class EventMachine::Connection

def start_tls args={}

Other tags:
    See: #ssl_verify_peer -

Other tags:
    Todo: - support passing key material via raw strings or Procs that return strings instead of
    Todo: - support passing an encryption parameter, which can be string or Proc, to get a passphrase

Parameters:
  • args (Hash) --

Other tags:
    Example: Using TLS with EventMachine -

Options Hash: (**args)
  • :ssl_version (Array) -- indicates the allowed SSL/TLS versions. Possible values are: {SSLv2}, {SSLv3}, {TLSv1}, {TLSv1_1}, {TLSv1_2}.
  • :dhparam (String) -- The local path of a file containing DH parameters for EDH ciphers in [PEM format](http://en.wikipedia.org/wiki/Privacy_Enhanced_Mail) See: 'openssl dhparam'
  • :ecdh_curve (String) -- The curve for ECDHE ciphers. See available ciphers with 'openssl ecparam -list_curves'
  • :cipher_list (String) -- indicates the available SSL cipher values. Default value is "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH". Check the format of the OpenSSL cipher string at http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT.
  • :fail_if_no_peer_cert (Boolean) -- Used in conjunction with verify_peer. If set the SSL handshake will be terminated if the peer does not provide a certificate.
  • :verify_peer (Boolean) -- indicates whether a server should request a certificate from a peer, to be verified by user code.
  • :private_key_file (String) -- local path of a readable file that must contain a private key in the [PEM format](http://en.wikipedia.org/wiki/Privacy_Enhanced_Mail).
  • :cert_chain_file (String) -- local path of a readable file that contants a chain of X509 certificates in 
def start_tls args={}
  priv_key     = args[:private_key_file]
  cert_chain   = args[:cert_chain_file]
  verify_peer  = args[:verify_peer]
  sni_hostname = args[:sni_hostname]
  cipher_list  = args[:cipher_list]
  ssl_version  = args[:ssl_version]
  ecdh_curve   = args[:ecdh_curve]
  dhparam      = args[:dhparam]
  fail_if_no_peer_cert = args[:fail_if_no_peer_cert]
  [priv_key, cert_chain].each do |file|
    next if file.nil? or file.empty?
    raise FileNotFoundException,
    "Could not find #{file} for start_tls" unless File.exist? file
  end
  protocols_bitmask = 0
  if ssl_version.nil?
    protocols_bitmask |= EventMachine::EM_PROTO_TLSv1
    protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1
    protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2
  else
    [ssl_version].flatten.each do |p|
      case p.to_s.downcase
      when 'sslv2'
        protocols_bitmask |= EventMachine::EM_PROTO_SSLv2
      when 'sslv3'
        protocols_bitmask |= EventMachine::EM_PROTO_SSLv3
      when 'tlsv1'
        protocols_bitmask |= EventMachine::EM_PROTO_TLSv1
      when 'tlsv1_1'
        protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_1
      when 'tlsv1_2'
        protocols_bitmask |= EventMachine::EM_PROTO_TLSv1_2
      else
        raise("Unrecognized SSL/TLS Protocol: #{p}")
      end
    end
  end
  EventMachine::set_tls_parms(@signature, priv_key || '', cert_chain || '', verify_peer, fail_if_no_peer_cert, sni_hostname || '', cipher_list || '', ecdh_curve || '', dhparam || '', protocols_bitmask)
  EventMachine::start_tls @signature
end