From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <normalperson@yhbt.net>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: 
X-Spam-Status: No, score=-2.9 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00,
 RP_MATCHES_RCVD,URIBL_BLOCKED shortcircuit=no autolearn=unavailable
 version=3.3.2
X-Original-To: yahns-public@yhbt.net
Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net
 (Postfix) with ESMTP id 7B7DE20310 for <yahns-public@yhbt.net>; Mon, 29 Feb
 2016 02:16:27 +0000 (UTC)
From: Eric Wong <e@80x24.org>
To: yahns-public@yhbt.net
Subject: [PATCH] document SSL::SSL::SSLContext#set_params use
Date: Mon, 29 Feb 2016 02:16:27 +0000
Message-Id: <20160229021627.4454-1-e@80x24.org>
List-Id: <yahns-public@yhbt.net>

I use whatever Ruby developers deem to be reasonable defaults.
Because compatibility with old systems is still valued, these
may not be the safest possible configuration; but ought to be
better than what OpenSSL upstream provides by default.
---
 Documentation/yahns_config.pod | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Documentation/yahns_config.pod b/Documentation/yahns_config.pod
index 3b1f2e4..aadd691 100644
--- a/Documentation/yahns_config.pod
+++ b/Documentation/yahns_config.pod
@@ -446,6 +446,7 @@ An example which seems to work is:
   ssl_ctx.key = OpenSSL::PKey::RSA.new(
     IO.read('/etc/ssl/private/example.key')
   )
+  ssl_ctx.set_params # use defaults provided by Ruby on top of OpenSSL
 
   app(:rack, "/path/to/my/app/config.ru") do
     listen 443, ssl_ctx: ssl_ctx
-- 
EW