# Net::Server::Proto::SSL - phpMan

## NAME
    [Net::Server::Proto::SSL] - [Net::Server] SSL protocol.

## SYNOPSIS
    Until this release, it was preferable to use the
    [Net::Server::Proto::SSLEAY] module. Recent versions include code that
    overcomes original limitations.

    See [Net::Server::Proto]. See [Net::Server::Proto::SSLEAY].

        use base qw([Net::Server::HTTP]);
        main->run(
            proto => 'ssl',
            SSL_key_file  => "/path/to/my/file.key",
            SSL_cert_file => "/path/to/my/file.crt",
        );


        # OR

        sub SSL_key_file  { "/path/to/my/file.key" }
        sub SSL_cert_file { "/path/to/my/file.crt" }
        main->run(proto = 'ssl');


        # OR

        main->run(
            port => [443, 8443, "80/tcp"],  # bind to two ssl ports and one tcp
            proto => "ssl",       # use ssl as the default
            ipv  => "*",          # bind both IPv4 and IPv6 interfaces
            SSL_key_file  => "/path/to/my/file.key",
            SSL_cert_file => "/path/to/my/file.crt",
        );


        # OR

        main->run(port => [{
            port  => "443",
            proto => "ssl",
            # ipv => 4, # default - only do IPv4
            SSL_key_file  => "/path/to/my/file.key",
            SSL_cert_file => "/path/to/my/file.crt",
        }, {
            port  => "8443",
            proto => "ssl",
            ipv   => "*", # IPv4 and IPv6
            SSL_key_file  => "/path/to/my/file2.key", # separate key
            SSL_cert_file => "/path/to/my/file2.crt", # separate cert

            SSL_foo => 1, # Any key prefixed with SSL_ passed as a port hashref
                          # key/value will automatically be passed to [IO::Socket::SSL]
        }]);

## DESCRIPTION
    Protocol module for [Net::Server] based on [IO::Socket::SSL]. This module
    implements a secure socket layer over tcp (also known as SSL) via the
    [IO::Socket::SSL] module. If this module does not work in your situation,
    please also consider using the SSLEAY protocol
    ([Net::Server::Proto::SSLEAY]) which interfaces directly with [Net::SSLeay].
    See [Net::Server::Proto].

    If you know that your server will only need IPv4 (which is the default
    for [Net::Server]), you can load [IO::Socket::SSL] in inet4 mode which will
    prevent it from using Socket6 and [IO::Socket::INET6] since they would
    represent additional and unused overhead.

        use [IO::Socket::SSL] qw(inet4);
        use base qw([Net::Server::Fork]);

        __PACKAGE__->run(proto => "ssl");

## PARAMETERS
    In addition to the normal [Net::Server] parameters, any of the SSL
    parameters from [IO::Socket::SSL] may also be specified. See
    [IO::Socket::SSL] for information on setting this up. All arguments
    prefixed with SSL_ will be passed to the [IO::Socket::SSL]->configure
    method.

## BUGS
    Until version [Net::Server] version 2, [Net::Server::Proto::SSL] used the
    default [IO::Socket::SSL::accept] method. This old approach introduces a
    DDOS vulnerability into the server, where the socket is accepted, but
    the parent server then has to block until the client negotiates the SSL
    connection. This has now been overcome by overriding the accept method
    and accepting the SSL negotiation after the parent socket has had the
    chance to go back to listening.

## LICENCE
    Distributed under the same terms as [Net::Server]

## THANKS
    Thanks to Vadim for pointing out the [IO::Socket::SSL] accept was
    returning objects blessed into the wrong class.