diff options
author | Loïc Hoguin <[email protected]> | 2015-08-22 13:15:08 +0200 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2015-08-22 13:15:08 +0200 |
commit | f4c6da56d4fe9494f4fe23c48b8d7c3c1e9e6b42 (patch) | |
tree | 5f73255bbd51d46fccf371ff7cdd67c6bea8e7b7 /manual/ranch_ssl.md | |
parent | d30408b2e8c14c0e56ce997f5aff0010c03cef0b (diff) | |
download | ranch-f4c6da56d4fe9494f4fe23c48b8d7c3c1e9e6b42.tar.gz ranch-f4c6da56d4fe9494f4fe23c48b8d7c3c1e9e6b42.tar.bz2 ranch-f4c6da56d4fe9494f4fe23c48b8d7c3c1e9e6b42.zip |
Convert the documentation to Asciidoc
Diffstat (limited to 'manual/ranch_ssl.md')
-rw-r--r-- | manual/ranch_ssl.md | 135 |
1 files changed, 0 insertions, 135 deletions
diff --git a/manual/ranch_ssl.md b/manual/ranch_ssl.md deleted file mode 100644 index 13790d6..0000000 --- a/manual/ranch_ssl.md +++ /dev/null @@ -1,135 +0,0 @@ -ranch_ssl -========= - -The `ranch_ssl` module implements an SSL Ranch transport. - -Types ------ - -### ssl_opt() = {alpn_preferred_protocols, [binary()]} - | {cacertfile, string()} - | {cacerts, [public_key:der_encoded()]} - | {cert, public_key:der_encoded()} - | {certfile, string()} - | {ciphers, [ssl:erl_cipher_suite()] | string()} - | {client_renegotiation, boolean()} - | {crl_cache, {module(), {internal | any(), list()}}} - | {crl_check, boolean() | peer | best_effort} - | {depth, 0..255} - | {dh, public_key:der_encoded()} - | {dhfile, string()} - | {fail_if_no_peer_cert, boolean()} - | {hibernate_after, integer() | undefined} - | {honor_cipher_order, boolean()} - | {key, {'RSAPrivateKey' | 'DSAPrivateKey' | 'PrivateKeyInfo', public_key:der_encoded()}} - | {keyfile, string()} - | {log_alert, boolean()} - | {next_protocols_advertised, [binary()]} - | {partial_chain, fun(([public_key:der_encoded()]) -> {trusted_ca, public_key:der_encoded()} | unknown_ca)} - | {password, string()} - | {psk_identity, string()} - | {reuse_session, fun()} - | {reuse_sessions, boolean()} - | {secure_renegotiate, boolean()} - | {sni_fun, fun()} - | {sni_hosts, [{string(), ssl_opt()}]} - | {user_lookup_fun, {fun(), any()}} - | {verify, ssl:verify_type()} - | {verify_fun, {fun(), any()}} - | {versions, [atom()]}. - -> SSL-specific listen options. - -### opt() = ranch_tcp:opt() | ssl_opt() - -> Listen options. - -### opts() = [opt()] - -> List of listen options. - -Option descriptions -------------------- - -Specifying a certificate is mandatory, either through the `cert` -or the `certfile` option. None of the other options are required. - -The default value is given next to the option name. - - - alpn_preferred_protocols - - Perform Application-Layer Protocol Negotiation with the given list of preferred protocols. - - cacertfile - - Path to PEM encoded trusted certificates file used to verify peer certificates. - - cacerts - - List of DER encoded trusted certificates. - - cert - - DER encoded user certificate. - - certfile - - Path to the PEM encoded user certificate file. May also contain the private key. - - ciphers - - List of ciphers that clients are allowed to use. - - client_renegotiation (true) - - Whether to allow client-initiated renegotiation. - - crl_cache ({ssl_crl_cache, {internal, []}}) - - Customize the module used to cache Certificate Revocation Lists. - - crl_check (false) - - Whether to perform CRL check on all certificates in the chain during validation. - - depth (1) - - Maximum of intermediate certificates allowed in the certification path. - - dh - - DER encoded Diffie-Hellman parameters. - - dhfile - - Path to the PEM encoded Diffie-Hellman parameters file. - - fail_if_no_peer_cert (false) - - Whether to refuse the connection if the client sends an empty certificate. - - hibernate_after (undefined) - - Time in ms after which SSL socket processes go into hibernation to reduce memory usage. - - honor_cipher_order (false) - - If true, use the server's preference for cipher selection. If false, use the client's preference. - - key - - DER encoded user private key. - - keyfile - - Path to the PEM encoded private key file, if different than the certfile. - - log_alert (true) - - If false, error reports will not be displayed. - - next_protocols_advertised - - List of protocols to send to the client if it supports the Next Protocol extension. - - nodelay (true) - - Whether to enable TCP_NODELAY. - - partial_chain - - Claim an intermediate CA in the chain as trusted. - - password - - Password to the private key file, if password protected. - - psk_identity - - Provide the given PSK identity hint to the client during the handshake. - - reuse_session - - Custom policy to decide whether a session should be reused. - - reuse_sessions (false) - - Whether to allow session reuse. - - secure_renegotiate (false) - - Whether to reject renegotiation attempts that do not conform to RFC5746. - - sni_fun - - Function called when the client requests a host using Server Name Indication. Returns options to apply. - - sni_hosts - - Options to apply for the host that matches what the client requested with Server Name Indication. - - user_lookup_fun - - Function called to determine the shared secret when using PSK, or provide parameters when using SRP. - - verify (verify_none) - - Use `verify_peer` to request a certificate from the client. - - verify_fun - - Custom policy to decide whether a client certificate is valid. - - versions - - TLS protocol versions that will be supported. - -Note that the client will not send a certificate unless the -value for the `verify` option is set to `verify_peer`. This -means that the `fail_if_no_peer_cert` only apply when combined -with the `verify` option. The `verify_fun` option allows -greater control over the client certificate validation. - -The options `sni_fun` and `sni_hosts` are mutually exclusive. - -Exports -------- - -None. |