diff options
author | Ransom Richardson <[email protected]> | 2014-04-29 20:15:02 +0000 |
---|---|---|
committer | Ransom Richardson <[email protected]> | 2014-04-30 20:21:18 +0000 |
commit | 39795adb5376ae940b249fa91b147d732a89f67e (patch) | |
tree | 7c3c94c35fca46b2b0c09fcd5811cd4f5742979c | |
parent | ad2c080dc2825c9c705f8e542298253834abee1c (diff) | |
download | ranch-39795adb5376ae940b249fa91b147d732a89f67e.tar.gz ranch-39795adb5376ae940b249fa91b147d732a89f67e.tar.bz2 ranch-39795adb5376ae940b249fa91b147d732a89f67e.zip |
additional ssl option support
-rw-r--r-- | manual/ranch_ssl.md | 11 | ||||
-rw-r--r-- | src/ranch_ssl.erl | 14 |
2 files changed, 20 insertions, 5 deletions
diff --git a/manual/ranch_ssl.md b/manual/ranch_ssl.md index 4d473ba..af271a5 100644 --- a/manual/ranch_ssl.md +++ b/manual/ranch_ssl.md @@ -14,10 +14,12 @@ Types | {ciphers, [ssl:erl_cipher_suite()] | string()} | {fail_if_no_peer_cert, boolean()} | {hibernate_after, integer() | undefined} + | {honor_cipher_order, boolean()} | {ip, inet:ip_address()} | {key, Der::binary()} | {keyfile, string()} | {linger, {boolean(), non_neg_integer()}} + | {log_alert, boolean()} | {next_protocols_advertised, [binary()]} | {nodelay, boolean()} | {password, string()} @@ -29,7 +31,8 @@ Types | {send_timeout, timeout()} | {send_timeout_close, boolean()} | {verify, ssl:verify_type()} - | {verify_fun, {fun(), InitialUserState::term()}}] + | {verify_fun, {fun(), InitialUserState::term()}}, + | {versions, [atom()]}]. > Listen options. > @@ -61,6 +64,8 @@ The default value is given next to the option name. - Whether to refuse the connection if the client sends an empty certificate. - hibernate_after (undefined) - Time in ms after which SSL socket processes go into hibernation to reduce memory usage. + - honor_cipher_order (false) + - If true, use the server's preference for cipher selection. If false (the default), use the client's preference. - ip - Interface to listen on. Listen on all interfaces by default. - key @@ -69,6 +74,8 @@ The default value is given next to the option name. - Path to the PEM encoded private key file, if different than the certfile. - linger ({false, 0}) - Whether to wait and how long to flush data sent before closing the socket. + - log_alert (true) + - If false, error reports will not be displayed. - next_protocols_advertised - List of protocols to send to the client if it supports the Next Protocol extension. - nodelay (true) @@ -91,6 +98,8 @@ The default value is given next to the option name. - Use `verify_peer` to request a certificate from the client. - verify_fun - Custom policy to decide whether a client certificate is valid. + - versions + - TLS protocol versions that will be supported. Note that the client will not send a certificate unless the value for the `verify` option is set to `verify_peer`. This diff --git a/src/ranch_ssl.erl b/src/ranch_ssl.erl index 29e72f4..46bd12d 100644 --- a/src/ranch_ssl.erl +++ b/src/ranch_ssl.erl @@ -42,10 +42,12 @@ | {ciphers, [ssl:erl_cipher_suite()] | string()} | {fail_if_no_peer_cert, boolean()} | {hibernate_after, integer() | undefined} + | {honor_cipher_order, boolean()} | {ip, inet:ip_address()} | {key, Der::binary()} | {keyfile, string()} | {linger, {boolean(), non_neg_integer()}} + | {log_alert, boolean()} | {next_protocols_advertised, [binary()]} | {nodelay, boolean()} | {password, string()} @@ -58,7 +60,8 @@ | {send_timeout, timeout()} | {send_timeout_close, boolean()} | {verify, ssl:verify_type()} - | {verify_fun, {fun(), InitialUserState::term()}}]. + | {verify_fun, {fun(), InitialUserState::term()}} + | {versions, [atom()]}]. -export_type([opts/0]). name() -> ssl. @@ -79,10 +82,13 @@ listen(Opts) -> %% first argument. ssl:listen(0, ranch:filter_options(Opts5, [backlog, cacertfile, cacerts, cert, certfile, ciphers, - fail_if_no_peer_cert, hibernate_after, ip, key, keyfile, - linger, next_protocols_advertised, nodelay, password, port, raw, + fail_if_no_peer_cert, hibernate_after, + honor_cipher_order, ip, key, keyfile, linger, + next_protocols_advertised, nodelay, + log_alert, password, port, raw, reuse_session, reuse_sessions, secure_renegotiate, - send_timeout, send_timeout_close, verify, verify_fun], + send_timeout, send_timeout_close, verify, verify_fun, + versions], [binary, {active, false}, {packet, raw}, {reuseaddr, true}, {nodelay, true}])). |