Merge pull request macournoyer#327 from frameworked/master

Add config support for ssl_version and ssl_cipher_list.
areitz · Jul 4, 2017 · 8df953e · 8df953e
2 parents 678fa4d + c9f0ca4
commit 8df953e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/lib/thin/controllers/controller.rb b/lib/thin/controllers/controller.rb
@@ -55,7 +55,7 @@ def start
         # ssl support
         if @options[:ssl]
           server.ssl = true
-          server.ssl_options = { :private_key_file => @options[:ssl_key_file], :cert_chain_file => @options[:ssl_cert_file], :verify_peer => !@options[:ssl_disable_verify] }
+          server.ssl_options = { :private_key_file => @options[:ssl_key_file], :cert_chain_file => @options[:ssl_cert_file], :verify_peer => !@options[:ssl_disable_verify], :ssl_version => @options[:ssl_version], :cipher_list => @options[:ssl_cipher_list]}
         end
 
         # Detach the process, after this line the current process returns

diff --git a/lib/thin/runner.rb b/lib/thin/runner.rb
@@ -81,6 +81,8 @@ def parser
         opts.on(      "--ssl-key-file PATH", "Path to private key")                     { |path| @options[:ssl_key_file] = path }
         opts.on(      "--ssl-cert-file PATH", "Path to certificate")                    { |path| @options[:ssl_cert_file] = path }
         opts.on(      "--ssl-disable-verify", "Disables (optional) client cert requests") { @options[:ssl_disable_verify] = true }
+        opts.on(      "--ssl-version VERSION", "TLSv1, TLSv1_1, TLSv1_2")               { |version| @options[:ssl_version] = version }
+        opts.on(      "--ssl-cipher-list STRING", "Example: HIGH:!ADH:!RC4:-MEDIUM:-LOW:-EXP:-CAMELLIA") { |cipher| @options[:ssl_cipher_list] = cipher }
 
         opts.separator ""
         opts.separator "Adapter options:"