Struct rustls::ServerConfig[][src]

pub struct ServerConfig {
    pub ciphersuites: Vec<&'static SupportedCipherSuite>,
    pub ignore_client_order: bool,
    pub mtu: Option<usize>,
    pub session_storage: Arc<dyn StoresServerSessions + Send + Sync>,
    pub ticketer: Arc<dyn ProducesTickets>,
    pub cert_resolver: Arc<dyn ResolvesServerCert>,
    pub alpn_protocols: Vec<Vec<u8>>,
    pub versions: Vec<ProtocolVersion>,
    pub key_log: Arc<dyn KeyLog>,
    // some fields omitted
}
Expand description

Common configuration for a set of server sessions.

Making one of these can be expensive, and should be once per process rather than once per connection.

Fields

ciphersuites: Vec<&'static SupportedCipherSuite>

List of ciphersuites, in preference order.

ignore_client_order: bool

Ignore the client’s ciphersuite order. Instead, choose the top ciphersuite in the server list which is supported by the client.

mtu: Option<usize>

Our MTU. If None, we don’t limit TLS message sizes.

session_storage: Arc<dyn StoresServerSessions + Send + Sync>

How to store client sessions.

ticketer: Arc<dyn ProducesTickets>

How to produce tickets.

cert_resolver: Arc<dyn ResolvesServerCert>

How to choose a server cert and key.

alpn_protocols: Vec<Vec<u8>>

Protocol names we support, most preferred first. If empty we don’t do ALPN at all.

versions: Vec<ProtocolVersion>

Supported protocol versions, in no particular order. The default is all supported versions.

key_log: Arc<dyn KeyLog>

How to output key material for debugging. The default does nothing.

Implementations

impl ServerConfig[src]

pub fn new(client_cert_verifier: Arc<dyn ClientCertVerifier>) -> ServerConfig[src]

Make a ServerConfig with a default set of ciphersuites, no keys/certificates, and no ALPN protocols. Session resumption is enabled by storing up to 256 recent sessions in memory. Tickets are disabled.

Publicly-available web servers on the internet generally don’t do client authentication; for this use case, client_cert_verifier should be a NoClientAuth. Otherwise, use AllowAnyAuthenticatedClient or another implementation to enforce client authentication.

We don’t provide a default for client_cert_verifier because the safest default, requiring client authentication, requires additional configuration that we cannot provide reasonable defaults for.

pub fn set_persistence(
    &mut self,
    persist: Arc<dyn StoresServerSessions + Send + Sync>
)[src]

Sets the session persistence layer to persist.

pub fn set_single_cert(
    &mut self,
    cert_chain: Vec<Certificate>,
    key_der: PrivateKey
) -> Result<(), TLSError>[src]

Sets a single certificate chain and matching private key. This certificate and key is used for all subsequent connections, irrespective of things like SNI hostname.

Note that the end-entity certificate must have the Subject Alternative Name extension to describe, e.g., the valid DNS name. The commonName field is disregarded.

cert_chain is a vector of DER-encoded certificates. key_der is a DER-encoded RSA or ECDSA private key.

This function fails if key_der is invalid.

pub fn set_single_cert_with_ocsp_and_sct(
    &mut self,
    cert_chain: Vec<Certificate>,
    key_der: PrivateKey,
    ocsp: Vec<u8>,
    scts: Vec<u8>
) -> Result<(), TLSError>[src]

Sets a single certificate chain, matching private key and OCSP response. This certificate and key is used for all subsequent connections, irrespective of things like SNI hostname.

cert_chain is a vector of DER-encoded certificates. key_der is a DER-encoded RSA or ECDSA private key. ocsp is a DER-encoded OCSP response. Ignored if zero length. scts is an SignedCertificateTimestampList encoding (see RFC6962) and is ignored if empty.

This function fails if key_der is invalid.

pub fn set_protocols(&mut self, protocols: &[Vec<u8>])[src]

Set the ALPN protocol list to the given protocol names. Overwrites any existing configured protocols.

The first element in the protocols list is the most preferred, the last is the least preferred.

Trait Implementations

impl Clone for ServerConfig[src]

fn clone(&self) -> ServerConfig[src]

Returns a copy of the value. Read more

fn clone_from(&mut self, source: &Self)1.0.0[src]

Performs copy-assignment from source. Read more

Auto Trait Implementations

impl !RefUnwindSafe for ServerConfig

impl Send for ServerConfig

impl Sync for ServerConfig

impl Unpin for ServerConfig

impl !UnwindSafe for ServerConfig

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src]

pub fn type_id(&self) -> TypeId[src]

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T where
    T: ?Sized[src]

pub fn borrow(&self) -> &T[src]

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

pub fn borrow_mut(&mut self) -> &mut T[src]

Mutably borrows from an owned value. Read more

impl<T> From<T> for T[src]

pub fn from(t: T) -> T[src]

Performs the conversion.

impl<T, U> Into<U> for T where
    U: From<T>, [src]

pub fn into(self) -> U[src]

Performs the conversion.

impl<T> ToOwned for T where
    T: Clone[src]

type Owned = T

The resulting type after obtaining ownership.

pub fn to_owned(&self) -> T[src]

Creates owned data from borrowed data, usually by cloning. Read more

pub fn clone_into(&self, target: &mut T)[src]

🔬 This is a nightly-only experimental API. (toowned_clone_into)

recently added

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

pub fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]

Performs the conversion.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

pub fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>[src]

Performs the conversion.