Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Net::Server::Proto::SSUser Contributed Perl DocumentNet::Server::Proto::SSL(3)

NAME
       Net::Server::Proto::SSL - Net::Server SSL protocol.

SYNOPSIS
       Until this release, it was preferrable to use the
       Net::Server::Proto::SSLEAY module.  Recent versions include code	that
       overcomes original limitations.

       See Net::Server::Proto.	See Net::Server::Proto::SSLEAY.

	   use base qw(Net::Server::HTTP);
	   main->run(
	       proto =>	'ssl',
	       SSL_key_file  =>	"/path/to/my/file.key",
	       SSL_cert_file =>	"/path/to/my/file.crt",
	   );

	   # OR

	   sub SSL_key_file  { "/path/to/my/file.key" }
	   sub SSL_cert_file { "/path/to/my/file.crt" }
	   main->run(proto = 'ssl');

	   # OR

	   main->run(
	       port => [443, 8443, "80/tcp"],  # bind to two ssl ports and one tcp
	       proto =>	"ssl",	     # use ssl as the default
	       ipv  => "*",	     # bind both IPv4 and IPv6 interfaces
	       SSL_key_file  =>	"/path/to/my/file.key",
	       SSL_cert_file =>	"/path/to/my/file.crt",
	   );

	   # OR

	   main->run(port => [{
	       port  =>	"443",
	       proto =>	"ssl",
	       # ipv =>	4, # default - only do IPv4
	       SSL_key_file  =>	"/path/to/my/file.key",
	       SSL_cert_file =>	"/path/to/my/file.crt",
	   }, {
	       port  =>	"8443",
	       proto =>	"ssl",
	       ipv   =>	"*", # IPv4 and	IPv6
	       SSL_key_file  =>	"/path/to/my/file2.key", # separate key
	       SSL_cert_file =>	"/path/to/my/file2.crt", # separate cert

	       SSL_foo => 1, # Any key prefixed	with SSL_ passed as a port hashref
			     # key/value will automatically be passed to IO::Socket::SSL
	   }]);

DESCRIPTION
       Protocol	module for Net::Server based on	IO::Socket::SSL.  This module
       implements a secure socket layer	over tcp (also known as	SSL) via the
       IO::Socket::SSL module.	If this	module does not	work in	your
       situation, please also consider using the SSLEAY	protocol
       (Net::Server::Proto::SSLEAY) which interfaces directly with
       Net::SSLeay.  See Net::Server::Proto.

       If you know that	your server will only need IPv4	(which is the default
       for Net::Server), you can load IO::Socket::SSL in inet4 mode which will
       prevent it from using Socket6 and IO::Socket::INET6 since they would
       represent additional and	unsued overhead.

	   use IO::Socket::SSL qw(inet4);
	   use base qw(Net::Server::Fork);

	   __PACKAGE__->run(proto => "ssl");

PARAMETERS
       In addition to the normal Net::Server parameters, any of	the SSL
       parameters from IO::Socket::SSL may also	be specified.  See
       IO::Socket::SSL for information on setting this up.  All	arguments
       prefixed	with SSL_ will be passed to the	IO::Socket::SSL->configure
       method.

BUGS
       Until version Net::Server version 2, Net::Server::Proto::SSL used the
       default IO::Socket::SSL::accept method.	This old approach introduces a
       DDOS vulnerability into the server, where the socket is accepted, but
       the parent server then has to block until the client negotiates the SSL
       connection.  This has now been overcome by overriding the accept	method
       and accepting the SSL negotiation after the parent socket has had the
       chance to go back to listening.

LICENCE
       Distributed under the same terms	as Net::Server

THANKS
       Thanks to Vadim for pointing out	the IO::Socket::SSL accept was
       returning objects blessed into the wrong	class.

perl v5.32.0			  2017-08-10	    Net::Server::Proto::SSL(3)

NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | BUGS | LICENCE | THANKS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Net::Server::Proto::SSL&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help