Class: Prof::SSL::CipherSet

Inherits:

Object

• Object
• Prof::SSL::CipherSet

Defined in:

lib/prof/ssl/cipher_set.rb

Constant Summary

PIVOTAL_MODERN =

This list is based on the Mozilla Modern cipher list wiki.mozilla.org/Security/Server_Side_TLS 2015-02-05 we have removed some of the supported ciphers due to the version of openssl used on the stemcel: ‘ECDHE-ECDSA-AES128-GCM-SHA256’ ‘ECDHE-ECDSA-AES256-GCM-SHA384’ ‘DHE-DSS-AES128-GCM-SHA256’ ‘kEDH+AESGCM’ ‘ECDHE-ECDSA-AES128-SHA256’ ‘ECDHE-ECDSA-AES128-SHA’ ‘ECDHE-ECDSA-AES256-SHA384’ ‘ECDHE-ECDSA-AES256-SHA’ ‘DHE-DSS-AES128-SHA256’ ‘DHE-DSS-AES256-SHA’

It appears the nginx will enable DHE-RSA-AES256-GCM-SHA384 when ECDHE-RSA-AES256-GCM-SHA384 is specified We believe DHE-RSA-AES256-GCM-SHA384 to be strong, but it is not part of the official mozilla modern lists. This has been added to the list of our supported ciphers

new(
  supported_ciphers: [
    'ECDHE-RSA-AES128-GCM-SHA256',
    'ECDHE-RSA-AES256-GCM-SHA384',
    'DHE-RSA-AES128-GCM-SHA256',
    'ECDHE-RSA-AES128-SHA256',
    'ECDHE-RSA-AES128-SHA',
    'ECDHE-RSA-AES256-SHA384',
    'ECDHE-RSA-AES256-SHA',
    'DHE-RSA-AES128-SHA256',
    'DHE-RSA-AES128-SHA',
    'DHE-RSA-AES256-SHA256',
    'DHE-RSA-AES256-SHA',
    'DHE-RSA-AES256-GCM-SHA384'
  ],
  supported_protocols: [:TLSv1_2, :TLSv1_1]
)

Instance Attribute Summary

• #supported_ciphers ⇒ Object readonly

  Returns the value of attribute supported_ciphers.

• #supported_protocols ⇒ Object readonly

  Returns the value of attribute supported_protocols.

Instance Method Summary

• #initialize(supported_ciphers: [], supported_protocols: []) ⇒ CipherSet constructor

  A new instance of CipherSet.

Constructor Details

#initialize(supported_ciphers: [], supported_protocols: []) ⇒ CipherSet

Returns a new instance of CipherSet.

# File 'lib/prof/ssl/cipher_set.rb', line 14

def initialize(supported_ciphers: [], supported_protocols: [])
  @supported_ciphers   = supported_ciphers
  @supported_protocols = supported_protocols
end

Instance Attribute Details

#supported_ciphers ⇒ Object (readonly)

Returns the value of attribute supported_ciphers.

# File 'lib/prof/ssl/cipher_set.rb', line 19

def supported_ciphers
  @supported_ciphers
end

#supported_protocols ⇒ Object (readonly)

Returns the value of attribute supported_protocols.

# File 'lib/prof/ssl/cipher_set.rb', line 19

def supported_protocols
  @supported_protocols
end