W3cubDocs

/Crystal 0.31

abstract class OpenSSL::SSL::Context

Direct Known Subclasses

Defined in:

openssl/ssl/context.cr

Constant Summary

CIPHERS = (["ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", "ECDHE-ECDSA-AES128-GCM-SHA256", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "DHE-RSA-AES128-GCM-SHA256", "DHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES128-SHA256", "ECDHE-RSA-AES128-SHA256", "ECDHE-ECDSA-AES128-SHA", "ECDHE-RSA-AES256-SHA384", "ECDHE-RSA-AES128-SHA", "ECDHE-ECDSA-AES256-SHA384", "ECDHE-ECDSA-AES256-SHA", "ECDHE-RSA-AES256-SHA", "DHE-RSA-AES128-SHA256", "DHE-RSA-AES128-SHA", "DHE-RSA-AES256-SHA256", "DHE-RSA-AES256-SHA", "ECDHE-ECDSA-DES-CBC3-SHA", "ECDHE-RSA-DES-CBC3-SHA", "EDH-RSA-DES-CBC3-SHA", "AES128-GCM-SHA256", "AES256-GCM-SHA384", "AES128-SHA256", "AES256-SHA256", "AES128-SHA", "AES256-SHA", "DES-CBC3-SHA", "!RC4", "!aNULL", "!eNULL", "!LOW", "!3DES", "!MD5", "!EXP", "!PSK", "!SRP", "!DSS"] of ::String).join(' ')

The list of secure ciphers (intermediate security) as of May 2016 as per https://wiki.mozilla.org/Security/Server_Side_TLS

Instance Method Summary

Instance Method Detail

def add_modes(mode : OpenSSL::SSL::Modes)Source

Adds modes to the TLS context.

def add_options(options : OpenSSL::SSL::Options)Source

Adds options to the TLS context.

Example:

context.add_options(
  OpenSSL::SSL::Options::ALL |       # various workarounds
  OpenSSL::SSL::Options::NO_SSL_V2 | # disable overly deprecated SSLv2
  OpenSSL::SSL::Options::NO_SSL_V3   # disable deprecated SSLv3
)

def add_x509_verify_flags(flags : OpenSSL::X509VerifyFlags)Source

Sets the given OpenSSL::X509VerifyFlags in this context, additionally to the already set ones.

def alpn_protocol=(protocol : String)Source

Specifies an ALPN protocol to negotiate with the remote endpoint. This is required to negotiate HTTP/2 with browsers, since browser vendors decided not to implement HTTP/2 over insecure connections.

Example:

context.alpn_protocol = "h2"

def ca_certificates=(file_path : String)Source

Sets the path to a file containing all CA certificates, in PEM format, used to validate the peers certificate.

def ca_certificates_path=(dir_path : String)Source

Sets the path to a directory containing all CA certificates used to validate the peers certificate. The certificates should be in PEM format and the c_rehash(1) utility must have been run in the directory.

def certificate_chain=(file_path : String)Source

Specify the path to the certificate chain file to use. In server mode this is presented to the client, in client mode this used as client certificate.

def ciphers=(ciphers : String)Source

Specify a list of TLS ciphers to use or discard.

def default_verify_param=(name : String)Source

Sets this context verify param to the default one of the given name.

Depending on the OpenSSL version, the available defaults are default, pkcs7, smime_sign, ssl_client and ssl_server.

def finalizeSource

def modesSource

Returns the current modes set on the TLS context.

def optionsSource

Returns the current options set on the TLS context.

def private_key=(file_path : String)Source

Specify the path to the private key to use. The key must in PEM format. The key must correspond to the entity certificate set by #certificate_chain=.

def remove_modes(mode : OpenSSL::SSL::Modes)Source

Removes modes from the TLS context.

def remove_options(options : OpenSSL::SSL::Options)Source

Removes options from the TLS context.

Example:

context.remove_options(OpenSSL::SSL::Options::NO_SSL_V3)

def set_default_verify_pathsSource

Sets the default paths for ca_certiifcates= and #ca_certificates_path=.

def set_tmp_ecdh_key(curve = LibCrypto::NID_X9_62_prime256v1)Source

Adds a temporary ECDH key curve to the TLS context. This is required to enable the EECDH cipher suites. By default the prime256 curve will be used.

def to_unsafe : LibSSL::SSLContextSource

def verify_modeSource

Returns the current verify mode. See the SSL_CTX_set_verify(3) manpage for more details.

def verify_mode=(mode : OpenSSL::SSL::VerifyMode)Source

Sets the verify mode. See the SSL_CTX_set_verify(3) manpage for more details.

© 2012–2019 Manas Technology Solutions.
Licensed under the Apache License, Version 2.0.
https://crystal-lang.org/api/0.31.1/OpenSSL/SSL/Context.html