OpenSSL::SSL::Context
abstract class OpenSSL::SSL::Context
Direct Known Subclasses
Defined in:
openssl/ssl/context.crConstant Summary
- CIPHERS =
(["ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES128-SHA", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA", "ECDHE-ECDSA-DES-CBC3-SHA", "ECDHE-RSA-DES-CBC3-SHA", "EDH-RSA-DES-CBC3-SHA", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", "AES256-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "!RC4", "!aNULL", "!eNULL", "!LOW", "!3DES", "!MD5", "!EXP", "!PSK", "!SRP", "!DSS"] of ::String).join(' ')
-
The list of secure ciphers (intermediate security) as of May 2016 as per https://wiki.mozilla.org/Security/Server_Side_TLS
Class Method Summary
Instance Method Summary
- #add_modes(mode : OpenSSL::SSL::Modes)
Adds modes to the TLS context.
- #add_options(options : OpenSSL::SSL::Options)
Adds options to the TLS context.
- #add_x509_verify_flags(flags : OpenSSL::X509VerifyFlags)
Sets the given
OpenSSL::X509VerifyFlags
in this context, additionally to the already set ones. - #alpn_protocol=(protocol : String)
Specifies an ALPN protocol to negotiate with the remote endpoint.
- #ca_certificates=(file_path : String)
Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.
- #ca_certificates_path=(dir_path : String)
Sets the path to a directory containing all CA certificates used to validate the peers certificate.
- #certificate_chain=(file_path : String)
Specify the path to the certificate chain file to use.
- #ciphers=(ciphers : String)
Specify a list of TLS ciphers to use or discard.
- #default_verify_param=(name : String)
Set this context verify param to the default one of the given name.
- #finalize
- #modes
Returns the current modes set on the TLS context.
- #options
Returns the current options set on the TLS context.
- #private_key=(file_path : String)
Specify the path to the private key to use.
- #remove_modes(mode : OpenSSL::SSL::Modes)
Removes modes from the TLS context.
- #remove_options(options : OpenSSL::SSL::Options)
Removes options from the TLS context.
- #set_default_verify_paths
Sets the default paths for
ca_certiifcates=
and#ca_certificates_path=
. - #set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1)
Adds a temporary ECDH key curve to the TLS context.
- #to_unsafe : LibSSL::SSLContext
- #verify_mode
Returns the current verify mode.
- #verify_mode=(mode : OpenSSL::SSL::VerifyMode)
Sets the verify mode.
Instance methods inherited from class Reference
==(other : self)==(other) ==, dup dup, hash hash, inspect(io : IO) : Nil inspect, object_id : UInt64 object_id, pretty_print(pp) : Nil pretty_print, same?(other : Reference)
same?(other : Nil) same?, to_s(io : IO) : Nil to_s
Class methods inherited from class Reference
new new Instance methods inherited from class Object
!=(other) !=, !~(other) !~, ==(other) ==, ===(other : JSON::Any)===(other : YAML::Any)
===(other) ===, =~(other) =~, class class, dup dup, hash hash, inspect(io : IO)
inspect inspect, itself itself, not_nil! not_nil!, pretty_inspect(width = 79, newline = "\n", indent = 0) : String pretty_inspect, pretty_print(pp : PrettyPrint) : Nil pretty_print, tap(&block) tap, to_json(io : IO)
to_json to_json, to_pretty_json(indent : String = " ")
to_pretty_json(io : IO, indent : String = " ") to_pretty_json, to_s
to_s(io : IO) to_s, to_yaml(io : IO)
to_yaml to_yaml, try(&block) try
Class methods inherited from class Object
from_json(string_or_io, root : String) : selffrom_json(string_or_io) : self from_json, from_yaml(string_or_io) : self from_yaml
Class Method Detail
def self.new(method : LibSSL::SSLMethod)Source
Instance Method Detail
def add_modes(mode : OpenSSL::SSL::Modes)Source
Adds modes to the TLS context.
def add_options(options : OpenSSL::SSL::Options)Source
Adds options to the TLS context.
Example:
context.add_options( OpenSSL::SSL::Options::ALL | # various workarounds OpenSSL::SSL::Options::NO_SSLV2 | # disable overly deprecated SSLv2 OpenSSL::SSL::Options::NO_SSLV3 # disable deprecated SSLv3 )
def add_x509_verify_flags(flags : OpenSSL::X509VerifyFlags)Source
Sets the given OpenSSL::X509VerifyFlags
in this context, additionally to the already set ones.
def alpn_protocol=(protocol : String)Source
Specifies an ALPN protocol to negotiate with the remote endpoint. This is required to negotiate HTTP/2 with browsers, since browser vendors decided not to implement HTTP/2 over insecure connections.
Example:
context.alpn_protocol = "h2"
def ca_certificates=(file_path : String)Source
Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.
def ca_certificates_path=(dir_path : String)Source
Sets the path to a directory containing all CA certificates used to validate the peers certificate. The certificates should be in PEM format and the c_rehash(1)
utility must have been run in the directory.
def certificate_chain=(file_path : String)Source
Specify the path to the certificate chain file to use. In server mode this is presented to the client, in client mode this used as client certificate.
def default_verify_param=(name : String)Source
Set this context verify param to the default one of the given name.
Depending on the OpenSSL version, the available defaults are default
, pkcs7
, smime_sign
, ssl_client
and ssl_server
.
def finalizeSource
def modesSource
Returns the current modes set on the TLS context.
def optionsSource
Returns the current options set on the TLS context.
def private_key=(file_path : String)Source
Specify the path to the private key to use. The key must in PEM format. The key must correspond to the entity certificate set by #certificate_chain=
.
def remove_modes(mode : OpenSSL::SSL::Modes)Source
Removes modes from the TLS context.
def remove_options(options : OpenSSL::SSL::Options)Source
Removes options from the TLS context.
Example:
context.remove_options(OpenSSL::SSL::Options::NO_SSLV3)
def set_default_verify_pathsSource
Sets the default paths for ca_certiifcates=
and #ca_certificates_path=
.
def set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1)Source
Adds a temporary ECDH key curve to the TLS context. This is required to enable the EECDH cipher suites. By default the prime256 curve will be used.
def to_unsafe : LibSSL::SSLContextSource
def verify_modeSource
Returns the current verify mode. See the SSL_CTX_set_verify(3)
manpage for more details.
def verify_mode=(mode : OpenSSL::SSL::VerifyMode)Source
Sets the verify mode. See the SSL_CTX_set_verify(3)
manpage for more details.
© 2012–2017 Manas Technology Solutions.
Licensed under the Apache License, Version 2.0.
https://crystal-lang.org/api/0.22.0/OpenSSL/SSL/Context.html