class OpenSSL::SSL::Context::Client

Defined in:



Instance methods inherited from class OpenSSL::SSL::Context

add_modes(mode : OpenSSL::SSL::Modes) add_modes, add_options(options : OpenSSL::SSL::Options) add_options, add_x509_verify_flags(flags : OpenSSL::SSL::X509VerifyFlags) add_x509_verify_flags, alpn_protocol=(protocol : String) alpn_protocol=, ca_certificates=(file_path : String) ca_certificates=, ca_certificates_path=(dir_path : String) ca_certificates_path=, certificate_chain=(file_path : String) certificate_chain=, cipher_suites=(cipher_suites : String) cipher_suites=, ciphers=(ciphers : String) ciphers=, default_verify_param=(name : String) default_verify_param=, finalize finalize, modes : LibSSL::Modes modes, options : LibSSL::Options options, private_key=(file_path : String) private_key=, remove_modes(mode : OpenSSL::SSL::Modes) remove_modes, remove_options(options : OpenSSL::SSL::Options) remove_options, security_level : Int32 security_level, security_level=(value : Int32) security_level=, set_default_verify_paths set_default_verify_paths, set_intermediate_ciphers set_intermediate_ciphers, set_modern_ciphers set_modern_ciphers, set_old_ciphers set_old_ciphers, set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1) : Nil set_tmp_ecdh_key, to_unsafe : LibSSL::SSLContext to_unsafe, verify_mode : LibSSL::VerifyMode verify_mode, verify_mode=(mode : OpenSSL::SSL::VerifyMode) verify_mode=

Instance methods inherited from class Reference

==(other : self)
==(other : JSON::Any)
==(other : YAML::Any)
, dup dup, hash(hasher) hash, initialize initialize, inspect(io : IO) : Nil inspect, object_id : UInt64 object_id, pretty_print(pp) : Nil pretty_print, same?(other : Reference) : Bool
same?(other : Nil)
, to_s(io : IO) : Nil to_s

Constructor methods inherited from class Reference

new new, unsafe_construct(address : Pointer, *args, **opts) : self unsafe_construct

Class methods inherited from class Reference

pre_initialize(address : Pointer) pre_initialize

Instance methods inherited from class Object

! : Bool !, !=(other) !=, !~(other) !~, ==(other) ==, ===(other : JSON::Any)
===(other : YAML::Any)
, =~(other) =~, as(type : Class) as, as?(type : Class) as?, class class, dup dup, hash(hasher)
, in?(collection : Object) : Bool
in?(*values : Object) : Bool
, inspect(io : IO) : Nil
inspect : String
, is_a?(type : Class) : Bool is_a?, itself itself, nil? : Bool nil?, not_nil!(message)
, pretty_inspect(width = 79, newline = "\n", indent = 0) : String pretty_inspect, pretty_print(pp : PrettyPrint) : Nil pretty_print, responds_to?(name : Symbol) : Bool responds_to?, tap(&) tap, to_json(io : IO) : Nil
to_json : String
, to_pretty_json(indent : String = " ") : String
to_pretty_json(io : IO, indent : String = " ") : Nil
, to_s(io : IO) : Nil
to_s : String
, to_yaml(io : IO) : Nil
to_yaml : String
, try(&) try, unsafe_as(type : T.class) forall T unsafe_as

Class methods inherited from class Object

from_json(string_or_io, root : String)
, from_yaml(string_or_io : String | IO) from_yaml

Macros inherited from class Object

class_getter(*names, &block) class_getter, class_getter!(*names) class_getter!, class_getter?(*names, &block) class_getter?, class_property(*names, &block) class_property, class_property!(*names) class_property!, class_property?(*names, &block) class_property?, class_setter(*names) class_setter, def_clone def_clone, def_equals(*fields) def_equals, def_equals_and_hash(*fields) def_equals_and_hash, def_hash(*fields) def_hash, delegate(*methods, to object) delegate, forward_missing_to(delegate) forward_missing_to, getter(*names, &block) getter, getter!(*names) getter!, getter?(*names, &block) getter?, property(*names, &block) property, property!(*names) property!, property?(*names, &block) property?, setter(*names) setter

Constructor Detail

def self.from_hash(params) : self #

Configures a client context from a hash-like interface.

require "openssl"

context = OpenSSL::SSL::Context::Client.from_hash({"key" => "private.key", "cert" => "certificate.crt", "ca" => "ca.pem"})


  • key (required): Path to private key file. See #private_key=.
  • cert (required): Path to the file containing the public certificate chain. See #certificate_chain=.
  • verify_mode: Either peer, force-peer, none or empty (default: peer). See verify_mode=.
  • ca: Path to a file containing the CA certificate chain or a directory containing all CA certificates. See #ca_certificates= and #ca_certificates_path=, respectively. Required if verify_mode is peer, force-peer or empty.

[View source]
def self.insecure(method : LibSSL::SSLMethod = Context.default_method) : self #

Returns a new TLS client context with only the given method set.

For everything else this uses the defaults of your OpenSSL. Use this only if undoing the defaults that .new sets is too much hassle.

[View source]
def : LibSSL::SSLMethod = Context.default_method) #

Generates a new TLS client context with sane defaults for a client connection.

Defaults to TLS_method or SSLv23_method (depending on OpenSSL version) which tells OpenSSL to negotiate the TLS or SSL protocol with the remote endpoint.

Don't change the method unless you must restrict a specific protocol to be used (eg: TLSv1.2) and nothing else. You should specify options to disable specific protocols, yet allow to negotiate from various other ones. For example the following snippet will enable the TLSv1, TLSv1.1 and TLSv1.2 protocols but disable the deprecated SSLv2 and SSLv3 protocols:

require "openssl"

context =
context.add_options(OpenSSL::SSL::Options::NO_SSL_V2 | OpenSSL::SSL::Options::NO_SSL_V3)

[View source]