Module: Falcon::Environment::TLS

Defined in:
lib/falcon/environment/tls.rb

Overview

Provides an environment that exposes a TLS context for hosting a secure web application.

Instance Method Summary collapse

Instance Method Details

#ssl_certificateObject

The main certificate.



39
40
41
 
# File 'lib/falcon/environment/tls.rb', line 39

def ssl_certificate
  ssl_certificates[0]
end

#ssl_certificate_chainObject

The certificate chain.



45
46
47
 
# File 'lib/falcon/environment/tls.rb', line 45

def ssl_certificate_chain
  ssl_certificates[1..-1]
end

#ssl_certificate_pathObject

The public certificate path.



27
28
29
 
# File 'lib/falcon/environment/tls.rb', line 27

def ssl_certificate_path
  File.expand_path("ssl/certificate.pem", root)
end

#ssl_certificatesObject

The list of certificates loaded from that path.



33
34
35
 
# File 'lib/falcon/environment/tls.rb', line 33

def ssl_certificates
  OpenSSL::X509::Certificate.load_file(ssl_certificate_path)
end

#ssl_ciphersObject

The supported ciphers.



21
22
23
 
# File 'lib/falcon/environment/tls.rb', line 21

def ssl_ciphers
  Falcon::TLS::SERVER_CIPHERS
end

#ssl_contextObject

The SSL context to use for incoming connections.



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/falcon/environment/tls.rb', line 63

def ssl_context
  OpenSSL::SSL::SSLContext.new.tap do |context|
    context.add_certificate(ssl_certificate, ssl_private_key, ssl_certificate_chain)
    
    context.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT
    context.session_id_context = ssl_session_id
    
    context.alpn_select_cb = lambda do |protocols|
      if protocols.include? "h2"
        return "h2"
      elsif protocols.include? "http/1.1"
        return "http/1.1"
      elsif protocols.include? "http/1.0"
        return "http/1.0"
      else
        return nil
      end
    end
    
    # TODO Ruby 2.4 requires using ssl_version.
    context.ssl_version = :TLSv1_2_server
    
    context.set_params(
      ciphers: ssl_ciphers,
      verify_mode: OpenSSL::SSL::VERIFY_NONE,
    )
    
    context.setup
  end
end

#ssl_private_keyObject

The private key.



57
58
59
 
# File 'lib/falcon/environment/tls.rb', line 57

def ssl_private_key
  OpenSSL::PKey::RSA.new(File.read(ssl_private_key_path))
end

#ssl_private_key_pathObject

The private key path.



51
52
53
 
# File 'lib/falcon/environment/tls.rb', line 51

def ssl_private_key_path
  File.expand_path("ssl/private.key", root)
end

#ssl_session_idObject

The default session identifier for the session cache.



15
16
17
 
# File 'lib/falcon/environment/tls.rb', line 15

def ssl_session_id
  "falcon"
end