Type:
Class
Constants:
DEFAULT_PARAMS
:
{
:ssl_version => "SSLv23",
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
:ciphers => %w{
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
DHE-DSS-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384
DHE-DSS-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
DHE-DSS-AES128-SHA256
DHE-DSS-AES256-SHA256
DHE-DSS-AES128-SHA
DHE-DSS-AES256-SHA
AES128-GCM-SHA256
AES256-GCM-SHA384
AES128-SHA256
AES256-SHA256
AES128-SHA
AES256-SHA
ECDHE-ECDSA-RC4-SHA
ECDHE-RSA-RC4-SHA
RC4-SHA
}.join(":"),
:options => -> {
opts = OpenSSL::SSL::OP_ALL
opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS)
opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2)
opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3)
opts
}.call
}
DEFAULT_CERT_STORE
:
OpenSSL::X509::Store.new
SESSION_CACHE_OFF
:
LONG2FIX(SSL_SESS_CACHE_OFF)
No session caching for client or server
SESSION_CACHE_CLIENT
:
LONG2FIX(SSL_SESS_CACHE_CLIENT)
Client sessions are added to the session cache
SESSION_CACHE_SERVER
:
LONG2FIX(SSL_SESS_CACHE_SERVER)
Server sessions are added to the session cache
SESSION_CACHE_BOTH
:
LONG2FIX(SSL_SESS_CACHE_BOTH)
Both client and server sessions are added to the session cache
SESSION_CACHE_NO_AUTO_CLEAR
:
LONG2FIX(SSL_SESS_CACHE_NO_AUTO_CLEAR)
Normally the session cache is checked for expired sessions every 255
connections. Since this may lead to a delay that cannot be controlled, the
automatic flushing may be disabled and flush_sessions can be
called explicitly.
SESSION_CACHE_NO_INTERNAL_LOOKUP
:
LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
Always perform external lookups of sessions even if they are in the
internal cache.
This flag has no effect on clients
SESSION_CACHE_NO_INTERNAL_STORE
:
LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL_STORE)
Never automatically store sessions in the internal store.
SESSION_CACHE_NO_INTERNAL
:
LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL)
Enables both SESSION_CACHE_NO_INTERNAL_LOOKUP
and SESSION_CACHE_NO_INTERNAL_STORE.
METHODS
:
ary
The list of available SSL/TLS methods
An SSLContext is used to set various options
regarding certificates, algorithms, verification, session caching, etc.
The SSLContext is used to create an SSLSocket.
All attributes must be set before creating an SSLSocket as the SSLContext will be frozen afterward.
The following attributes are available but don't show up in rdoc:
-
ssl_version, cert, key, #client_ca, #ca_file, #ca_path, timeout,
-
#verify_mode, #verify_depth #client_cert_cb, #tmp_dh_callback,
-
#session_id_context,
session_add_cb, #session_new_cb, #session_remove_cb