The following attributes are available but don't show up in rdoc.

  • io, context, sync_close


Class Methods


No documentation available

Instance Methods


Waits for a SSL/TLS client to initiate a handshake. The handshake may be started after unencrypted data has been sent over the socket.

Initiates the SSL/TLS handshake as a server in non-blocking manner.

# emulates blocking accept
begin
  ssl.accept_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end

By specifying `exception: false`, the options hash allows you to indicate that accept_nonblock should not raise an IO::WaitReadable or IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.

Returns the ALPN protocol string that was finally selected by the client during the handshake.

The X509 certificate for this socket endpoint.

The cipher being used for the current connection

Returns the list of client CAs. Please note that in contrast to SSLContext#client_ca= no array of X509::Certificate is returned but X509::Name instances of the CA's subject distinguished name.

In server mode, returns the list set by SSLContext#client_ca=. In client mode, returns the list of client CAs sent from the server.

No documentation available

Initiates an SSL/TLS handshake with a server. The handshake may be started after unencrypted data has been sent over the socket.

Initiates the SSL/TLS handshake as a client in non-blocking manner.

# emulates blocking connect
begin
  ssl.connect_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end

By specifying `exception: false`, the options hash allows you to indicate that connect_nonblock should not raise an IO::WaitReadable or IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.

Returns the protocol string that was finally selected by the client during the handshake.

The X509 certificate for this socket's peer.

The X509 certificate chain for this socket's peer.

The number of bytes that are immediately available for reading

Perform hostname verification after an SSL connection is established

This method MUST be called after calling connect to ensure that the hostname of a remote peer has been verified.

No documentation available

Sets the Session to be used when the connection is established.

No documentation available
No documentation available

Returns true if a reused session was negotiated during the handshake.

Returns a String representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.

A description of the current connection state.

Sends “close notify” to the peer and tries to shut down the SSL connection gracefully.

Sends “close notify” to the peer and tries to shut down the SSL connection gracefully.

If sync_close is set to true, the underlying IO is also closed.

Reads length bytes from the SSL connection. If a pre-allocated buffer is provided the data will be written into it.

A non-blocking version of sysread. Raises an SSLError if reading would block. If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.

Reads length bytes from the SSL connection. If a pre-allocated buffer is provided the data will be written into it.

Writes string to the SSL connection.

Writes string to the SSL connection in a non-blocking manner. Raises an SSLError if writing would block.

No documentation available
No documentation available
No documentation available

Returns the result of the peer certificates verification. See verify(1) for error values and descriptions.

If no peer certificate was presented X509_V_OK is returned.