Skip to content

class OpenSSL::SSL::Context::Server
inherits OpenSSL::SSL::Context

Class methods

.from_hash(params) : self

Configures a server from a hash-like interface.

require "openssl"

context = OpenSSL::SSL::Context::Client.from_hash({"key" => "private.key", "cert" => "certificate.crt", "ca" => "ca.pem"})

Params:

View source

.insecure(method : LibSSL::SSLMethod = Context.default_method) : self

Returns a new TLS server context with only the given method set.

For everything else this uses the defaults of your OpenSSL. Use this only if undoing the defaults that new sets is too much hassle.

View source

.new(method : LibSSL::SSLMethod = Context.default_method)

Generates a new TLS server context with sane defaults for a server connection.

Defaults to TLS_method or SSLv23_method (depending on OpenSSL version) which tells OpenSSL to negotiate the TLS or SSL protocol with the remote endpoint.

Don't change the method unless you must restrict a specific protocol to be used (eg: TLSv1.2) and nothing else. You should specify options to disable specific protocols, yet allow to negotiate from various other ones. For example the following snippet will enable the TLSv1, TLSv1.1 and TLSv1.2 protocols but disable the deprecated SSLv2 and SSLv3 protocols:

context = OpenSSL::SSL::Context::Server.new
context.add_options(OpenSSL::SSL::Options::NO_SSL_V2 | OpenSSL::SSL::Options::NO_SSL_V3)

It uses CIPHERS_INTERMEDIATE compatibility level by default.

View source

Methods

#disable_session_resume_tickets

Disables all session ticket generation for this context. Tickets are used to resume earlier sessions more quickly, but in TLS 1.3 if the client connects, sends data, and closes the connection unidirectionally, the server connects, then sends a ticket after the connect handshake, the ticket send can fail with Broken Pipe. So if you have that kind of behavior (clients that never read) call this method.

View source