CipherSuites v0.2.1 CipherSuites View Source

Support OpenSSL-style cipher suite selection in Erlang/Elixir applications.

Link to this section Summary

Functions

Returns all known cipher suites, as reported by the :ssl module

Returns the default cipher suites, as reported by the :ssl module

Expands a cipher suite spec string in OpenSSL format in a Phoenix Endpoint configuration. For use in the Endpoint’s init/2 callback, e.g

Applies the specified OpenSSL cipher selection string to the list of known cipher suites and returns the resulting list

Link to this section Functions

Returns all known cipher suites, as reported by the :ssl module.

Note that this function returns all known cipher suites, including null ciphers, which is different from what select("ALL") returns!

Returns the default cipher suites, as reported by the :ssl module.

Link to this function init_phoenix_endpoint(config) View Source
init_phoenix_endpoint(Keyword.t()) :: Keyword.t()

Expands a cipher suite spec string in OpenSSL format in a Phoenix Endpoint configuration. For use in the Endpoint’s init/2 callback, e.g.:

# Inside config.exs
config :my_app, MyAppWeb.Endpoint,
  https: [
    port: 4001,
    certfile: "priv/cert.pem",
    keyfile: "priv/key.pem",
    ciphers: "aRSA+kEECDH+AES256:!SHA"
  ]

# Inside MyAppWeb.Endpoint...
def init(_key, config) do
  {:ok, CipherSuites.init_phoenix_endpoint(config)}
end

Applies the specified OpenSSL cipher selection string to the list of known cipher suites and returns the resulting list.

The result can be used in the :ciphers option for :ssl client and server connections, as well as in most TLS-capable applications, such as Ranch, Cowboy, Plug and Phoenix.

Example:

iex> CipherSuites.select("aRSA+kEECDH+AES256:!SHA")
[{:ecdhe_rsa, :aes_256_gcm, :null, :sha384},
 {:ecdhe_rsa, :aes_256_cbc, :sha384, :sha384}]

Please refer to the OpenSSL man page for more information about the syntax of the cipher selection string.