Class SSL.context
- Description
Keeps the state that is shared by all SSL-connections for one server (or one port). It includes policy configuration, a server certificate, the server's private key(s), etc. It also includes the session cache.
- Variable
advertised_protocols
array(string) SSL.context.advertised_protocols- Description
List of advertised protocols using using TLS next protocol negotiation.
- Variable
auth_level
intSSL.context.auth_level- Description
Policy for client authentication. One of SSL.Constants.AUTHLEVEL_none, SSL.Constants.AUTHLEVEL_ask and SSL.Constants.AUTHLEVEL_require.
- Variable
certificates
array(string) SSL.context.certificates- Description
The server's certificate, or a chain of X509.v3 certificates, with the server's certificate first and root certificate last.
- Variable
client_certificate_selector
function(.context,array(int),array(string):array(string)) SSL.context.client_certificate_selector- Description
A function which will select an acceptable client certificate for presentation to a remote server. This function will receive the SSL context, an array of acceptable certificate types, and a list of DNs of acceptable certificate authorities. This function should return an array of strings containing a certificate chain, with the client certificate first, (and the root certificate last, if applicable.)
- Variable
client_certificates
array(array(string)) SSL.context.client_certificates- Description
An array of certificate chains a client may present to a server when client certificate authentication is requested.
- Variable
client_rsa
Crypto.RSASSL.context.client_rsa- Description
The client's private key (used with client certificate authentication)
- Variable
client_server_names
array(string) SSL.context.client_server_names- Description
Host names to send to the server when using the Server Name extension.
- Variable
client_use_sni
intSSL.context.client_use_sni- Description
Should an SSL client include the Server Name extension?
If so, then client_server_names should specify the values to send.
- Variable
dh_params
.Cipher.DHParametersSSL.context.dh_params- Description
Parameters for dh keyexchange.
- Variable
dsa
Crypto.DSASSL.context.dsa- Description
Servers default dsa key.
- Note
If SNI (Server Name Indication) is used and multiple keys are available, this key will not be used, instead the appropriate SNI key will be used (the default implementation stores these in sni_keys.
- Variable
long_rsa
Variable short_rsa
Crypto.RSASSL.context.long_rsa
Crypto.RSASSL.context.short_rsa- Description
Temporary, non-certified, private keys, used with a server_key_exchange message. The rules are as follows:
If the long_rsa is not zero its public part will be sent. If it is zero and short_rsa is set, its public part will be sent instead. If they are both zero, no server_key_exchange message is sent.
- Variable
max_sessions
intSSL.context.max_sessions- Description
Maximum number of sessions to keep in the cache.
- Variable
preferred_auth_methods
array(int) SSL.context.preferred_auth_methods- Description
For client authentication. Used only if auth_level is AUTH_ask or AUTH_require.
- Variable
preferred_compressors
array(int) SSL.context.preferred_compressors- Description
Always ({ COMPRESSION_null })
- Variable
preferred_suites
array(int) SSL.context.preferred_suites- Description
Cipher suites we want to support, in order of preference, best first.
- Variable
random
function(int:string) SSL.context.random- Description
Used to generate random cookies for the hello-message. If we use the RSA keyexchange method, and this is a server, this random number generator is not used for generating the master_secret.
- Variable
require_trust
intSSL.context.require_trust- Description
When set, require the chain to be known, even if the root is self signed.
Note that if set, and certificates are set to be verified, trusted issuers must be provided, or no connections will be accepted.
- Variable
rsa
Crypto.RSASSL.context.rsa- Description
The server's default private key
- Note
If SNI (Server Name Indication) is used and multiple keys are available, this key will not be used, instead the appropriate SNI key will be used (the default implementation stores these in sni_keys.
- Variable
select_server_certificate_func
function(.context,array(string):array(string)) SSL.context.select_server_certificate_func- Description
A function which will select an acceptable server certificate for presentation to a client. This function will receive the SSL context, and an array of server names, if provided by the client. This function should return an array of strings containing a certificate chain, with the client certificate first, (and the root certificate last, if applicable.)
The default implementation will select a certificate chain for a given server based on values contained in sni_certificates.
- Variable
select_server_key_func
function(.context,array(string):object) SSL.context.select_server_key_func- Description
A function which will select an acceptable server key for presentation to a client. This function will receive the SSL context, and an array of server names, if provided by the client. This function should return an object matching the certificate for the server hostname.
The default implementation will select the key for a given server based on values contained in sni_keys.
- Variable
session_lifetime
intSSL.context.session_lifetime- Description
Sessions are removed from the cache when they are older than this limit (in seconds). Sessions are also removed from the cache if a connection using the session dies unexpectedly.
- Variable
sni_certificates
mapping(string:array(string)) SSL.context.sni_certificates- Description
A mapping containing certificate chains for use by SNI (Server Name Indication). Each entry should consist of a key indicating the server hostname and the value containing the certificate chain for that hostname.
- Variable
sni_keys
mapping(string:object) SSL.context.sni_keys- Description
A mapping containing private keys for use by SNI (Server Name Indication). Each entry should consist of a key indicating the server hostname and the value containing the private key object for that hostname.
- Note
keys objects may be generated from a decoded key string using Standards.PKCS.RSA.parse_private_key().