How to set SSLContext options in Ruby

Question

I need to create an SSLSocket in Ruby 1.8+ to talk to an encrypted service. I want to set SSL options on the SSLContext object (it eventually calls SSL_CTX_set_options in the underlying OpenSSL library). I am not seeing any obvious way to do this.

This is using the OpenSSL::SSL::SSLContext interface.

As a point of reference, this is analogous to calling the set_options() in Python's pyOpenSSL library.

score 5 · Accepted Answer · answered Jan 16 '12 at 14:23

5

Example:

ctx = OpenSSL::SSL::SSLContext.new

ctx.set_params(:options => OpenSSL::SSL::OP_EPHEMERAL_RSA | OpenSSL::SSL::OP_NO_SSLv2)
# or
ctx.options = OpenSSL::SSL::OP_EPHEMERAL_RSA | OpenSSL::SSL::OP_NO_SSLv2

answered Jan 16 '12 at 14:23

qerub

1,526
16
11

Nice example. It beats the snot out of what the Ruby docs are providing. How do you attach the context to an `http` when `http.use_ssl = true`? – jww Jun 16 '14 at 08:43
@jww: Seems like there's no API for that yet: https://bugs.ruby-lang.org/issues/9450 *sigh* – qerub Jun 16 '14 at 12:15

score 0 · Answer 2 · answered Jun 15 '23 at 20:27

If you need to set OpenSSL::SSL::SSLContext options before request you can do it in this way:


    # Set options that you need
    OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_LEGACY_SERVER_CONNECT

    # Make a request
    uri = URI('https://example.com')
    res = Net::HTTP.post(uri, {}.to_json)

    # Unset options
    OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] &= ~OpenSSL::SSL::OP_LEGACY_SERVER_CONNECT

How to set SSLContext options in Ruby

2 Answers2

Linked