abstract class OpenSSL::SSL::Context

Direct Known Subclasses

Defined in:


Constant Summary


The list of secure ciphers (intermediate security) as of May 2016 as per https://wiki.mozilla.org/Security/Server_Side_TLS

Instance Method Summary

Instance methods inherited from class Reference

==(other : self)
==(other : JSON::Any)
==(other : YAML::Any)
, dup dup, hash(hasher) hash, inspect(io : IO) : Nil inspect, object_id : UInt64 object_id, pretty_print(pp) : Nil pretty_print, same?(other : Reference)
same?(other : Nil)
, to_s(io : IO) : Nil to_s

Constructor methods inherited from class Reference

new new

Instance methods inherited from class Object

! : Bool !, !=(other) !=, !~(other) !~, ==(other) ==, ===(other : JSON::Any)
===(other : YAML::Any)
, =~(other) =~, as(type : Class) as, as?(type : Class) as?, class class, dup dup, hash(hasher)
, in?(*values : Object) : Bool
in?(collection) : Bool
, inspect : String
inspect(io : IO) : Nil
, is_a?(type : Class) : Bool is_a?, itself itself, nil? : Bool nil?, not_nil! not_nil!, pretty_inspect(width = 79, newline = "\n", indent = 0) : String pretty_inspect, pretty_print(pp : PrettyPrint) : Nil pretty_print, responds_to?(name : Symbol) : Bool responds_to?, tap(&) tap, to_json(io : IO)
, to_pretty_json(io : IO, indent : String = " ")
to_pretty_json(indent : String = " ")
, to_s : String
to_s(io : IO) : Nil
, to_yaml(io : IO)
, try(&) try, unsafe_as(type : T.class) forall T unsafe_as

Class methods inherited from class Object

from_json(string_or_io, root : String)
, from_yaml(string_or_io : String | IO) from_yaml

Instance Method Detail

def add_modes(mode : OpenSSL::SSL::Modes) #

Adds modes to the TLS context.

[View source]
def add_options(options : OpenSSL::SSL::Options) #

Adds options to the TLS context.


  OpenSSL::SSL::Options::ALL |       # various workarounds
  OpenSSL::SSL::Options::NO_SSL_V2 | # disable overly deprecated SSLv2
  OpenSSL::SSL::Options::NO_SSL_V3   # disable deprecated SSLv3

[View source]
def add_x509_verify_flags(flags : OpenSSL::X509VerifyFlags) #

Sets the given OpenSSL::X509VerifyFlags in this context, additionally to the already set ones.

[View source]
def alpn_protocol=(protocol : String) #

Specifies an ALPN protocol to negotiate with the remote endpoint. This is required to negotiate HTTP/2 with browsers, since browser vendors decided not to implement HTTP/2 over insecure connections.


context.alpn_protocol = "h2"

[View source]
def ca_certificates=(file_path : String) #

Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.

[View source]
def ca_certificates_path=(dir_path : String) #

Sets the path to a directory containing all CA certificates used to validate the peers certificate. The certificates should be in PEM format and the c_rehash(1) utility must have been run in the directory.

[View source]
def certificate_chain=(file_path : String) #

Specify the path to the certificate chain file to use. In server mode this is presented to the client, in client mode this used as client certificate.

[View source]
def ciphers=(ciphers : String) #

Specify a list of TLS ciphers to use or discard.

[View source]
def default_verify_param=(name : String) #

Sets this context verify param to the default one of the given name.

Depending on the OpenSSL version, the available defaults are default, pkcs7, smime_sign, ssl_client and ssl_server.

[View source]
def finalize #

[View source]
def modes #

Returns the current modes set on the TLS context.

[View source]
def options #

Returns the current options set on the TLS context.

[View source]
def private_key=(file_path : String) #

Specify the path to the private key to use. The key must in PEM format. The key must correspond to the entity certificate set by #certificate_chain=.

[View source]
def remove_modes(mode : OpenSSL::SSL::Modes) #

Removes modes from the TLS context.

[View source]
def remove_options(options : OpenSSL::SSL::Options) #

Removes options from the TLS context.



[View source]
def set_default_verify_paths #

Sets the default paths for ca_certiifcates= and #ca_certificates_path=.

[View source]
def set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1) #

Adds a temporary ECDH key curve to the TLS context. This is required to enable the EECDH cipher suites. By default the prime256 curve will be used.

[View source]
def to_unsafe : LibSSL::SSLContext #

[View source]
def verify_mode #

Returns the current verify mode. See the SSL_CTX_set_verify(3) manpage for more details.

[View source]
def verify_mode=(mode : OpenSSL::SSL::VerifyMode) #

Sets the verify mode. See the SSL_CTX_set_verify(3) manpage for more details.

[View source]