我在这里查看代码:How to make Sinatra work over HTTPS/SSL?
require 'sinatra/base'
require 'webrick'
require 'webrick/https'
require 'openssl'
CERT_PATH = '/opt/myCA/server/'
webrick_options = {
:Port => 8443,
:Logger => WEBrick::Log::new($stderr, WEBrick::Log::DEBUG),
:DocumentRoot => "/ruby/htdocs",
:SSLEnable => true,
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
:SSLCertificate => OpenSSL::X509::Certificate.new( File.open(File.join(CERT_PATH, "my-server.crt")).read),
:SSLPrivateKey => OpenSSL::PKey::RSA.new( File.open(File.join(CERT_PATH, "my-server.key")).read),
:SSLCertName => [ [ "CN",WEBrick::Utils::getservername ] ]
}
class MyServer < Sinatra::Base
post '/' do
"Hellow, world!"
end
end
Rack::Handler::WEBrick.run MyServer, webrick_options
如何禁用SSLv2,SSLv3和TLS1.0,并且只允许TLS1.2?这将修复旧协议中的POODLE漏洞。这是我第一次尝试使用ruby / WEBrick这么漂亮的新手。谢谢你的帮助!