I use whatever Ruby developers deem to be reasonable defaults.
Because compatibility with old systems is still valued, these
may not be the safest possible configuration; but ought to be
better than what OpenSSL upstream provides by default.
---
Documentation/yahns_config.pod | 1 +
1 file changed, 1 insertion(+)
diff --git a/Documentation/yahns_config.pod b/Documentation/yahns_config.pod
index 3b1f2e4..aadd691 100644
--- a/Documentation/yahns_config.pod
+++ b/Documentation/yahns_config.pod
@@ -446,6 +446,7 @@ An example which seems to work is:
ssl_ctx.key = OpenSSL::PKey::RSA.new(
IO.read('/etc/ssl/private/example.key')
)
+ ssl_ctx.set_params # use defaults provided by Ruby on top of OpenSSL
app(:rack, "/path/to/my/app/config.ru") do
listen 443, ssl_ctx: ssl_ctx
--
EW
--
unsubscribe: [email protected]
archive: http://yhbt.net/yahns-public/
