Class: Prof::SSL::CipherSet
- Inherits:
-
Object
- Object
- Prof::SSL::CipherSet
- Defined in:
- lib/prof/ssl/cipher_set.rb
Constant Summary collapse
- PIVOTAL_MODERN =
This list is based on the Mozilla Modern cipher list wiki.mozilla.org/Security/Server_Side_TLS 2015-02-05 we have removed some of the supported ciphers due to the version of openssl used on the stemcel: ‘ECDHE-ECDSA-AES128-GCM-SHA256’ ‘ECDHE-ECDSA-AES256-GCM-SHA384’ ‘DHE-DSS-AES128-GCM-SHA256’ ‘kEDH+AESGCM’ ‘ECDHE-ECDSA-AES128-SHA256’ ‘ECDHE-ECDSA-AES128-SHA’ ‘ECDHE-ECDSA-AES256-SHA384’ ‘ECDHE-ECDSA-AES256-SHA’ ‘DHE-DSS-AES128-SHA256’ ‘DHE-DSS-AES256-SHA’
It appears the nginx will enable DHE-RSA-AES256-GCM-SHA384 when ECDHE-RSA-AES256-GCM-SHA384 is specified We believe DHE-RSA-AES256-GCM-SHA384 to be strong, but it is not part of the official mozilla modern lists. This has been added to the list of our supported ciphers
new( supported_ciphers: [ 'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES256-GCM-SHA384', 'DHE-RSA-AES128-GCM-SHA256', 'ECDHE-RSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA', 'ECDHE-RSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA', 'DHE-RSA-AES128-SHA256', 'DHE-RSA-AES128-SHA', 'DHE-RSA-AES256-SHA256', 'DHE-RSA-AES256-SHA', 'DHE-RSA-AES256-GCM-SHA384' ], supported_protocols: [:TLSv1_2, :TLSv1_1] )
Instance Attribute Summary collapse
-
#supported_ciphers ⇒ Object
readonly
Returns the value of attribute supported_ciphers.
-
#supported_protocols ⇒ Object
readonly
Returns the value of attribute supported_protocols.
Instance Method Summary collapse
-
#initialize(supported_ciphers: [], supported_protocols: []) ⇒ CipherSet
constructor
A new instance of CipherSet.
Constructor Details
#initialize(supported_ciphers: [], supported_protocols: []) ⇒ CipherSet
Returns a new instance of CipherSet.
14 15 16 17 |
# File 'lib/prof/ssl/cipher_set.rb', line 14 def initialize(supported_ciphers: [], supported_protocols: []) @supported_ciphers = supported_ciphers @supported_protocols = supported_protocols end |
Instance Attribute Details
#supported_ciphers ⇒ Object (readonly)
Returns the value of attribute supported_ciphers.
19 20 21 |
# File 'lib/prof/ssl/cipher_set.rb', line 19 def supported_ciphers @supported_ciphers end |
#supported_protocols ⇒ Object (readonly)
Returns the value of attribute supported_protocols.
19 20 21 |
# File 'lib/prof/ssl/cipher_set.rb', line 19 def supported_protocols @supported_protocols end |