IN: io.sockets.secure.openssl
GENERIC: ssl-method ( symbol -- method )
-
-M: TLSv1 ssl-method drop TLSv1_method ;
+M: TLSv1 ssl-method drop TLSv1_method ;
+M: TLSv1.1 ssl-method drop TLSv1_1_method ;
+M: TLSv1.2 ssl-method drop TLSv1_2_method ;
TUPLE: openssl-context < secure-context aliens sessions ;
: save-session ( session addrspec -- )
current-secure-context sessions>> set-at ;
+: set-secure-cipher-list-only ( ssl -- ssl )
+ dup handle>>
+ "DES-CBC3-SHA:IDEA-CBC-SHA:AES128-SHA:CAMELLIA128-SHA:AES256-SHA:CAMELLIA256-SHA"
+ SSL_set_cipher_list ssl-error ;
+
: <ssl-handle> ( fd -- ssl )
[
ssl-handle new-disposable |dispose
- current-secure-context handle>> SSL_new
+ current-secure-context handle>> SSL_new |dispose
dup ssl-error >>handle
swap >>file
+ set-secure-cipher-list-only
] with-destructors ;
:: <ssl-socket> ( winsock hostname -- ssl )
! Copyright (C) 2008, 2010 Slava Pestov.
! See http://factorcode.org/license.txt for BSD license.
-USING: accessors calendar combinators delegate destructors io
-io.sockets io.sockets.private kernel namespaces present
-sequences summary system vocabs ;
+USING: accessors alien.libraries calendar combinators delegate
+destructors io io.sockets io.sockets.private kernel memoize
+namespaces present sequences summary system vocabs ;
IN: io.sockets.secure
SYMBOL: secure-socket-timeout
M: object ssl-supported? f ;
M: object ssl-certificate-verification-supported? f ;
-SINGLETONS: TLSv1 ;
+SINGLETONS: TLSv1 TLSv1.1 TLSv1.2 ;
+
+ERROR: no-tls-supported ;
+
+MEMO: best-tls-method ( -- class )
+ {
+ { [ "TLSv1_2_method" "libssl" dlsym? ] [ TLSv1.2 ] }
+ { [ "TLSv1_1_method" "libssl" dlsym? ] [ TLSv1.1 ] }
+ { [ "TLSv1_method" "libssl" dlsym? ] [ TLSv1 ] }
+ [ no-tls-supported ]
+ } cond ;
TUPLE: secure-config
method
: <secure-config> ( -- config )
secure-config new
- TLSv1 >>method
+ best-tls-method >>method
1024 >>ephemeral-key-bits
ssl-certificate-verification-supported? >>verify ;
FUNCTION: ssl-method TLSv1_method ( )
+FUNCTION: ssl-method TLSv1_1_method ( )
+
+FUNCTION: ssl-method TLSv1_2_method ( )
+
! Creates the context
FUNCTION: SSL_CTX* SSL_CTX_new ( ssl-method method )
: init-ssl ( -- )
SSL_library_init ssl-error
SSL_load_error_strings
- OpenSSL_add_all_digests
- OpenSSL_add_all_ciphers ;
+ OpenSSL_add_all_digests ;
SYMBOL: ssl-initialized?