module OpenSSL
Overview
OpenSSL Integration
- TLS sockets need a context, potentially with keys (required for servers) and configuration.
- TLS sockets will wrap the underlying TCP socket, and any further communication must happen through the
OpenSSL::SSL::Socket
only.
Usage Example
Recommended ciphers can be taken from:
- OWASP Wiki
- Cipherli.st
- Full list is available at OpenSSL Wiki
Do note that:
- Crystal does its best to provide sane configuration defaults (see Mozilla-Intermediate).
- Linked version of OpenSSL need to be checked for supporting specific protocols and ciphers.
- If any configurations or choices in Crystal regarding SSL settings and security are found to be lacking or need improvement please open an issue and let us know.
Server side
NOTE For the below example to work, a key pair should be attained.
require "socket"
require "openssl"
def server
# Bind new TCPSocket to port 5555
socket = TCPServer.new(5555)
context = OpenSSL::SSL::Context::Server.new
context.private_key = "/path/to/private.key"
context.certificate_chain = "/path/to/public.cert"
puts "Server is up"
socket.accept do |client|
puts "Got client"
bytes = Bytes.new(20)
ssl_socket = OpenSSL::SSL::Socket::Server.new(client, context)
ssl_socket.read(bytes)
puts String.new(bytes)
end
end
Client side
require "socket"
require "openssl"
def client
socket = TCPSocket.new("127.0.0.1", 5555)
context = OpenSSL::SSL::Context::Client.new
ssl_socket = OpenSSL::SSL::Socket::Client.new(socket, context)
ssl_socket << "Testing"
end
Defined in:
openssl.cropenssl/digest/digest_base.cr
openssl/digest/digest.cr
openssl/digest/digest_io.cr