[erlang-questions] Using SNI with cowboy:start_tls/3

Ingela Andin <>
Wed Jan 30 12:32:23 CET 2019


Hi!
Your exampel looks correct.

Here is another one

{sni_hosts,
 [{"a.server", [{certfile, "a_cert.pem"},
                {keyfile, "a_key.pem"},
                {keyfile, "a_key.pem"}
               ]},
  {"b.server", [{certfile, "b_cert.pem"},
                {keyfile, "b_key.pem"},
                {keyfile, "b_key.pem"}
               ]}
 ]}

If you want to know if the problem is with cowboy or ssl try calling ssl
API without cowboy

Regards Ingela


Den ons 30 jan. 2019 kl 00:26 skrev Loïc Hoguin <>:

> Hey,
>
> As far as Ranch is concerned, the options are given directly to the ssl
> application. What Ranch does is tweak some default values (unrelated to
> ssl), remove some options like active or packet (same), and pass them
> forward. The types in the docs are there merely for documentation purposes.
>
> Afraid that's all the help I have.
>
> Cheers,
>
> On 28/01/2019 09:45, Igor Clark wrote:
> > Hi there,
> >
> > Does anyone have any examples of how to use sni_hosts correctly in
> > TransportOpts in cowboy:start_tls/3?
> >
> > I want to use different certs for respective diferent hostnames, and I'm
> > having trouble deciphering the docs as the definition seems spread
> > across cowboy, ranch and erlang:ssl. From what I can tell the underlying
> > erlang:ssl wants this:
> >
> > { sni_hosts, [ { hostname(), [ ssl_option() ] } ] }
> >
> > which seems like it should work like e.g.
> >
> > { sni_hosts, [ { "hostname1", [ { certfile, Certfile1 }, { keyfile,
> > Keyfile1 }, { cacertfile, CaCertFile1 } ] } ] }
> >
> > but when I add that directly to the TransportOpts in cowboy:start_tls/3
> > alongside { port, Port } etc I just get bad_return. There are other
> > options that seem relevant e.g. server_name_indication but I'm finding
> > it tricky to piece it all together to make the right shape of
> > TransportOpts - I'm not clear whether the ssl_opts listed under the
> > ranch_ssl module docs
> > <https://ninenines.eu/docs/en/ranch/1.2/manual/ranch_ssl/> are simply
> > passed through from erlang:ssl <http://erlang.org/doc/man/ssl.html> or
> > whether they're a ranch-specific subset, and either way how to structure
> > the proplist to configure Cowboy to serve multiple TLS names.
> >
> > Would very much appreciate any tips or examples!
> >
> > Thanks,
> > Igor
> >
> > _______________________________________________
> > erlang-questions mailing list
> > 
> > http://erlang.org/mailman/listinfo/erlang-questions
> >
>
> --
> Loïc Hoguin
> https://ninenines.eu
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20190130/352bc063/attachment.html>


More information about the erlang-questions mailing list