Type:
Class
Constants:
DEFAULT_PARAMS : { :ssl_version => "SSLv23", :verify_mode => OpenSSL::SSL::VERIFY_PEER, :ciphers => %w{ ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-DSS-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-DSS-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-DSS-AES128-SHA256 DHE-DSS-AES256-SHA256 DHE-DSS-AES128-SHA DHE-DSS-AES256-SHA AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA ECDHE-ECDSA-RC4-SHA ECDHE-RSA-RC4-SHA RC4-SHA }.join(":"), :options => -> { opts = OpenSSL::SSL::OP_ALL opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2) opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3) opts }.call }
DEFAULT_CERT_STORE : OpenSSL::X509::Store.new
SESSION_CACHE_OFF : LONG2FIX(SSL_SESS_CACHE_OFF)

No session caching for client or server

SESSION_CACHE_CLIENT : LONG2FIX(SSL_SESS_CACHE_CLIENT)

Client sessions are added to the session cache

SESSION_CACHE_SERVER : LONG2FIX(SSL_SESS_CACHE_SERVER)

Server sessions are added to the session cache

SESSION_CACHE_BOTH : LONG2FIX(SSL_SESS_CACHE_BOTH)

Both client and server sessions are added to the session cache

SESSION_CACHE_NO_AUTO_CLEAR : LONG2FIX(SSL_SESS_CACHE_NO_AUTO_CLEAR)

Normally the session cache is checked for expired sessions every 255 connections. Since this may lead to a delay that cannot be controlled, the automatic flushing may be disabled and flush_sessions can be called explicitly.

SESSION_CACHE_NO_INTERNAL_LOOKUP : LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)

Always perform external lookups of sessions even if they are in the internal cache.

This flag has no effect on clients

SESSION_CACHE_NO_INTERNAL_STORE : LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL_STORE)

Never automatically store sessions in the internal store.

SESSION_CACHE_NO_INTERNAL : LONG2FIX(SSL_SESS_CACHE_NO_INTERNAL)

Enables both SESSION_CACHE_NO_INTERNAL_LOOKUP and SESSION_CACHE_NO_INTERNAL_STORE.

METHODS : ary

The list of available SSL/TLS methods

An SSLContext is used to set various options regarding certificates, algorithms, verification, session caching, etc. The SSLContext is used to create an SSLSocket.

All attributes must be set before creating an SSLSocket as the SSLContext will be frozen afterward.

The following attributes are available but don't show up in rdoc:

  • ssl_version, cert, key, #client_ca, #ca_file, #ca_path, timeout,

  • #verify_mode, #verify_depth #client_cert_cb, #tmp_dh_callback,

  • #session_id_context, session_add_cb, #session_new_cb, #session_remove_cb

session_cache_mode=

ctx.session_cache_mode=(integer) â Integer Instance Public methods Sets the

2015-04-26 03:01:12
session_remove

ctx.session_remove(session) â true | false Instance Public methods Removes

2015-04-26 03:15:23
set_params

set_params(params={}) Instance Public methods Sets the parameters for this

2015-04-26 03:16:20
ciphers=

ctx.ciphers = "cipher1:cipher2:..."ctx.ciphers = [name, ...]ctx.ciphers = [[name, version, bits, alg_bits], ...]

2015-04-26 02:41:01