proxygen
Static Public Member Functions | Static Public Attributes | List of all members
folly::ssl::SSLCommonOptions Struct Reference

#include <SSLOptions.h>

Static Public Member Functions

static void setClientOptions (SSLContext &ctx)
 

Static Public Attributes

static constexpr auto kCipherList
 
static constexpr auto kSignatureAlgorithms
 

Detailed Description

Definition at line 29 of file SSLOptions.h.

Member Function Documentation

void folly::ssl::SSLCommonOptions::setClientOptions ( SSLContext ctx)
static

Set common parameters on a client SSL context, for example, ciphers, signature algorithms, verification options, and client EC curves.

Parameters
ctxThe SSL Context to which to apply the options.

Definition at line 34 of file SSLOptions.cpp.

References folly::DFATAL, folly::exceptionStr(), folly::SSLContext::setClientECCurvesList(), and folly::SSLContext::setX509VerifyParam().

34  {
35 #ifdef SSL_MODE_HANDSHAKE_CUTTHROUGH
36  ctx.enableFalseStart();
37 #endif
38 
39  X509VerifyParam param(X509_VERIFY_PARAM_new());
40  X509_VERIFY_PARAM_set_flags(param.get(), X509_V_FLAG_X509_STRICT);
41  try {
42  ctx.setX509VerifyParam(param);
43  } catch (std::runtime_error const& e) {
44  LOG(DFATAL) << exceptionStr(e);
45  }
46 
47  try {
48  ctx.setClientECCurvesList({"P-256", "P-384"});
49  } catch (std::runtime_error const& e) {
50  LOG(DFATAL) << exceptionStr(e);
51  }
52 
53  setCipherSuites<SSLCommonOptions>(ctx);
54  setSignatureAlgorithms<SSLCommonOptions>(ctx);
55 }
folly::exceptionStr
fbstring exceptionStr(const std::exception &e)
Definition: ExceptionString.h:33
folly::ssl::X509VerifyParam
std::unique_ptr< X509_VERIFY_PARAM, X509VerifyParamDeleter > X509VerifyParam
Definition: OpenSSLPtrTypes.h:51

Member Data Documentation

constexpr std::array< const char *, 12 > folly::ssl::SSLCommonOptions::kCipherList
static
Initial value:
= folly::make_array(
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA",
"ECDHE-RSA-AES256-SHA384",
"AES128-GCM-SHA256",
"AES256-SHA",
"AES128-SHA")

The cipher list recommended for this options configuration.

Definition at line 33 of file SSLOptions.h.

Referenced by CurlService::CurlClient::initializeSsl(), and folly::ssl::ssl_options_detail::logDfatal().

constexpr std::array< const char *, 8 > folly::ssl::SSLCommonOptions::kSignatureAlgorithms
static
Initial value:
= folly::make_array(
"RSA+SHA512",
"ECDSA+SHA512",
"RSA+SHA384",
"ECDSA+SHA384",
"RSA+SHA256",
"ECDSA+SHA256",
"RSA+SHA1",
"ECDSA+SHA1")

The list of signature algorithms recommended for this options configuration.

Definition at line 51 of file SSLOptions.h.

Referenced by folly::ssl::ssl_options_detail::logDfatal().

The documentation for this struct was generated from the following files: