Permalink
Browse files

Add config support for ssl_version and ssl_cipher_list. Forcing TLSv1…

…_2 now woring.
  • Loading branch information...
frameworked committed Nov 10, 2016
1 parent a7d1174 commit f9dfc6ad48b17005fbb4140dcb11f7e535f7e67a
Showing with 7 additions and 3 deletions.
  1. +1 −1 lib/thin/backends/base.rb
  2. +3 −1 lib/thin/controllers/controller.rb
  3. +2 −0 lib/thin/runner.rb
  4. +1 −1 lib/thin/server.rb
@@ -35,7 +35,7 @@ def threadpool_size=(size)
def threaded?; @threaded end

# Allow using SSL in the backend.
attr_writer :ssl, :ssl_options
attr_writer :ssl, :ssl_options, :ssl_version, :ssl_cipher_list
def ssl?; @ssl end

# Number of persistent connections currently opened
@@ -51,11 +51,13 @@ def start
server.threaded = @options[:threaded]
server.no_epoll = @options[:no_epoll] if server.backend.respond_to?(:no_epoll=)
server.threadpool_size = @options[:threadpool_size] if server.threaded?
server.ssl_version = @options[:ssl_version]
server.ssl_cipher_list = @options[:ssl_cipher_list]

# ssl support
if @options[:ssl]
server.ssl = true
server.ssl_options = { :private_key_file => @options[:ssl_key_file], :cert_chain_file => @options[:ssl_cert_file], :verify_peer => !@options[:ssl_disable_verify] }
server.ssl_options = { :private_key_file => @options[:ssl_key_file], :cert_chain_file => @options[:ssl_cert_file], :verify_peer => !@options[:ssl_disable_verify], :ssl_version => @options[:ssl_version], :cipher_list => @options[:ssl_cipher_list]}
end

# Detach the process, after this line the current process returns
@@ -80,6 +80,8 @@ def parser
opts.on( "--ssl-key-file PATH", "Path to private key") { |path| @options[:ssl_key_file] = path }
opts.on( "--ssl-cert-file PATH", "Path to certificate") { |path| @options[:ssl_cert_file] = path }
opts.on( "--ssl-disable-verify", "Disables (optional) client cert requests") { @options[:ssl_disable_verify] = true }
opts.on( "--ssl-version VERSION", "TLSv1, TLSv1_1, TLSv1_2") { |version| @options[:ssl_version] = version }
opts.on( "--ssl-cipher-list STRING", "Example: HIGH:!ADH:!RC4:-MEDIUM:-LOW:-EXP:-CAMELLIA") { |cipher| @options[:ssl_cipher_list] = cipher }

opts.separator ""
opts.separator "Adapter options:"
@@ -86,7 +86,7 @@ class Server
def_delegators :backend, :threaded?, :threaded=, :threadpool_size, :threadpool_size=

# Allow using SSL in the backend.
def_delegators :backend, :ssl?, :ssl=, :ssl_options=
def_delegators :backend, :ssl?, :ssl=, :ssl_options=, :ssl_version=, :ssl_cipher_list=

# Address and port on which the server is listening for connections.
def_delegators :backend, :host, :port

0 comments on commit f9dfc6a

Please sign in to comment.