pub struct Ssl(/* private fields */);
Expand description
The state of an SSL/TLS session.
Ssl
objects are created from an SslContext
, which provides configuration defaults.
These defaults can be overridden on a per-Ssl
basis, however.
Implementations§
Source§impl Ssl
impl Ssl
Sourcepub fn new_ex_index<T>() -> Result<Index<Ssl, T>, ErrorStack>
pub fn new_ex_index<T>() -> Result<Index<Ssl, T>, ErrorStack>
Returns a new extra data index.
Each invocation of this function is guaranteed to return a distinct index. These can be used to store data in the context that can be retrieved later by callbacks, for example.
This corresponds to SSL_get_ex_new_index
.
Sourcepub fn new(ctx: &SslContextRef) -> Result<Ssl, ErrorStack>
pub fn new(ctx: &SslContextRef) -> Result<Ssl, ErrorStack>
Sourcepub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
pub fn connect<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
Initiates a client-side TLS handshake.
This corresponds to SSL_connect
.
§Warning
OpenSSL’s default configuration is insecure. It is highly recommended to use
SslConnector
rather than Ssl
directly, as it manages that configuration.
This corresponds to SSL_connect
.
Sourcepub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
pub fn accept<S>(self, stream: S) -> Result<SslStream<S>, HandshakeError<S>>
Initiates a server-side TLS handshake.
This corresponds to SSL_accept
.
§Warning
OpenSSL’s default configuration is insecure. It is highly recommended to use
SslAcceptor
rather than Ssl
directly, as it manages that configuration.
This corresponds to SSL_accept
.
Methods from Deref<Target = SslRef>§
Sourcepub fn set_connect_state(&mut self)
pub fn set_connect_state(&mut self)
Configure as an outgoing stream from a client.
This corresponds to SSL_set_connect_state
.
Sourcepub fn set_accept_state(&mut self)
pub fn set_accept_state(&mut self)
Configure as an incoming stream to a server.
This corresponds to SSL_set_accept_state
.
Sourcepub fn set_verify(&mut self, mode: SslVerifyMode)
pub fn set_verify(&mut self, mode: SslVerifyMode)
Like SslContextBuilder::set_verify
.
This corresponds to SSL_set_verify
.
Sourcepub fn verify_mode(&self) -> SslVerifyMode
pub fn verify_mode(&self) -> SslVerifyMode
Returns the verify mode that was set using set_verify
.
This corresponds to SSL_set_verify_mode
.
Sourcepub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
pub fn set_verify_callback<F>(&mut self, mode: SslVerifyMode, verify: F)
Like SslContextBuilder::set_verify_callback
.
This corresponds to SSL_set_verify
.
Sourcepub fn set_tmp_dh(&mut self, dh: &DhRef<Params>) -> Result<(), ErrorStack>
pub fn set_tmp_dh(&mut self, dh: &DhRef<Params>) -> Result<(), ErrorStack>
Like SslContextBuilder::set_tmp_dh
.
This corresponds to SSL_set_tmp_dh
.
Sourcepub fn set_tmp_dh_callback<F>(&mut self, callback: F)
pub fn set_tmp_dh_callback<F>(&mut self, callback: F)
Like SslContextBuilder::set_tmp_dh_callback
.
This corresponds to SSL_set_tmp_dh_callback
.
Sourcepub fn set_tmp_ecdh(&mut self, key: &EcKeyRef<Params>) -> Result<(), ErrorStack>
pub fn set_tmp_ecdh(&mut self, key: &EcKeyRef<Params>) -> Result<(), ErrorStack>
Like SslContextBuilder::set_tmp_ecdh
.
This corresponds to SSL_set_tmp_ecdh
.
Sourcepub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack>
pub fn set_alpn_protos(&mut self, protocols: &[u8]) -> Result<(), ErrorStack>
Like SslContextBuilder::set_alpn_protos
.
Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
This corresponds to SSL_set_alpn_protos
.
Sourcepub fn current_cipher(&self) -> Option<&SslCipherRef>
pub fn current_cipher(&self) -> Option<&SslCipherRef>
Returns the current cipher if the session is active.
This corresponds to SSL_get_current_cipher
.
Sourcepub fn state_string(&self) -> &'static str
pub fn state_string(&self) -> &'static str
Returns a short string describing the state of the session.
This corresponds to SSL_state_string
.
Sourcepub fn state_string_long(&self) -> &'static str
pub fn state_string_long(&self) -> &'static str
Returns a longer string describing the state of the session.
This corresponds to SSL_state_string_long
.
Sourcepub fn set_hostname(&mut self, hostname: &str) -> Result<(), ErrorStack>
pub fn set_hostname(&mut self, hostname: &str) -> Result<(), ErrorStack>
Sets the host name to be sent to the server for Server Name Indication (SNI).
It has no effect for a server-side connection.
This corresponds to SSL_set_tlsext_host_name
.
Sourcepub fn peer_certificate(&self) -> Option<X509>
pub fn peer_certificate(&self) -> Option<X509>
Returns the peer’s certificate, if present.
This corresponds to SSL_get_peer_certificate
.
Sourcepub fn peer_cert_chain(&self) -> Option<&StackRef<X509>>
pub fn peer_cert_chain(&self) -> Option<&StackRef<X509>>
Returns the certificate chain of the peer, if present.
On the client side, the chain includes the leaf certificate, but on the server side it does not. Fun!
This corresponds to SSL_get_peer_cert_chain
.
Sourcepub fn verified_chain(&self) -> Option<&StackRef<X509>>
pub fn verified_chain(&self) -> Option<&StackRef<X509>>
Returns the verified certificate chain of the peer, including the leaf certificate.
If verification was not successful (i.e. verify_result
does not return
X509VerifyResult::OK
), this chain may be incomplete or invalid.
Requires OpenSSL 1.1.0 or newer.
This corresponds to SSL_get0_verified_chain
.
Sourcepub fn certificate(&self) -> Option<&X509Ref>
pub fn certificate(&self) -> Option<&X509Ref>
Like [SslContext::certificate
].
This corresponds to SSL_get_certificate
.
Sourcepub fn private_key(&self) -> Option<&PKeyRef<Private>>
pub fn private_key(&self) -> Option<&PKeyRef<Private>>
Like SslContext::private_key
.
This corresponds to SSL_get_privatekey
.
pub fn version(&self) -> &str
version_str
Sourcepub fn version2(&self) -> Option<SslVersion>
pub fn version2(&self) -> Option<SslVersion>
Returns the protocol version of the session.
This corresponds to SSL_version
.
Sourcepub fn version_str(&self) -> &'static str
pub fn version_str(&self) -> &'static str
Returns a string describing the protocol version of the session.
This corresponds to SSL_get_version
.
Sourcepub fn selected_alpn_protocol(&self) -> Option<&[u8]>
pub fn selected_alpn_protocol(&self) -> Option<&[u8]>
Returns the protocol selected via Application Layer Protocol Negotiation (ALPN).
The protocol’s name is returned is an opaque sequence of bytes. It is up to the client to interpret it.
Requires BoringSSL or OpenSSL 1.0.2 or LibreSSL 2.6.1 or newer.
This corresponds to SSL_get0_alpn_selected
.
Sourcepub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack>
pub fn set_tlsext_use_srtp(&mut self, protocols: &str) -> Result<(), ErrorStack>
Enables the DTLS extension “use_srtp” as defined in RFC5764.
This corresponds to SSL_set_tlsext_use_srtp
.
This corresponds to SSL_set_tlsext_use_srtp
.
Sourcepub fn srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>>
pub fn srtp_profiles(&self) -> Option<&StackRef<SrtpProtectionProfile>>
Gets all SRTP profiles that are enabled for handshake via set_tlsext_use_srtp
DTLS extension “use_srtp” as defined in RFC5764 has to be enabled.
This corresponds to SSL_get_srtp_profiles
.
This corresponds to SSL_get_srtp_profiles
.
Sourcepub fn selected_srtp_profile(&self) -> Option<&SrtpProtectionProfileRef>
pub fn selected_srtp_profile(&self) -> Option<&SrtpProtectionProfileRef>
Gets the SRTP profile selected by handshake.
DTLS extension “use_srtp” as defined in RFC5764 has to be enabled.
This corresponds to SSL_get_selected_srtp_profile
.
Sourcepub fn pending(&self) -> usize
pub fn pending(&self) -> usize
Returns the number of bytes remaining in the currently processed TLS record.
If this is greater than 0, the next call to read
will not call down to the underlying
stream.
This corresponds to SSL_pending
.
Sourcepub fn servername(&self, type_: NameType) -> Option<&str>
pub fn servername(&self, type_: NameType) -> Option<&str>
Returns the servername sent by the client via Server Name Indication (SNI).
It is only useful on the server side.
§Note
While the SNI specification requires that servernames be valid domain names (and therefore
ASCII), OpenSSL does not enforce this restriction. If the servername provided by the client
is not valid UTF-8, this function will return None
. The servername_raw
method returns
the raw bytes and does not have this restriction.
This corresponds to SSL_get_servername
.
Sourcepub fn servername_raw(&self, type_: NameType) -> Option<&[u8]>
pub fn servername_raw(&self, type_: NameType) -> Option<&[u8]>
Returns the servername sent by the client via Server Name Indication (SNI).
It is only useful on the server side.
§Note
Unlike servername
, this method does not require the name be valid UTF-8.
This corresponds to SSL_get_servername
.
Sourcepub fn set_ssl_context(&mut self, ctx: &SslContextRef) -> Result<(), ErrorStack>
pub fn set_ssl_context(&mut self, ctx: &SslContextRef) -> Result<(), ErrorStack>
Changes the context corresponding to the current connection.
It is most commonly used in the Server Name Indication (SNI) callback.
This corresponds to SSL_set_SSL_CTX
.
Sourcepub fn ssl_context(&self) -> &SslContextRef
pub fn ssl_context(&self) -> &SslContextRef
Returns the context corresponding to the current connection.
This corresponds to SSL_get_SSL_CTX
.
Sourcepub fn param_mut(&mut self) -> &mut X509VerifyParamRef
pub fn param_mut(&mut self) -> &mut X509VerifyParamRef
Returns a mutable reference to the X509 verification configuration.
Requires BoringSSL or OpenSSL 1.0.2 or newer.
This corresponds to SSL_get0_param
.
Sourcepub fn verify_result(&self) -> X509VerifyResult
pub fn verify_result(&self) -> X509VerifyResult
Returns the certificate verification result.
This corresponds to SSL_get_verify_result
.
Sourcepub fn session(&self) -> Option<&SslSessionRef>
pub fn session(&self) -> Option<&SslSessionRef>
Returns a shared reference to the SSL session.
This corresponds to SSL_get_session
.
Sourcepub fn client_random(&self, buf: &mut [u8]) -> usize
pub fn client_random(&self, buf: &mut [u8]) -> usize
Copies the client_random
value sent by the client in the TLS handshake into a buffer.
Returns the number of bytes copied, or if the buffer is empty, the size of the client_random
value.
Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer.
This corresponds to SSL_get_client_random
.
Sourcepub fn server_random(&self, buf: &mut [u8]) -> usize
pub fn server_random(&self, buf: &mut [u8]) -> usize
Copies the server_random
value sent by the server in the TLS handshake into a buffer.
Returns the number of bytes copied, or if the buffer is empty, the size of the server_random
value.
Requires OpenSSL 1.1.0 or LibreSSL 2.7.0 or newer.
This corresponds to SSL_get_server_random
.
Sourcepub fn export_keying_material(
&self,
out: &mut [u8],
label: &str,
context: Option<&[u8]>,
) -> Result<(), ErrorStack>
pub fn export_keying_material( &self, out: &mut [u8], label: &str, context: Option<&[u8]>, ) -> Result<(), ErrorStack>
Derives keying material for application use in accordance to RFC 5705.
This corresponds to SSL_export_keying_material
.
Sourcepub fn export_keying_material_early(
&self,
out: &mut [u8],
label: &str,
context: &[u8],
) -> Result<(), ErrorStack>
pub fn export_keying_material_early( &self, out: &mut [u8], label: &str, context: &[u8], ) -> Result<(), ErrorStack>
Derives keying material for application use in accordance to RFC 5705.
This function is only usable with TLSv1.3, wherein there is no distinction between an empty context and no
context. Therefore, unlike export_keying_material
, context
must always be supplied.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_export_keying_material_early
.
Sourcepub unsafe fn set_session(
&mut self,
session: &SslSessionRef,
) -> Result<(), ErrorStack>
pub unsafe fn set_session( &mut self, session: &SslSessionRef, ) -> Result<(), ErrorStack>
Sets the session to be used.
This should be called before the handshake to attempt to reuse a previously established session. If the server is not willing to reuse the session, a new one will be transparently negotiated.
§Safety
The caller of this method is responsible for ensuring that the session is associated
with the same SslContext
as this Ssl
.
This corresponds to SSL_set_session
.
Sourcepub fn session_reused(&self) -> bool
pub fn session_reused(&self) -> bool
Determines if the session provided to set_session
was successfully reused.
This corresponds to SSL_session_reused
.
Sourcepub fn set_status_type(&mut self, type_: StatusType) -> Result<(), ErrorStack>
pub fn set_status_type(&mut self, type_: StatusType) -> Result<(), ErrorStack>
Sets the status response a client wishes the server to reply with.
This corresponds to SSL_set_tlsext_status_type
.
Sourcepub fn extms_support(&self) -> Option<bool>
pub fn extms_support(&self) -> Option<bool>
Determines if current session used Extended Master Secret
Returns None
if the handshake is still in-progress.
This corresponds to SSL_get_extms_support
.
Sourcepub fn ocsp_status(&self) -> Option<&[u8]>
pub fn ocsp_status(&self) -> Option<&[u8]>
Returns the server’s OCSP response, if present.
This corresponds to SSL_get_tlsext_status_ocsp_resp
.
Sourcepub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack>
pub fn set_ocsp_status(&mut self, response: &[u8]) -> Result<(), ErrorStack>
Sets the OCSP response to be returned to the client.
This corresponds to SSL_set_tlsext_status_oscp_resp
.
Sourcepub fn is_server(&self) -> bool
pub fn is_server(&self) -> bool
Determines if this Ssl
is configured for server-side or client-side use.
This corresponds to SSL_is_server
.
Sourcepub fn set_ex_data<T>(&mut self, index: Index<Ssl, T>, data: T)
pub fn set_ex_data<T>(&mut self, index: Index<Ssl, T>, data: T)
Sets the extra data at the specified index.
This can be used to provide data to callbacks registered with the context. Use the
Ssl::new_ex_index
method to create an Index
.
This corresponds to SSL_set_ex_data
.
Sourcepub fn ex_data<T>(&self, index: Index<Ssl, T>) -> Option<&T>
pub fn ex_data<T>(&self, index: Index<Ssl, T>) -> Option<&T>
Returns a reference to the extra data at the specified index.
This corresponds to SSL_get_ex_data
.
Sourcepub fn ex_data_mut<T>(&mut self, index: Index<Ssl, T>) -> Option<&mut T>
pub fn ex_data_mut<T>(&mut self, index: Index<Ssl, T>) -> Option<&mut T>
Returns a mutable reference to the extra data at the specified index.
This corresponds to SSL_get_ex_data
.
Sourcepub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack>
pub fn set_max_early_data(&mut self, bytes: u32) -> Result<(), ErrorStack>
Sets the maximum amount of early data that will be accepted on this connection.
Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
This corresponds to SSL_set_max_early_data
.
Sourcepub fn max_early_data(&self) -> u32
pub fn max_early_data(&self) -> u32
Gets the maximum amount of early data that can be sent on this connection.
Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
This corresponds to SSL_get_max_early_data
.
Sourcepub fn finished(&self, buf: &mut [u8]) -> usize
pub fn finished(&self, buf: &mut [u8]) -> usize
Copies the contents of the last Finished message sent to the peer into the provided buffer.
The total size of the message is returned, so this can be used to determine the size of the buffer required.
This corresponds to SSL_get_finished
.
Sourcepub fn peer_finished(&self, buf: &mut [u8]) -> usize
pub fn peer_finished(&self, buf: &mut [u8]) -> usize
Copies the contents of the last Finished message received from the peer into the provided buffer.
The total size of the message is returned, so this can be used to determine the size of the buffer required.
This corresponds to SSL_get_peer_finished
.
Sourcepub fn is_init_finished(&self) -> bool
pub fn is_init_finished(&self) -> bool
Determines if the initial handshake has been completed.
This corresponds to SSL_is_init_finished
.
Sourcepub fn client_hello_isv2(&self) -> bool
pub fn client_hello_isv2(&self) -> bool
Determines if the client’s hello message is in the SSLv2 format.
This can only be used inside of the client hello callback. Otherwise, false
is returned.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_client_hello_isv2
.
Sourcepub fn client_hello_legacy_version(&self) -> Option<SslVersion>
pub fn client_hello_legacy_version(&self) -> Option<SslVersion>
Returns the legacy version field of the client’s hello message.
This can only be used inside of the client hello callback. Otherwise, None
is returned.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_client_hello_get0_legacy_version
.
Sourcepub fn client_hello_random(&self) -> Option<&[u8]>
pub fn client_hello_random(&self) -> Option<&[u8]>
Returns the random field of the client’s hello message.
This can only be used inside of the client hello callback. Otherwise, None
is returned.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_client_hello_get0_random
.
Sourcepub fn client_hello_session_id(&self) -> Option<&[u8]>
pub fn client_hello_session_id(&self) -> Option<&[u8]>
Returns the session ID field of the client’s hello message.
This can only be used inside of the client hello callback. Otherwise, None
is returned.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_client_hello_get0_session_id
.
Sourcepub fn client_hello_ciphers(&self) -> Option<&[u8]>
pub fn client_hello_ciphers(&self) -> Option<&[u8]>
Returns the ciphers field of the client’s hello message.
This can only be used inside of the client hello callback. Otherwise, None
is returned.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_client_hello_get0_ciphers
.
Sourcepub fn bytes_to_cipher_list(
&self,
bytes: &[u8],
isv2format: bool,
) -> Result<CipherLists, ErrorStack>
pub fn bytes_to_cipher_list( &self, bytes: &[u8], isv2format: bool, ) -> Result<CipherLists, ErrorStack>
Decodes a slice of wire-format cipher suite specification bytes. Unsupported cipher suites are ignored.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_bytes_to_cipher_list
.
Sourcepub fn client_hello_compression_methods(&self) -> Option<&[u8]>
pub fn client_hello_compression_methods(&self) -> Option<&[u8]>
Returns the compression methods field of the client’s hello message.
This can only be used inside of the client hello callback. Otherwise, None
is returned.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_client_hello_get0_compression_methods
.
Sourcepub fn set_mtu(&mut self, mtu: u32) -> Result<(), ErrorStack>
pub fn set_mtu(&mut self, mtu: u32) -> Result<(), ErrorStack>
Sets the MTU used for DTLS connections.
This corresponds to SSL_set_mtu
.
Sourcepub fn psk_identity_hint(&self) -> Option<&[u8]>
pub fn psk_identity_hint(&self) -> Option<&[u8]>
Returns the PSK identity hint used during connection setup.
May return None
if no PSK identity hint was used during the connection setup.
This corresponds to SSL_get_psk_identity_hint
.
Sourcepub fn psk_identity(&self) -> Option<&[u8]>
pub fn psk_identity(&self) -> Option<&[u8]>
Returns the PSK identity used during connection setup.
This corresponds to SSL_get_psk_identity
.
Sourcepub fn add_chain_cert(&mut self, chain: X509) -> Result<(), ErrorStack>
pub fn add_chain_cert(&mut self, chain: X509) -> Result<(), ErrorStack>
This corresponds to SSL_add0_chain_cert
.
Sourcepub fn set_method(&mut self, method: SslMethod) -> Result<(), ErrorStack>
pub fn set_method(&mut self, method: SslMethod) -> Result<(), ErrorStack>
Sets a new default TLS/SSL method for SSL objects
Sourcepub fn set_private_key_file<P: AsRef<Path>>(
&mut self,
path: P,
ssl_file_type: SslFiletype,
) -> Result<(), ErrorStack>
pub fn set_private_key_file<P: AsRef<Path>>( &mut self, path: P, ssl_file_type: SslFiletype, ) -> Result<(), ErrorStack>
Loads the private key from a file.
This corresponds to SSL_use_Private_Key_file
.
Sourcepub fn set_private_key(
&mut self,
pkey: &PKeyRef<Private>,
) -> Result<(), ErrorStack>
pub fn set_private_key( &mut self, pkey: &PKeyRef<Private>, ) -> Result<(), ErrorStack>
Sets the private key.
This corresponds to SSL_use_PrivateKey
.
Sourcepub fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack>
pub fn set_certificate(&mut self, cert: &X509Ref) -> Result<(), ErrorStack>
Sets the certificate
This corresponds to SSL_use_certificate
.
Sourcepub fn set_certificate_chain_file<P: AsRef<Path>>(
&mut self,
path: P,
) -> Result<(), ErrorStack>
pub fn set_certificate_chain_file<P: AsRef<Path>>( &mut self, path: P, ) -> Result<(), ErrorStack>
Loads a certificate chain from a file.
The file should contain a sequence of PEM-formatted certificates, the first being the leaf certificate, and the remainder forming the chain of certificates up to and including the trusted root certificate.
This corresponds to SSL_use_certificate_chain_file
.
Sourcepub fn add_client_ca(&mut self, cacert: &X509Ref) -> Result<(), ErrorStack>
pub fn add_client_ca(&mut self, cacert: &X509Ref) -> Result<(), ErrorStack>
Sets ca certificate that client trusted
This corresponds to SSL_add_client_CA
.
Sourcepub fn set_client_ca_list(&mut self, list: Stack<X509Name>)
pub fn set_client_ca_list(&mut self, list: Stack<X509Name>)
This corresponds to SSL_set_client_CA_list
.
Sourcepub fn set_min_proto_version(
&mut self,
version: Option<SslVersion>,
) -> Result<(), ErrorStack>
pub fn set_min_proto_version( &mut self, version: Option<SslVersion>, ) -> Result<(), ErrorStack>
Sets the minimum supported protocol version.
A value of None
will enable protocol versions down to the lowest version supported by
OpenSSL.
Requires BoringSSL or OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer.
This corresponds to SSL_set_min_proto_version
.
Sourcepub fn set_max_proto_version(
&mut self,
version: Option<SslVersion>,
) -> Result<(), ErrorStack>
pub fn set_max_proto_version( &mut self, version: Option<SslVersion>, ) -> Result<(), ErrorStack>
Sets the maximum supported protocol version.
A value of None
will enable protocol versions up to the highest version supported by
OpenSSL.
Requires BoringSSL or OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer.
This corresponds to SSL_set_max_proto_version
.
Sourcepub fn set_ciphersuites(&mut self, cipher_list: &str) -> Result<(), ErrorStack>
pub fn set_ciphersuites(&mut self, cipher_list: &str) -> Result<(), ErrorStack>
Sets the list of supported ciphers for the TLSv1.3 protocol.
The set_cipher_list
method controls the cipher suites for protocols before TLSv1.3.
The format consists of TLSv1.3 cipher suite names separated by :
characters in order of
preference.
Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.
This corresponds to SSL_set_ciphersuites
.
Sourcepub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack>
pub fn set_cipher_list(&mut self, cipher_list: &str) -> Result<(), ErrorStack>
Sets the list of supported ciphers for protocols before TLSv1.3.
The set_ciphersuites
method controls the cipher suites for TLSv1.3.
See ciphers
for details on the format.
This corresponds to SSL_set_cipher_list
.
Sourcepub fn set_verify_cert_store(
&mut self,
cert_store: X509Store,
) -> Result<(), ErrorStack>
pub fn set_verify_cert_store( &mut self, cert_store: X509Store, ) -> Result<(), ErrorStack>
Set the certificate store used for certificate verification
This corresponds to SSL_set_cert_store
.
Sourcepub fn set_num_tickets(&mut self, num_tickets: usize) -> Result<(), ErrorStack>
pub fn set_num_tickets(&mut self, num_tickets: usize) -> Result<(), ErrorStack>
Sets the number of TLS 1.3 session tickets that will be sent to a client after a full handshake.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_set_num_tickets
.
Sourcepub fn num_tickets(&self) -> usize
pub fn num_tickets(&self) -> usize
Gets the number of TLS 1.3 session tickets that will be sent to a client after a full handshake.
Requires OpenSSL 1.1.1 or newer.
This corresponds to SSL_get_num_tickets
.
Sourcepub fn set_security_level(&mut self, level: u32)
pub fn set_security_level(&mut self, level: u32)
Set the context’s security level to a value between 0 and 5, inclusive. A security value of 0 allows allows all parameters and algorithms.
Requires OpenSSL 1.1.0 or newer.
This corresponds to SSL_set_security_level
.
Sourcepub fn security_level(&self) -> u32
pub fn security_level(&self) -> u32
Get the connection’s security level, which controls the allowed parameters and algorithms.
Requires OpenSSL 1.1.0 or newer.
This corresponds to SSL_get_security_level
.
Sourcepub fn peer_tmp_key(&self) -> Result<PKey<Public>, ErrorStack>
pub fn peer_tmp_key(&self) -> Result<PKey<Public>, ErrorStack>
Get the temporary key provided by the peer that is used during key exchange.
This corresponds to SSL_get_peer_tmp_key
.
Sourcepub fn tmp_key(&self) -> Result<PKey<Private>, ErrorStack>
pub fn tmp_key(&self) -> Result<PKey<Private>, ErrorStack>
Returns the temporary key from the local end of the connection that is used during key exchange.
This corresponds to SSL_get_tmp_key
.