An SSLContext is used to set various options regarding certificates, algorithms, verification, session caching, etc. The SSLContext is used to create an SSLSocket.
All attributes must be set before creating an SSLSocket as the SSLContext will be frozen afterward.
Constants
DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_\n-----BEGIN DH PARAMETERS-----\nMIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY\nJbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab\nVBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6\nYoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3\n1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD\n7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg==\n-----END DH PARAMETERS-----\n_end_of_pem_
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new # :nodoc:
DEFAULT_PARAMS = { # :nodoc:\n:min_version => OpenSSL::SSL::TLS1_VERSION,\n:verify_mode => OpenSSL::SSL::VERIFY_PEER,\n:verify_hostname => true,\n:options => -> {\nopts = OpenSSL::SSL::OP_ALL\nopts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS\nopts |= OpenSSL::SSL::OP_NO_COMPRESSION\nopts\n}.call\n}
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:\nwarn "using default DH parameters." if $VERBOSE\nDEFAULT_2048\n}
METHODS = METHODS_MAP.flat_map { |name,|\n[name, :"#{name}_client", :"#{name}_server"]\n}.freeze
METHODS_MAP = {\nSSLv23: 0,\nSSLv2: OpenSSL::SSL::SSL2_VERSION,\nSSLv3: OpenSSL::SSL::SSL3_VERSION,\nTLSv1: OpenSSL::SSL::TLS1_VERSION,\nTLSv1_1: OpenSSL::SSL::TLS1_1_VERSION,\nTLSv1_2: OpenSSL::SSL::TLS1_2_VERSION,\n}.freeze
SESSION_CACHE_BOTH = LONG2NUM(SSL_SESS_CACHE_BOTH)
SESSION_CACHE_CLIENT = LONG2NUM(SSL_SESS_CACHE_CLIENT)
SESSION_CACHE_NO_AUTO_CLEAR = LONG2NUM(SSL_SESS_CACHE_NO_AUTO_CLEAR)
SESSION_CACHE_NO_INTERNAL = LONG2NUM(SSL_SESS_CACHE_NO_INTERNAL)
SESSION_CACHE_NO_INTERNAL_LOOKUP = LONG2NUM(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
SESSION_CACHE_NO_INTERNAL_STORE = LONG2NUM(SSL_SESS_CACHE_NO_INTERNAL_STORE)
SESSION_CACHE_OFF = LONG2NUM(SSL_SESS_CACHE_OFF)
SESSION_CACHE_SERVER = LONG2NUM(SSL_SESS_CACHE_SERVER)
Attributes
| [RW] | alpn_protocols |
| [RW] | alpn_select_cb |
| [RW] | ca_file |
| [RW] | ca_path |
| [RW] | cert |
| [RW] | cert_store |
| [RW] | client_ca |
| [RW] | client_cert_cb |
| [RW] | extra_chain_cert |
| [RW] | key |
| [RW] | npn_protocols |
| [RW] | npn_select_cb |
| [RW] | renegotiation_cb |
| [RW] | servername_cb |
| [RW] | session_get_cb |
| [RW] | session_id_context |
| [RW] | session_new_cb |
| [RW] | session_remove_cb |
| [RW] | ssl_timeout |
| [RW] | timeout |
| [RW] | tmp_dh_callback |
| [RW] | tmp_ecdh_callback |
| [RW] | verify_callback |
| [RW] | verify_depth |
| [RW] | verify_hostname |
| [RW] | verify_mode |
Files
- ext/openssl/lib/openssl/ssl.rb
- ext/openssl/ossl_ssl.c
- add_certificate
- ciphers
- ciphers=
- ecdh_curves=
- enable_fallback_scsv
- flush_sessions
- freeze
- max_version=
- min_version=
- options
- options=
- security_level
- security_level=
- session_add
- session_cache_mode
- session_cache_mode=
- session_cache_size
- session_cache_size=
- session_cache_stats
- session_remove
- set_params
- setup
- ssl_version=
- new
-
set_minmax_proto_version