Skip to content

Latest commit

 

History

History
102 lines (74 loc) · 2.33 KB

README.md

File metadata and controls

102 lines (74 loc) · 2.33 KB

mt-ruby-tls

mt-ruby-tls decouples the management of encrypted communications, putting you in charge of the transport layer. It can be used as an alternative to Ruby's SSLSocket.

Build Status

Install the gem

Install it with RubyGems

gem install mt-ruby-tls

or add this to your Gemfile if you use Bundler:

gem "mt-ruby-tls"

Windows users will require an installation of OpenSSL (32bit or 64bit matching the Ruby installation)

Usage

require 'rubygems'
require 'mt-ruby-tls'

class transport
  def initialize
    is_server = true
    callback_obj = self
    options = {
      verify_peer: true,
      private_key: '/file/path.pem',
      cert_chain: '/file/path.crt',
      ciphers: 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!CAMELLIA:@STRENGTH' # (default)
      # protocols: ["h2", "http/1.1"], # Can be used where OpenSSL >= 1.0.2 (Application Level Protocol negotiation)
      # fallback: "http/1.1", # Optional fallback to a default protocol when either client or server doesn't support ALPN
      # client_ca: '/file/path.pem'
    }
    @ssl_layer = MTRubyTls::SSL::Box.new(is_server, callback_obj, options)
  end

  def close_cb
    puts "The transport layer should be shutdown"
  end

  def dispatch_cb(data)
    puts "Clear text data that has been decrypted"
  end

  def transmit_cb(data)
    puts "Encrypted data for transmission to remote"
    # @tcp.send data
  end

  def handshake_cb(protocol)
    puts "initial handshake has completed"
  end

  def verify_cb(cert)
    # Return true or false
    is_cert_valid? cert
  end

  def start_tls
    # Start SSL negotiation when you are ready
    @ssl_layer.start
  end

  def send(data)
    @ssl_layer.encrypt(data)
  end
end

#
# Create a new TLS connection
#
connection = transport.new

#
# Init the handshake
#
connection.start_tls

#
# Start sending data to the remote, this will trigger the
# transmit_cb with encrypted data to send.
#
connection.send('client request')

#
# Similarly when data is received from the remote it should be
# passed to connection.decrypt where the dispatch_cb will be
# called with clear text
#

License and copyright

MIT