Home/ Questions/Q 8098953
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T22:14:41+00:00

How do you secure a socket with SSL in Ruby when you need to

  • 0

How do you secure a socket with SSL in Ruby when you need to communicate over plaintext first?

I can’t use OpenSSL::SSL::SSLServer because it’s the client’s responsibility to request an SSL connection first

To put a long story short, I am attempting to implement RFC3207, where the client sends the keyword “STARTTLS”, and then an SSL connection is created.

My question is “How do I create the SSL connection after the server has sent ‘220 OK’?”

I know I can use OpenSSL::SSL::SSLSocket on the client-side, but I have no idea what to do on the server-side

If you know how to do this in a language other than Ruby, just post the code and I’ll translate it, I’ve been working on this for about 8 hours and I need everything I can get

I have asked in #ruby-lang, but with no avail, and I have tried wrapping Socket objects in SSLSockets on the server and client at the same time, but that isn’t working either

In short, I’m very stuck, I need all the help I can get

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I created this gist to illustrate how to set up a minimal TLS server. You may want to leave out lines 62-67, that was to illustrate a new feature on trunk.

    But other than that, it’s a fully working TLS server, you may build on it to add further functionality.

    You may also want to change the server certificate’s CN from “localhost” to a real domain if you want to use it seriously 🙂

    You may notice that the largest part of the work is actually setting up the PKI aspects correctly. The core server part is this:

    ctx = OpenSSL::SSL::SSLContext.new
ctx.cert = ... # the server certificate
ctx.key = ... # the key associated with this certificate
ctx.ssl_version = :SSLv23
tcps = TCPServer.new('127.0.0.1', 8443)
ssls = OpenSSL::SSL::SSLServer.new(tcps, ctx)
ssls.start_immediately = true
begin
  loop do
    ssl = ssls.accept
    puts "Connected"
    begin
      while line = ssl.gets
        puts "Client says: #{line}"
        ssl.write(line) # simple echo, do something more useful here
      end
    ensure
      ssl.close
    end
  end
ensure
  tcps.close if tcps
end
    • 0