Struct rustls::ServerConfig [−][src]
Common configuration for a set of server sessions.
Making one of these can be expensive, and should be once per process rather than once per connection.
Fields
ciphersuites: Vec<&'static SupportedCipherSuite>
List of ciphersuites, in preference order.
ignore_client_order: bool
Ignore the client’s ciphersuite order. Instead, choose the top ciphersuite in the server list which is supported by the client.
mtu: Option<usize>
Our MTU. If None, we don’t limit TLS message sizes.
session_storage: Arc<dyn StoresServerSessions + Send + Sync>
How to store client sessions.
ticketer: Arc<dyn ProducesTickets>
How to produce tickets.
cert_resolver: Arc<dyn ResolvesServerCert>
How to choose a server cert and key.
alpn_protocols: Vec<Vec<u8>>
Protocol names we support, most preferred first. If empty we don’t do ALPN at all.
versions: Vec<ProtocolVersion>
Supported protocol versions, in no particular order. The default is all supported versions.
key_log: Arc<dyn KeyLog>
How to output key material for debugging. The default does nothing.
Implementations
impl ServerConfig
[src]
pub fn new(client_cert_verifier: Arc<dyn ClientCertVerifier>) -> ServerConfig
[src]
Make a ServerConfig
with a default set of ciphersuites,
no keys/certificates, and no ALPN protocols. Session resumption
is enabled by storing up to 256 recent sessions in memory. Tickets are
disabled.
Publicly-available web servers on the internet generally don’t do client
authentication; for this use case, client_cert_verifier
should be a
NoClientAuth
. Otherwise, use AllowAnyAuthenticatedClient
or another
implementation to enforce client authentication.
We don’t provide a default for client_cert_verifier
because the safest
default, requiring client authentication, requires additional
configuration that we cannot provide reasonable defaults for.
pub fn with_ciphersuites(
client_cert_verifier: Arc<dyn ClientCertVerifier>,
ciphersuites: &[&'static SupportedCipherSuite]
) -> ServerConfig
[src]
client_cert_verifier: Arc<dyn ClientCertVerifier>,
ciphersuites: &[&'static SupportedCipherSuite]
) -> ServerConfig
Make a ServerConfig
with a custom set of ciphersuites,
no keys/certificates, and no ALPN protocols. Session resumption
is enabled by storing up to 256 recent sessions in memory. Tickets are
disabled.
Publicly-available web servers on the internet generally don’t do client
authentication; for this use case, client_cert_verifier
should be a
NoClientAuth
. Otherwise, use AllowAnyAuthenticatedClient
or another
implementation to enforce client authentication.
We don’t provide a default for client_cert_verifier
because the safest
default, requiring client authentication, requires additional
configuration that we cannot provide reasonable defaults for.
pub fn set_persistence(
&mut self,
persist: Arc<dyn StoresServerSessions + Send + Sync>
)
[src]
&mut self,
persist: Arc<dyn StoresServerSessions + Send + Sync>
)
Sets the session persistence layer to persist
.
pub fn set_single_cert(
&mut self,
cert_chain: Vec<Certificate>,
key_der: PrivateKey
) -> Result<(), TLSError>
[src]
&mut self,
cert_chain: Vec<Certificate>,
key_der: PrivateKey
) -> Result<(), TLSError>
Sets a single certificate chain and matching private key. This certificate and key is used for all subsequent connections, irrespective of things like SNI hostname.
Note that the end-entity certificate must have the
Subject Alternative Name
extension to describe, e.g., the valid DNS name. The commonName
field is
disregarded.
cert_chain
is a vector of DER-encoded certificates.
key_der
is a DER-encoded RSA, ECDSA, or Ed25519 private key.
This function fails if key_der
is invalid.
pub fn set_single_cert_with_ocsp_and_sct(
&mut self,
cert_chain: Vec<Certificate>,
key_der: PrivateKey,
ocsp: Vec<u8>,
scts: Vec<u8>
) -> Result<(), TLSError>
[src]
&mut self,
cert_chain: Vec<Certificate>,
key_der: PrivateKey,
ocsp: Vec<u8>,
scts: Vec<u8>
) -> Result<(), TLSError>
Sets a single certificate chain, matching private key and OCSP response. This certificate and key is used for all subsequent connections, irrespective of things like SNI hostname.
cert_chain
is a vector of DER-encoded certificates.
key_der
is a DER-encoded RSA, ECDSA, or Ed25519 private key.
ocsp
is a DER-encoded OCSP response. Ignored if zero length.
scts
is an SignedCertificateTimestampList
encoding (see RFC6962)
and is ignored if empty.
This function fails if key_der
is invalid.
pub fn set_protocols(&mut self, protocols: &[Vec<u8>])
[src]
Set the ALPN protocol list to the given protocol names. Overwrites any existing configured protocols.
The first element in the protocols
list is the most
preferred, the last is the least preferred.
pub fn set_client_certificate_verifier(
&mut self,
verifier: Arc<dyn ClientCertVerifier>
)
[src]
&mut self,
verifier: Arc<dyn ClientCertVerifier>
)
Overrides the default ClientCertVerifier
with something else.
Trait Implementations
impl Clone for ServerConfig
[src]
fn clone(&self) -> ServerConfig
[src]
pub fn clone_from(&mut self, source: &Self)
1.0.0[src]
Auto Trait Implementations
impl !RefUnwindSafe for ServerConfig
impl Send for ServerConfig
impl Sync for ServerConfig
impl Unpin for ServerConfig
impl !UnwindSafe for ServerConfig
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
pub fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> From<T> for T
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> ToOwned for T where
T: Clone,
[src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
pub fn to_owned(&self) -> T
[src]
pub fn clone_into(&self, target: &mut T)
[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,