dany/luasec
1
0
Fork 0
mirror of https://github.com/brunoos/luasec.git synced 2024-09-19 18:46:41 +02:00
Code Issues Packages Projects Releases Wiki Activity
31228677b2
luasec/doc/luasec.md
Bart van Strien d84a0a911c Document functions of 'ssl' module
2015-06-04 13:30:32 +02:00

2.9 KiB
Raw Blame History

LuaSec

LuaSec is a binding for OpenSSL library to provide TLS/SSL communication. It takes an already established TCP connection and creates a secure session between the peers.

Functions

ssl.newcontext

cfg = {
  protocol = "sslv23" | "sslv3" | "tlsv1" | "tlsv1_1" | "tlsv1_2",
  mode = "server" | "client",
  key = nil | filename,
  password = nil | string | function() -> string,
  certificate = nil | filename,
  cafile = nil | filename,
  capath = nil | path,
  ciphers = ciphers,
  verify = {"none" | "peer" | "client_once" | "fail_if_no_peer_cert", ...},
  options = options,
  depth = number,
  dhparam = function(is_export, keylength) -> dh_params_string,
  curve = curve,
  verifyext = {"lsec_continue" | "lsec_ignore_purpose" | "crl_check" |
      "crl_check_chain", ...},
}

context = ssl.newcontext(cfg)

Creates a new context based on the settings in the cfg table. See OpenSSL documentation on specifics on these settings, and see the openssl ciphers command for the list of supported ciphers and its format specifically.

options

  "all"
  "allow_unsafe_legacy_renegotiation"
  "cipher_server_preference"
  "cisco_anyconnect"
  "cookie_exchange"
  "cryptopro_tlsext_bug"
  "dont_insert_empty_fragments"
  "ephemeral_rsa"
  "legacy_server_connect"
  "microsoft_big_sslv3_buffer"
  "microsoft_sess_id_bug"
  "msie_sslv2_rsa_padding"
  "netscape_ca_dn_bug"
  "netscape_challenge_bug"
  "netscape_demo_cipher_change_bug"
  "netscape_reuse_cipher_change_bug"
  "no_compression"
  "no_query_mtu"
  "no_session_resumption_on_renegotiation"
  "no_sslv2"
  "no_sslv3"
  "no_ticket"
  "no_tlsv1"
  "no_tlsv1_1"
  "no_tlsv1_2"
  "pkcs1_check_1"
  "pkcs1_check_2"
  "single_dh_use"
  "single_ecdh_use"
  "ssleay_080_client_dh_bug"
  "sslref2_reuse_cert_type_bug"
  "tls_block_padding_bug"
  "tls_d5_bug"
  "tls_rollback_bug"

curves

  "secp112r1"
  "secp112r2"
  "secp128r1"
  "secp128r2"
  "secp160k1"
  "secp160r1"
  "secp160r2"
  "secp192k1"
  "secp224k1"
  "secp224r1"
  "secp256k1"
  "secp384r1"
  "secp521r1"
  "sect113r1"
  "sect113r2"
  "sect131r1"
  "sect131r2"
  "sect163k1"
  "sect163r1"
  "sect163r2"
  "sect193r1"
  "sect193r2"
  "sect233k1"
  "sect233r1"
  "sect239k1"
  "sect283k1"
  "sect283r1"
  "sect409k1"
  "sect409r1"
  "sect571k1"
  "sect571r1"
  "prime192v1"
  "prime192v2"
  "prime192v3"
  "prime239v1"
  "prime239v2"
  "prime239v3"
  "prime256v1"

ssl.loadcertificate

Alias for cert.load.

ssl.wrap

conn = ssl.wrap(socket, cfg)

ssl.wrap wraps an existing luasocket socket into a luasec connection object. cfg is defined as for ssl.newcontext.