to use.
-
#remove_modes(mode : OpenSSL::SSL::Modes)
Removes modes from the TLS context.
-
#remove_options(options : OpenSSL::SSL::Options)
Removes options from the TLS context.
-
#set_default_verify_paths
Sets the default paths for
ca_certiifcates=
and#ca_certificates_path=
. -
#set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1)
Adds a temporary ECDH key curve to the TLS context.
- #to_unsafe : LibSSL::SSLContext
-
#verify_mode
Returns the current verify mode.
-
#verify_mode=(mode : OpenSSL::SSL::VerifyMode)
Sets the verify mode.
Instance methods inherited from class Reference
==(other : self)==(other : JSON::Any)
==(other : YAML::Any)
==(other) ==, dup dup, hash(hasher) hash, inspect(io : IO) : Nil inspect, object_id : UInt64 object_id, pretty_print(pp) : Nil pretty_print, same?(other : Reference)
same?(other : Nil) same?, to_s(io : IO) : Nil to_s
Constructor methods inherited from class Reference
new
new
Instance methods inherited from class Object
!=(other)
!=,
!~(other)
!~,
==(other)
==,
===(other : JSON::Any)===(other : YAML::Any)
===(other) ===, =~(other) =~, class class, dup dup, hash(hasher)
hash hash, inspect(io : IO)
inspect inspect, itself itself, not_nil! not_nil!, pretty_inspect(width = 79, newline = "\n", indent = 0) : String pretty_inspect, pretty_print(pp : PrettyPrint) : Nil pretty_print, tap(&block) tap, to_json(io : IO)
to_json to_json, to_pretty_json(indent : String = " ")
to_pretty_json(io : IO, indent : String = " ") to_pretty_json, to_s
to_s(io : IO) to_s, to_yaml(io : IO)
to_yaml to_yaml, try(&block) try, unsafe_as(type : T.class) forall T unsafe_as
Constructor methods inherited from class Object
from_json(string_or_io, root : String) : selffrom_json(string_or_io) : self from_json, from_yaml(string_or_io : String | IO) : self from_yaml
Constructor Detail
Instance Method Detail
Adds options to the TLS context.
Example:
context.add_options(
OpenSSL::SSL::Options::ALL | # various workarounds
OpenSSL::SSL::Options::NO_SSL_V2 | # disable overly deprecated SSLv2
OpenSSL::SSL::Options::NO_SSL_V3 # disable deprecated SSLv3
)
Sets the given OpenSSL::X509VerifyFlags
in this context, additionally to
the already set ones.
Specifies an ALPN protocol to negotiate with the remote endpoint. This is required to negotiate HTTP/2 with browsers, since browser vendors decided not to implement HTTP/2 over insecure connections.
Example:
context.alpn_protocol = "h2"
Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.
Sets the path to a directory containing all CA certificates used to
validate the peers certificate. The certificates should be in PEM format
and the c_rehash(1)
utility must have been run in the directory.
Specify the path to the certificate chain file to use. In server mode this is presented to the client, in client mode this used as client certificate.
Set this context verify param to the default one of the given name.
Depending on the OpenSSL version, the available defaults are
default
, pkcs7
, smime_sign
, ssl_client
and ssl_server
.
Specify the path to the private key to use. The key must in PEM format.
The key must correspond to the entity certificate set by #certificate_chain=
.
Removes options from the TLS context.
Example:
context.remove_options(OpenSSL::SSL::Options::NO_SSL_V3)
Sets the default paths for ca_certiifcates=
and #ca_certificates_path=
.
Adds a temporary ECDH key curve to the TLS context. This is required to enable the EECDH cipher suites. By default the prime256 curve will be used.
Returns the current verify mode. See the SSL_CTX_set_verify(3)
manpage for more details.
Sets the verify mode. See the SSL_CTX_set_verify(3)
manpage for more details.