diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-08 16:11:41 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-05-08 16:14:45 +0900 |
commit | 91986110370ba6d53a67376dda36c7e7efd9494e (patch) | |
tree | 4397f27e6fc972ee7fc35e82787548b659a2c8ba | |
parent | 023d9d1d1018c03896914f67c9d87846c3ce081b (diff) | |
download | plum-91986110370ba6d53a67376dda36c7e7efd9494e.tar.gz |
rack/listener: tls: call tmp_ecdh_callback only when needed
OpenSSL::SSL::SSLContext#tmp_ecdh_callback will be removed and probably
OpenSSL::SSL::SSLContext#set_ecdh_curves will be added.
If using OpenSSL 1.0.2 or 1.1.0 (is required), it has 'default supported
curves' so we don't need to set the curve to use explicitly.
-rw-r--r-- | lib/plum/rack/listener.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/plum/rack/listener.rb b/lib/plum/rack/listener.rb index ac60310..5a9fe27 100644 --- a/lib/plum/rack/listener.rb +++ b/lib/plum/rack/listener.rb @@ -63,7 +63,9 @@ module Plum ctx = OpenSSL::SSL::SSLContext.new ctx.ssl_version = :TLSv1_2 ctx.alpn_select_cb = -> (protocols) { protocols.include?("h2") ? "h2" : protocols.first } - ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { OpenSSL::PKey::EC.new("prime256v1") } + if ctx.respond_to?(:tmp_ecdh_callback) && !ctx.respond_to?(:set_ecdh_curves) + ctx.tmp_ecdh_callback = -> (sock, ise, keyl) { OpenSSL::PKey::EC.new("prime256v1") } + end *ctx.extra_chain_cert, ctx.cert = parse_chained_cert(cert) ctx.key = OpenSSL::PKey::RSA.new(key) ctx.servername_cb = proc { |sock, hostname| |