abstract class OpenSSL::SSL::Context

Direct Known Subclasses

Defined in:

openssl/ssl/context.cr

Constant Summary

CIPHERS = (["ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES128-SHA", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA", "ECDHE-ECDSA-DES-CBC3-SHA", "ECDHE-RSA-DES-CBC3-SHA", "EDH-RSA-DES-CBC3-SHA", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", "AES256-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "!RC4", "!aNULL", "!eNULL", "!LOW", "!3DES", "!MD5", "!EXP", "!PSK", "!SRP", "!DSS"] of ::String).join(' ')

The list of secure ciphers (intermediate security) as of May 2016 as per https://wiki.mozilla.org/Security/Server_Side_TLS

Constructors

Instance Method Summary

Instance methods inherited from class Reference

==(other : self)
==(other)
==
, dup dup, hash hash, inspect(io : IO) : Nil inspect, object_id : UInt64 object_id, pretty_print(pp) : Nil pretty_print, same?(other : Reference)
same?(other : Nil)
same?
, to_s(io : IO) : Nil to_s

Constructor methods inherited from class Reference

new new

Instance methods inherited from class Object

!=(other) !=, !~(other) !~, ==(other) ==, ===(other : JSON::Any)
===(other : YAML::Any)
===(other)
===
, =~(other) =~, class class, dup dup, hash hash, inspect(io : IO)
inspect
inspect
, itself itself, not_nil! not_nil!, pretty_inspect(width = 79, newline = "\n", indent = 0) : String pretty_inspect, pretty_print(pp : PrettyPrint) : Nil pretty_print, tap(&block) tap, to_json(io : IO)
to_json
to_json
, to_pretty_json(indent : String = " ")
to_pretty_json(io : IO, indent : String = " ")
to_pretty_json
, to_s
to_s(io : IO)
to_s
, to_yaml(io : IO)
to_yaml
to_yaml
, try(&block) try, unsafe_as(type : T.class) forall T unsafe_as

Constructor methods inherited from class Object

from_json(string_or_io, root : String) : self
from_json(string_or_io) : self
from_json
, from_yaml(string_or_io) : self from_yaml

Constructor Detail

def self.new(method : LibSSL::SSLMethod) #

View source

Instance Method Detail

def add_modes(mode : OpenSSL::SSL::Modes) #

Adds modes to the TLS context.


View source
def add_options(options : OpenSSL::SSL::Options) #

Adds options to the TLS context.

Example:

context.add_options(
  OpenSSL::SSL::Options::ALL |       # various workarounds
  OpenSSL::SSL::Options::NO_SSL_V2 | # disable overly deprecated SSLv2
  OpenSSL::SSL::Options::NO_SSL_V3   # disable deprecated SSLv3
)

View source
def ca_certificates=(file_path : String) #

Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.


View source
def ca_certificates_path=(dir_path : String) #

Sets the path to a directory containing all CA certificates used to validate the peers certificate. The certificates should be in PEM format and the c_rehash(1) utility must have been run in the directory.


View source
def certificate_chain=(file_path : String) #

Specify the path to the certificate chain file to use. In server mode this is presented to the client, in client mode this used as client certificate.


View source
def ciphers=(ciphers : String) #

Specify a list of TLS ciphers to use or discard.


View source
def finalize #

View source
def modes #

Returns the current modes set on the TLS context.


View source
def options #

Returns the current options set on the TLS context.


View source
def private_key=(file_path : String) #

Specify the path to the private key to use. The key must in PEM format. The key must correspond to the entity certificate set by #certificate_chain=.


View source
def remove_modes(mode : OpenSSL::SSL::Modes) #

Removes modes from the TLS context.


View source
def remove_options(options : OpenSSL::SSL::Options) #

Removes options from the TLS context.

Example:

context.remove_options(OpenSSL::SSL::Options::NO_SSL_V3)

View source
def set_default_verify_paths #

Sets the default paths for ca_certiifcates= and #ca_certificates_path=.


View source
def set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1) #

Adds a temporary ECDH key curve to the TLS context. This is required to enable the EECDH cipher suites. By default the prime256 curve will be used.


View source
def to_unsafe : LibSSL::SSLContext #

View source
def verify_mode #

Returns the current verify mode. See the SSL_CTX_set_verify(3) manpage for more details.


View source
def verify_mode=(mode : OpenSSL::SSL::VerifyMode) #

Sets the verify mode. See the SSL_CTX_set_verify(3) manpage for more details.


View source