aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLoïc Hoguin <[email protected]>2014-06-03 12:54:11 +0200
committerLoïc Hoguin <[email protected]>2014-06-03 12:54:11 +0200
commita224a9b5b1e485ccfbd826bd2e03054379d3e94e (patch)
tree7c3c94c35fca46b2b0c09fcd5811cd4f5742979c
parentad2c080dc2825c9c705f8e542298253834abee1c (diff)
parent39795adb5376ae940b249fa91b147d732a89f67e (diff)
downloadranch-a224a9b5b1e485ccfbd826bd2e03054379d3e94e.tar.gz
ranch-a224a9b5b1e485ccfbd826bd2e03054379d3e94e.tar.bz2
ranch-a224a9b5b1e485ccfbd826bd2e03054379d3e94e.zip
Merge branch 'ssl_options' of git://github.com/talko/ranch
-rw-r--r--manual/ranch_ssl.md11
-rw-r--r--src/ranch_ssl.erl14
2 files changed, 20 insertions, 5 deletions
diff --git a/manual/ranch_ssl.md b/manual/ranch_ssl.md
index 4d473ba..af271a5 100644
--- a/manual/ranch_ssl.md
+++ b/manual/ranch_ssl.md
@@ -14,10 +14,12 @@ Types
| {ciphers, [ssl:erl_cipher_suite()] | string()}
| {fail_if_no_peer_cert, boolean()}
| {hibernate_after, integer() | undefined}
+ | {honor_cipher_order, boolean()}
| {ip, inet:ip_address()}
| {key, Der::binary()}
| {keyfile, string()}
| {linger, {boolean(), non_neg_integer()}}
+ | {log_alert, boolean()}
| {next_protocols_advertised, [binary()]}
| {nodelay, boolean()}
| {password, string()}
@@ -29,7 +31,8 @@ Types
| {send_timeout, timeout()}
| {send_timeout_close, boolean()}
| {verify, ssl:verify_type()}
- | {verify_fun, {fun(), InitialUserState::term()}}]
+ | {verify_fun, {fun(), InitialUserState::term()}},
+ | {versions, [atom()]}].
> Listen options.
>
@@ -61,6 +64,8 @@ The default value is given next to the option name.
- Whether to refuse the connection if the client sends an empty certificate.
- hibernate_after (undefined)
- Time in ms after which SSL socket processes go into hibernation to reduce memory usage.
+ - honor_cipher_order (false)
+ - If true, use the server's preference for cipher selection. If false (the default), use the client's preference.
- ip
- Interface to listen on. Listen on all interfaces by default.
- key
@@ -69,6 +74,8 @@ The default value is given next to the option name.
- Path to the PEM encoded private key file, if different than the certfile.
- linger ({false, 0})
- Whether to wait and how long to flush data sent before closing the socket.
+ - log_alert (true)
+ - If false, error reports will not be displayed.
- next_protocols_advertised
- List of protocols to send to the client if it supports the Next Protocol extension.
- nodelay (true)
@@ -91,6 +98,8 @@ The default value is given next to the option name.
- Use `verify_peer` to request a certificate from the client.
- verify_fun
- Custom policy to decide whether a client certificate is valid.
+ - versions
+ - TLS protocol versions that will be supported.
Note that the client will not send a certificate unless the
value for the `verify` option is set to `verify_peer`. This
diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl
index 29e72f4..46bd12d 100644
--- a/src/ranch_ssl.erl
+++ b/src/ranch_ssl.erl
@@ -42,10 +42,12 @@
| {ciphers, [ssl:erl_cipher_suite()] | string()}
| {fail_if_no_peer_cert, boolean()}
| {hibernate_after, integer() | undefined}
+ | {honor_cipher_order, boolean()}
| {ip, inet:ip_address()}
| {key, Der::binary()}
| {keyfile, string()}
| {linger, {boolean(), non_neg_integer()}}
+ | {log_alert, boolean()}
| {next_protocols_advertised, [binary()]}
| {nodelay, boolean()}
| {password, string()}
@@ -58,7 +60,8 @@
| {send_timeout, timeout()}
| {send_timeout_close, boolean()}
| {verify, ssl:verify_type()}
- | {verify_fun, {fun(), InitialUserState::term()}}].
+ | {verify_fun, {fun(), InitialUserState::term()}}
+ | {versions, [atom()]}].
-export_type([opts/0]).
name() -> ssl.
@@ -79,10 +82,13 @@ listen(Opts) ->
%% first argument.
ssl:listen(0, ranch:filter_options(Opts5,
[backlog, cacertfile, cacerts, cert, certfile, ciphers,
- fail_if_no_peer_cert, hibernate_after, ip, key, keyfile,
- linger, next_protocols_advertised, nodelay, password, port, raw,
+ fail_if_no_peer_cert, hibernate_after,
+ honor_cipher_order, ip, key, keyfile, linger,
+ next_protocols_advertised, nodelay,
+ log_alert, password, port, raw,
reuse_session, reuse_sessions, secure_renegotiate,
- send_timeout, send_timeout_close, verify, verify_fun],
+ send_timeout, send_timeout_close, verify, verify_fun,
+ versions],
[binary, {active, false}, {packet, raw},
{reuseaddr, true}, {nodelay, true}])).