[erlang-questions] Using SNI with cowboy:start_tls/3

Loïc Hoguin <>
Wed Jan 30 00:26:17 CET 2019


Hey,

As far as Ranch is concerned, the options are given directly to the ssl 
application. What Ranch does is tweak some default values (unrelated to 
ssl), remove some options like active or packet (same), and pass them 
forward. The types in the docs are there merely for documentation purposes.

Afraid that's all the help I have.

Cheers,

On 28/01/2019 09:45, Igor Clark wrote:
> Hi there,
> 
> Does anyone have any examples of how to use sni_hosts correctly in 
> TransportOpts in cowboy:start_tls/3?
> 
> I want to use different certs for respective diferent hostnames, and I'm 
> having trouble deciphering the docs as the definition seems spread 
> across cowboy, ranch and erlang:ssl. From what I can tell the underlying 
> erlang:ssl wants this:
> 
> { sni_hosts, [ { hostname(), [ ssl_option() ] } ] }
> 
> which seems like it should work like e.g.
> 
> { sni_hosts, [ { "hostname1", [ { certfile, Certfile1 }, { keyfile, 
> Keyfile1 }, { cacertfile, CaCertFile1 } ] } ] }
> 
> but when I add that directly to the TransportOpts in cowboy:start_tls/3 
> alongside { port, Port } etc I just get bad_return. There are other 
> options that seem relevant e.g. server_name_indication but I'm finding 
> it tricky to piece it all together to make the right shape of 
> TransportOpts - I'm not clear whether the ssl_opts listed under the 
> ranch_ssl module docs 
> <https://ninenines.eu/docs/en/ranch/1.2/manual/ranch_ssl/> are simply 
> passed through from erlang:ssl <http://erlang.org/doc/man/ssl.html> or 
> whether they're a ranch-specific subset, and either way how to structure 
> the proplist to configure Cowboy to serve multiple TLS names.
> 
> Would very much appreciate any tips or examples!
> 
> Thanks,
> Igor
> 
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
> 

-- 
Loïc Hoguin
https://ninenines.eu


More information about the erlang-questions mailing list