.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "Net::Server::Proto::SSL 3"
.TH Net::Server::Proto::SSL 3 2023-07-25 "perl v5.38.0" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
Net::Server::Proto::SSL \- Net::Server SSL protocol.
.SH SYNOPSIS
.IX Header "SYNOPSIS"
Until this release, it was preferable to use the Net::Server::Proto::SSLEAY
module.  Recent versions include code that overcomes original limitations.
.PP
See Net::Server::Proto.
See Net::Server::Proto::SSLEAY.
.PP
.Vb 6
\&    use base qw(Net::Server::HTTP);
\&    main\->run(
\&        proto => \*(Aqssl\*(Aq,
\&        SSL_key_file  => "/path/to/my/file.key",
\&        SSL_cert_file => "/path/to/my/file.crt",
\&    );
\&
\&
\&    # OR
\&
\&    sub SSL_key_file  { "/path/to/my/file.key" }
\&    sub SSL_cert_file { "/path/to/my/file.crt" }
\&    main\->run(proto = \*(Aqssl\*(Aq);
\&
\&
\&    # OR
\&
\&    main\->run(
\&        port => [443, 8443, "80/tcp"],  # bind to two ssl ports and one tcp
\&        proto => "ssl",       # use ssl as the default
\&        ipv  => "*",          # bind both IPv4 and IPv6 interfaces
\&        SSL_key_file  => "/path/to/my/file.key",
\&        SSL_cert_file => "/path/to/my/file.crt",
\&    );
\&
\&
\&    # OR
\&
\&    main\->run(port => [{
\&        port  => "443",
\&        proto => "ssl",
\&        # ipv => 4, # default \- only do IPv4
\&        SSL_key_file  => "/path/to/my/file.key",
\&        SSL_cert_file => "/path/to/my/file.crt",
\&    }, {
\&        port  => "8443",
\&        proto => "ssl",
\&        ipv   => "*", # IPv4 and IPv6
\&        SSL_key_file  => "/path/to/my/file2.key", # separate key
\&        SSL_cert_file => "/path/to/my/file2.crt", # separate cert
\&
\&        SSL_foo => 1, # Any key prefixed with SSL_ passed as a port hashref
\&                      # key/value will automatically be passed to IO::Socket::SSL
\&    }]);
.Ve
.SH DESCRIPTION
.IX Header "DESCRIPTION"
Protocol module for Net::Server based on IO::Socket::SSL.  This module
implements a secure socket layer over tcp (also known as SSL) via the
IO::Socket::SSL module.  If this module does not work in your
situation, please also consider using the SSLEAY protocol
(Net::Server::Proto::SSLEAY) which interfaces directly with
Net::SSLeay.  See Net::Server::Proto.
.PP
If you know that your server will only need IPv4 (which is the default
for Net::Server), you can load IO::Socket::SSL in inet4 mode which
will prevent it from using Socket6, IO::Socket::IP, or IO::Socket::INET6 since they
would represent additional and unused overhead.
.PP
.Vb 2
\&    use IO::Socket::SSL qw(inet4);
\&    use base qw(Net::Server::Fork);
\&
\&    _\|_PACKAGE_\|_\->run(proto => "ssl");
.Ve
.SH PARAMETERS
.IX Header "PARAMETERS"
In addition to the normal Net::Server parameters, any of the SSL
parameters from IO::Socket::SSL may also be specified.  See
IO::Socket::SSL for information on setting this up.  All arguments
prefixed with SSL_ will be passed to the IO::Socket::SSL\->configure
method.
.SH BUGS
.IX Header "BUGS"
Until version Net::Server version 2, Net::Server::Proto::SSL used the
default IO::Socket::SSL::accept method.  This old approach introduces a
DDOS vulnerability into the server, where the socket is accepted, but
the parent server then has to block until the client negotiates the
SSL connection.  This has now been overcome by overriding the accept
method and accepting the SSL negotiation after the parent socket has
had the chance to go back to listening.
.SH LICENCE
.IX Header "LICENCE"
Distributed under the same terms as Net::Server
.SH THANKS
.IX Header "THANKS"
Thanks to Vadim for pointing out the IO::Socket::SSL accept
was returning objects blessed into the wrong class.