[Top]
SSL
SSL.context
|
Class SSL.context
- Description
-
Keeps the state that is shared by all SSL-connections for
one server (or one port). It includes policy configuration, a server
certificate, the server's private key(s), etc. It also includes the
session cache.
-
- Variable
rsa
-
Crypto.RSA rsa
- Description
-
The server's private key
- Variable
auth_level
-
int auth_level
- Description
-
Policy for client authentication. One of SSL.Constants.AUTHLEVEL_none ,
SSL.Constants.AUTHLEVEL_ask and SSL.Constants.AUTHLEVEL_require .
- Variable
require_trust
-
int require_trust
- Description
-
When set, require the chain to be known, even if the root is self signed.
Note that if set, and certificates are set to be verified, trusted issuers must be
provided, or no connections will be accepted.
- Variable
verify_certificates
-
int verify_certificates
- Description
-
Determines whether certificates presented by the peer are verified, or
just accepted as being valid.
-
Crypto.RSA long_rsa
Crypto.RSA short_rsa
- Description
-
Temporary, non-certified, private keys, used with a
server_key_exchange message. The rules are as follows:
If the negotiated cipher_suite has the "exportable" property, and
short_rsa is not zero, send a server_key_exchange message with the
(public part of) the short_rsa key.
If the negotiated cipher_suite does not have the exportable
property, and long_rsa is not zero, send a server_key_exchange
message with the (public part of) the long_rsa key.
Otherwise, dont send any server_key_exchange message.
- Variable
dsa
-
Crypto.DSA dsa
- Description
-
Servers dsa key.
- Variable
dh_params
-
.Cipher.DHParameters dh_params
- Description
-
Parameters for dh keyexchange.
- Variable
random
-
function(int:string) random
- Description
-
Used to generate random cookies for the hello-message. If we use
the RSA keyexchange method, and this is a server, this random
number generator is not used for generating the master_secret.
- Variable
certificates
-
array(string) certificates
- Description
-
The server's certificate, or a chain of X509.v3 certificates, with the
server's certificate first and root certificate last.
- Variable
preferred_auth_methods
-
array(int) preferred_auth_methods
- Description
-
For client authentication. Used only if auth_level is AUTH_ask or
AUTH_require.
- Variable
preferred_suites
-
array(int) preferred_suites
- Description
-
Cipher suites we want the server to support, best first.
- Variable
preferred_compressors
-
array(int) preferred_compressors
- Description
-
Always ({ COMPRESSION_null })
- Variable
use_cache
-
int use_cache
- Description
-
Non-zero to enable cahing of sessions
- Variable
session_lifetime
-
int session_lifetime
- Description
-
Sessions are removed from the cache when they are older than this
limit (in seconds). Sessions are also removed from the cache if a
connection using the session dies unexpectedly.
|