Module: Falcon::Environment::TLS

Defined in:
lib/falcon/environment/tls.rb

Overview

Provides an environment that exposes a TLS context for hosting a secure web application.

Instance Method Summary collapse

Instance Method Details

#ssl_certificateObject

The main certificate.



39
40
41
 
# File 'lib/falcon/environment/tls.rb', line 39

def ssl_certificate
	ssl_certificates[0]
end

#ssl_certificate_chainObject

The certificate chain.



45
46
47
 
# File 'lib/falcon/environment/tls.rb', line 45

def ssl_certificate_chain
	ssl_certificates[1..-1]
end

#ssl_certificate_pathObject

The public certificate path.



27
28
29
 
# File 'lib/falcon/environment/tls.rb', line 27

def ssl_certificate_path
	File.expand_path("ssl/certificate.pem", root)
end

#ssl_certificatesObject

The list of certificates loaded from that path.



33
34
35
 
# File 'lib/falcon/environment/tls.rb', line 33

def ssl_certificates
	OpenSSL::X509::Certificate.load_file(ssl_certificate_path)
end

#ssl_ciphersObject

The supported ciphers.



21
22
23
 
# File 'lib/falcon/environment/tls.rb', line 21

def ssl_ciphers
	Falcon::TLS::SERVER_CIPHERS
end

#ssl_contextObject

The SSL context to use for incoming connections.



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/falcon/environment/tls.rb', line 63

def ssl_context
	OpenSSL::SSL::SSLContext.new.tap do |context|
		context.add_certificate(ssl_certificate, ssl_private_key, ssl_certificate_chain)
		
		context.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT
		context.session_id_context = ssl_session_id
		
		context.alpn_select_cb = lambda do |protocols|
			if protocols.include? "h2"
				return "h2"
			elsif protocols.include? "http/1.1"
				return "http/1.1"
			elsif protocols.include? "http/1.0"
				return "http/1.0"
			else
				return nil
			end
		end
		
		# TODO Ruby 2.4 requires using ssl_version.
		context.ssl_version = :TLSv1_2_server
		
		context.set_params(
			ciphers: ssl_ciphers,
			verify_mode: OpenSSL::SSL::VERIFY_NONE,
		)
		
		context.setup
	end
end

#ssl_private_keyObject

The private key.



57
58
59
 
# File 'lib/falcon/environment/tls.rb', line 57

def ssl_private_key
	OpenSSL::PKey::RSA.new(File.read(ssl_private_key_path))
end

#ssl_private_key_pathObject

The private key path.



51
52
53
 
# File 'lib/falcon/environment/tls.rb', line 51

def ssl_private_key_path
	File.expand_path("ssl/private.key", root)
end

#ssl_session_idObject

The default session identifier for the session cache.



15
16
17
 
# File 'lib/falcon/environment/tls.rb', line 15

def ssl_session_id
	"falcon"
end