Module: Ronin::Support::Network::TLS

Includes:

SSL

Defined in:

lib/ronin/support/network/tls.rb,
lib/ronin/support/network/tls/mixin.rb,
lib/ronin/support/network/tls/proxy.rb

Overview

Since:

• 1.0.0

Defined Under Namespace

Modules: Mixin Classes: Proxy

Constant Summary

Constants included from SSL

SSL::VERIFY, SSL::VERSIONS

Class Method Summary

• .accept(min_version: 1, **kwargs) {|client| ... } ⇒ nil

  Creates a new SSL socket listening on a given host and port, accepts only one client and then stops listening.

• .banner(host, port, min_version: 1, **kwargs) {|banner| ... } ⇒ String

  Reads the banner from the service running on the given host and port.

• .connect(host, port, min_version: 1, **kwargs) {|tls_socket| ... } ⇒ OpenSSL::SSL::SSLSocket^?

  Establishes a SSL connection.

• .connect_and_send(data, host, port, min_version: 1, **kwargs) {|tls_socket| ... } ⇒ Object

  Creates a new SSL connection and sends the given data.

• .context(min_version: 1, **kwargs) ⇒ OpenSSL::SSL::SSLContext

  Creates a new TLS context.

• .get_cert(host, port, min_version: 1, **kwargs) {|tls_socket| ... } ⇒ OpenSSL::X509::Certificate

  Connects to the host and port and returns the server's certificate.

• .open?(host, port, min_version: 1, **kwargs) ⇒ Boolean^?

  Tests whether a remote SSLed TCP port is open.

• .send(data, host, port, min_version: 1, **kwargs) ⇒ true

  Connects to a specified host and port, sends the given data and then closes the connection.

• .server(min_version: 1, **kwargs) {|server| ... } ⇒ OpenSSL::SSL::SSLServer

  Creates a new TLS server listening on a given host and port.

• .server_loop(min_version: 1, **kwargs) {|client| ... } ⇒ nil

  Creates a new SSL socket listening on a given host and port, accepting clients in a loop.

• .server_session(min_version: 1, **kwargs) {|server| ... } ⇒ OpenSSL::SSL::SSLServer

  Creates a new temporary TLS server listening on a given host and port.

• .server_socket(socket, min_version: 1, **kwargs) ⇒ OpenSSL::SSL::SSLSocket

  Accepts an TLS session from an existing TCP socket.

• .socket(socket, min_version: 1, **kwargs) ⇒ OpenSSL::SSL::SSLSocket

  Initiates an SSL session with an existing TCP socket.

Methods included from SSL

cert, cert=, key, key=

Class Method Details

.accept(min_version: 1, **kwargs) {|client| ... } ⇒ nil

Creates a new SSL socket listening on a given host and port, accepts only one client and then stops listening.

Examples:

tls_accept(1337) do |client|
  client.puts 'lol'
end

Using a self-signed certificate:

# $ openssl genrsa -out ssl.key 1024
# $ openssl req -new -key ssl.key -x509 -days 3653 -out ssl.crt
# $ cat ssl.key ssl.crt > ssl.pem
# $ chmod 600 ssl.key ssl.pem
tls_accept(port: 1337, cert: 'ssl.crt', key: 'ssl.key') do |client|
  client.puts 'lol'
end

Parameters:

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for server_socket.

Options Hash (**kwargs):

• :port (Integer) — default: 0 —

  The local port to listen on.

• :host (String, nil) —

  The host to bind to.

• :backlog (Integer) — default: 5 —

  The maximum backlog of pending connections.

• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) — default: SSL.key —

  The RSA key to use for the TLS context.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) — default: SSL.cert —

  The X509 certificate to use for the SSL context.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Yields:

• (client) —

  The given block will be passed the newly connected client. After the block has finished, both the client and the server will be closed.

Yield Parameters:

• client (OpenSSL::SSL::SSLSocket) —

  The newly connected client.

Returns:

• (nil)

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 531

def self.accept(min_version: 1, **kwargs, &block)
  SSL.accept(min_version: min_version, **kwargs, &block)
end

.banner(host, port, min_version: 1, **kwargs) {|banner| ... } ⇒ String

Reads the banner from the service running on the given host and port.

Examples:

tls_banner('smtp.gmail.com',465)
# => "220 mx.google.com ESMTP c20sm3096959rvf.1"

Parameters:

• host (String) —

  The host to connect to.

• port (Integer) —

  The port to connect to.

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for connect.

Options Hash (**kwargs):

• :bind_host (String) —

  The local host to bind to.

• :bind_port (Integer) —

  The local port to bind to.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Yields:

• (banner) —

  If a block is given, it will be passed the grabbed banner.

Yield Parameters:

• banner (String) —

  The grabbed banner.

Returns:

• (String) —

  The grabbed banner.

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 305

def self.banner(host,port, min_version: 1, **kwargs, &block)
  SSL.banner(host,port, min_version: min_version, **kwargs, &block)
end

.connect(host, port, min_version: 1, **kwargs) {|tls_socket| ... } ⇒ OpenSSL::SSL::SSLSocket^?

Establishes a SSL connection.

Examples:

socket = tls_connect('twitter.com',443)

tls_connect('twitter.com',443) do |sock|
  sock.write("GET / HTTP/1.1\n\r\n\r")

  sock.each_line { |line| puts line }
end

Parameters:

• host (String) —

  The host to connect to.

• port (Integer) —

  The port to connect to.

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for socket.

Options Hash (**kwargs):

• :bind_host (String) —

  The local host to bind to.

• :bind_port (Integer) —

  The local port to bind to.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Yields:

• (tls_socket) —

  The given block will be passed the new SSL socket. Once the block returns the SSL socket will be closed.

Yield Parameters:

• tls_socket (OpenSSL::SSL::SSLSocket) —

  The new SSL Socket.

Returns:

• (OpenSSL::SSL::SSLSocket, nil) —

  the new SSL Socket. If a block is given, then nil will be returned.

See Also:

• http://rubydoc.info/stdlib/openssl/OpenSSL/SSL/SSLSocket

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 203

def self.connect(host,port, min_version: 1, **kwargs, &block)
  SSL.connect(host,port, min_version: min_version, **kwargs, &block)
end

.connect_and_send(data, host, port, min_version: 1, **kwargs) {|tls_socket| ... } ⇒ Object

Creates a new SSL connection and sends the given data.

Parameters:

• data (String) —

  The data to send through the connection.

• host (String) —

  The host to connect to.

• port (Integer) —

  The port to connect to.

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for connect.

Options Hash (**kwargs):

• :bind_host (String) —

  The local host to bind to.

• :bind_port (Integer) —

  The local port to bind to.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Yields:

• (tls_socket) —

  The given block will be passed the newly created TLS Socket.

Yield Parameters:

• tls_socket (OpenSSL::SSL::SSLSocket) —

  The newly created SSL Socket.

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 237

def self.connect_and_send(data,host,port, min_version: 1, **kwargs, &block)
  SSL.connect_and_send(data,host,port, min_version: min_version, **kwargs, &block)
end

.context(min_version: 1, **kwargs) ⇒ OpenSSL::SSL::SSLContext

Creates a new TLS context.

Parameters:

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for SSL.context.

Options Hash (**kwargs):

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Returns:

• (OpenSSL::SSL::SSLContext) —

  The newly created SSL Context.

Since:

• 1.0.0

# File 'lib/ronin/support/network/tls.rb', line 83

def self.context(min_version: 1, **kwargs)
  SSL.context(min_version: min_version, **kwargs)
end

.get_cert(host, port, min_version: 1, **kwargs) {|tls_socket| ... } ⇒ OpenSSL::X509::Certificate

Connects to the host and port and returns the server's certificate.

Parameters:

• host (String) —

  The host to connect to.

• port (Integer) —

  The port to connect to.

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for connect.

Options Hash (**kwargs):

• :bind_host (String) —

  The local host to bind to.

• :bind_port (Integer) —

  The local port to bind to.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Yields:

• (tls_socket) —

  The given block will be passed the newly created SSL Socket.

Returns:

• (OpenSSL::X509::Certificate) —

  The server's certificate.

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 266

def self.get_cert(host,port, min_version: 1, **kwargs)
  SSL.get_cert(host,port, min_version: min_version, **kwargs)
end

.open?(host, port, min_version: 1, **kwargs) ⇒ Boolean^?

Tests whether a remote SSLed TCP port is open.

Examples:

tls_open?('www.bankofamerica.com',443)

Using a timeout:

tls_open?('example.com',80, timeout: 5)
# => nil

Parameters:

• host (String) —

  The host to connect to.

• port (Integer) —

  The port to connect to.

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for SSL.connect.

Options Hash (**kwargs):

• :bind_host (String) —

  The local host to bind to.

• :bind_port (Integer) —

  The local port to bind to.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Returns:

• (Boolean, nil) —

  Specifies whether the remote SSLed TCP port is open. If the connection was not accepted, nil will be returned.

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 155

def self.open?(host,port, min_version: 1, **kwargs)
  SSL.open?(host,port, min_version: min_version, **kwargs)
end

.send(data, host, port, min_version: 1, **kwargs) ⇒ true

Connects to a specified host and port, sends the given data and then closes the connection.

Examples:

buffer = "GET /#{'A' * 4096}\n\r"
tls_send(buffer,'victim.com',443)
# => true

Parameters:

• data (String) —

  The data to send through the connection.

• host (String) —

  The host to connect to.

• port (Integer) —

  The port to connect to.

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for connect.

Options Hash (**kwargs):

• :bind_host (String) —

  The local host to bind to.

• :bind_port (Integer) —

  The local port to bind to.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Returns:

• (true) —

  The data was successfully sent.

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 342

def self.send(data,host,port, min_version: 1, **kwargs)
  SSL.send(data,host,port, min_version: min_version, **kwargs)
end

.server(min_version: 1, **kwargs) {|server| ... } ⇒ OpenSSL::SSL::SSLServer

Creates a new TLS server listening on a given host and port.

Parameters:

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for context.

Options Hash (**kwargs):

• :port (Integer) — default: 0 —

  The local port to listen on.

• :host (String, nil) —

  The host to bind to.

• :backlog (Integer) — default: 5 —

  The maximum backlog of pending connections.

• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) — default: SSL.key —

  The RSA key to use for the TLS context.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) — default: SSL.cert —

  The X509 certificate to use for the SSL context.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Yields:

• (server) —

  The given block will be passed the newly created SSL server.

Yield Parameters:

• server (OpenSSL::SSL::SSLServer) —

  The newly created SSL server.

Returns:

• (OpenSSL::SSL::SSLServer) —

  The newly created SSL server.

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 420

def self.server(min_version: 1, **kwargs, &block)
  SSL.server(min_version: min_version, **kwargs, &block)
end

.server_loop(min_version: 1, **kwargs) {|client| ... } ⇒ nil

Creates a new SSL socket listening on a given host and port, accepting clients in a loop.

Examples:

# $ openssl genrsa -out ssl.key 1024
# $ openssl req -new -key ssl.key -x509 -days 3653 -out ssl.crt
# $ cat ssl.key ssl.crt > ssl.pem
# $ chmod 600 ssl.key ssl.pem
tls_server_loop(port: 1337, cert: 'ssl.crt', key: 'ssl.key') do |sock|
  sock.puts 'lol'
end

Parameters:

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for server_socket.

Options Hash (**kwargs):

• :port (Integer) — default: 0 —

  The local port to listen on.

• :host (String, nil) —

  The host to bind to.

• :backlog (Integer) — default: 5 —

  The maximum backlog of pending connections.

• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) — default: SSL.key —

  The RSA key to use for the TLS context.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) — default: SSL.cert —

  The X509 certificate to use for the SSL context.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Yields:

• (client) —

  The given block will be passed the newly connected client. After the block has finished, the client will be closed.

Yield Parameters:

• client (OpenSSL::SSL::SSLSocket) —

  A newly connected client.

Returns:

• (nil)

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 487

def self.server_loop(min_version: 1, **kwargs, &block)
  SSL.server_loop(min_version: min_version, **kwargs, &block)
end

.server_session(min_version: 1, **kwargs) {|server| ... } ⇒ OpenSSL::SSL::SSLServer

Creates a new temporary TLS server listening on a given host and port.

Parameters:

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for context.

Options Hash (**kwargs):

• :port (Integer) — default: 0 —

  The local port to listen on.

• :host (String, nil) —

  The host to bind to.

• :backlog (Integer) — default: 5 —

  The maximum backlog of pending connections.

• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) — default: SSL.key —

  The RSA key to use for the TLS context.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) — default: SSL.cert —

  The X509 certificate to use for the SSL context.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Yields:

• (server) —

  The given block will be passed the newly created SSL server.

Yield Parameters:

• server (OpenSSL::SSL::SSLServer) —

  The newly created SSL server. Once the block has finished, the server will be closed.

Returns:

• (OpenSSL::SSL::SSLServer) —

  The newly created SSL server.

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 449

def self.server_session(min_version: 1, **kwargs, &block)
  SSL.server_session(min_version: min_version, **kwargs, &block)
end

.server_socket(socket, min_version: 1, **kwargs) ⇒ OpenSSL::SSL::SSLSocket

Accepts an TLS session from an existing TCP socket.

Parameters:

• socket (TCPSocket) —

  The existing TCP socket.

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for socket.

Options Hash (**kwargs):

• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) — default: SSL.key —

  The RSA key to use for the TLS context.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) — default: SSL.cert —

  The X509 certificate to use for the SSL context.

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Returns:

• (OpenSSL::SSL::SSLSocket) —

  the new SSL Socket.

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 378

def self.server_socket(socket, min_version: 1, **kwargs)
  SSL.server_socket(socket, min_version: min_version, **kwargs)
end

.socket(socket, min_version: 1, **kwargs) ⇒ OpenSSL::SSL::SSLSocket

Initiates an SSL session with an existing TCP socket.

Parameters:

• socket (TCPSocket) —

  The existing TCP socket.

• min_version (1, 1.1, 1.2, 1.3, Symbol, nil) (defaults to: 1) —

  The minimum TLS version to use.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for SSL.context.

Options Hash (**kwargs):

• :version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The SSL version to use.

• :min_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The minimum SSL version to use.

• :max_version (1, 1.1, 1.2, 1.3, Symbol, nil) —

  The maximum SSL version to use.

• :verify (Symbol, Boolean) —

  Specifies whether to verify the SSL certificate. May be one of the following:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
• :key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) —

  The RSA key to use for the SSL context.

• :key_file (String) —

  The path to the SSL .key file.

• :cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) —

  The X509 certificate to use for the SSL context.

• :cert_file (String) —

  The path to the SSL .crt file.

• :ca_bundle (String) —

  Path to the CA certificate file or directory.

Returns:

• (OpenSSL::SSL::SSLSocket) —

  the new SSL Socket.

Since:

• 1.1.0

# File 'lib/ronin/support/network/tls.rb', line 108

def self.socket(socket, min_version: 1, **kwargs)
  SSL.socket(socket,min_version: min_version, **kwargs)
end