class OpenSSL::SSL::Context::Client
inherits OpenSSL::SSL::Context
¶
Class methods¶
.from_hash(params) : self
¶
(params) : self
Configures a client context from a hash-like interface.
require "openssl"
context = OpenSSL::SSL::Context::Client.from_hash({"key" => "private.key", "cert" => "certificate.crt", "ca" => "ca.pem"})
Params:
key(required): Path to private key file. See#private_key=.cert(required): Path to the file containing the public certificate chain. See#certificate_chain=.verify_mode: Eitherpeer,force-peer,noneor empty (default:peer). Seeverify_mode=.ca: Path to a file containing the CA certificate chain or a directory containing all CA certificates. See#ca_certificates=and#ca_certificates_path=, respectively. Required ifverify_modeispeer,force-peeror empty.
.insecure(method : LibSSL::SSLMethod = Context.default_method) : self
¶
(method : LibSSL::SSLMethod = Context.default_method) : self
Returns a new TLS client context with only the given method set.
For everything else this uses the defaults of your OpenSSL.
Use this only if undoing the defaults that new sets is too much hassle.
.new(method : LibSSL::SSLMethod = Context.default_method)
¶
(method : LibSSL::SSLMethod = Context.default_method)
Generates a new TLS client context with sane defaults for a client connection.
Defaults to TLS_method or SSLv23_method (depending on OpenSSL version)
which tells OpenSSL to negotiate the TLS or SSL protocol with the remote
endpoint.
Don't change the method unless you must restrict a specific protocol to be used (eg: TLSv1.2) and nothing else. You should specify options to disable specific protocols, yet allow to negotiate from various other ones. For example the following snippet will enable the TLSv1, TLSv1.1 and TLSv1.2 protocols but disable the deprecated SSLv2 and SSLv3 protocols:
require "openssl"
context = OpenSSL::SSL::Context::Client.new
context.add_options(OpenSSL::SSL::Options::NO_SSL_V2 | OpenSSL::SSL::Options::NO_SSL_V3)
It uses CIPHERS_OLD compatibility level by default.