Attributes
Read
No documentation available

io

Read

The underlying IO object.

Read

The underlying IO object.

Read

The SSLContext object used in this connection.

Read & Write

Whether to close the underlying socket as well, when the SSL/TLS connection is shut down. This defaults to false.

Class Methods

Creates a new SSL socket from io which must be a real IO object (not an IO-like object that responds to read/write).

If ctx is provided the SSL Sockets initial params will be taken from the context.

The OpenSSL::Buffering module provides additional IO methods.

This method will freeze the SSLContext if one is provided; however, session management is still allowed in the frozen SSLContext.

Creates a new instance of SSLSocket. remotehost_ and remoteport_ are used to open TCPSocket. If localhost_ and localport_ are specified, then those parameters are used on the local end to establish the connection. If context is provided, the SSL Sockets initial params will be taken from the context.

Examples

sock = OpenSSL::SSL::SSLSocket.open('localhost', 443)
sock.connect # Initiates a connection to localhost:443

with SSLContext:

ctx = OpenSSL::SSL::SSLContext.new
sock = OpenSSL::SSL::SSLSocket.open('localhost', 443, context: ctx)
sock.connect # Initiates a connection to localhost:443 with SSLContext
Instance Methods

Waits for a SSL/TLS client to initiate a handshake.

Initiates the SSL/TLS handshake as a server in non-blocking manner.

# emulates blocking accept
begin
  ssl.accept_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end

By specifying a keyword argument exception to false, you can indicate that accept_nonblock should not raise an IO::WaitReadable or IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.

Returns the ALPN protocol string that was finally selected by the server during the handshake.

The X509 certificate for this socket endpoint.

Returns the cipher suite actually used in the current session, or nil if no session has been established.

Returns the list of client CAs. Please note that in contrast to SSLContext#client_ca= no array of X509::Certificate is returned but X509::Name instances of the CA’s subject distinguished name.

In server mode, returns the list set by SSLContext#client_ca=. In client mode, returns the list of client CAs sent from the server.

No documentation available

Close the stream for reading. This method is ignored by OpenSSL as there is no reasonable way to implement it, but exists for compatibility with IO.

Closes the stream for writing. The behavior of this method depends on the version of OpenSSL and the TLS protocol in use.

  • Sends a ‘close_notify’ alert to the peer.

  • Does not wait for the peer’s ‘close_notify’ alert in response.

In TLS 1.2 and earlier:

  • On receipt of a ‘close_notify’ alert, responds with a ‘close_notify’ alert of its own and close down the connection immediately, discarding any pending writes.

Therefore, on TLS 1.2, this method will cause the connection to be completely shut down. On TLS 1.3, the connection will remain open for reading only.

Initiates an SSL/TLS handshake with a server.

Initiates the SSL/TLS handshake as a client in non-blocking manner.

# emulates blocking connect
begin
  ssl.connect_nonblock
rescue IO::WaitReadable
  IO.select([s2])
  retry
rescue IO::WaitWritable
  IO.select(nil, [s2])
  retry
end

By specifying a keyword argument exception to false, you can indicate that connect_nonblock should not raise an IO::WaitReadable or IO::WaitWritable exception, but return the symbol :wait_readable or :wait_writable instead.

Enables use of shared session key material in accordance with RFC 5705.

Returns the last Finished message sent

Sets the server hostname used for SNI. This needs to be set before SSLSocket#connect.

Returns the protocol string that was finally selected by the client during the handshake.

The X509 certificate for this socket’s peer.

The X509 certificate chain for this socket’s peer.

Returns the last Finished message received

The number of bytes that are immediately available for reading.

Perform hostname verification following RFC 6125.

This method MUST be called after calling connect to ensure that the hostname of a remote peer has been verified.

Returns the SSLSession object currently used, or nil if the session is not established.

Sets the Session to be used when the connection is established.

No documentation available
No documentation available

Returns true if a reused session was negotiated during the handshake.

Returns a String representing the SSL/TLS version that was negotiated for the connection, for example “TLSv1.2”.

A description of the current connection state. This is for diagnostic purposes only.

Sends “close notify” to the peer and tries to shut down the SSL connection gracefully.

Sends “close notify” to the peer and tries to shut down the SSL connection gracefully.

If sync_close is set to true, the underlying IO is also closed.

Reads length bytes from the SSL connection. If a pre-allocated buffer is provided the data will be written into it.

A non-blocking version of sysread. Raises an SSLError if reading would block. If “exception: false” is passed, this method returns a symbol of :wait_readable, :wait_writable, or nil, rather than raising an exception.

Reads length bytes from the SSL connection. If a pre-allocated buffer is provided the data will be written into it.

Writes string to the SSL connection.

Writes string to the SSL connection in a non-blocking manner. Raises an SSLError if writing would block.

No documentation available

Returns the ephemeral key used in case of forward secrecy cipher.

No documentation available

Returns the result of the peer certificates verification. See verify(1) for error values and descriptions.

If no peer certificate was presented X509_V_OK is returned.