Struct rustls::SupportedCipherSuite[][src]

pub struct SupportedCipherSuite {
    pub suite: CipherSuite,
    pub kx: KeyExchangeAlgorithm,
    pub bulk: BulkAlgorithm,
    pub hash: HashAlgorithm,
    pub sign: Option<&'static [SignatureScheme]>,
    pub enc_key_len: usize,
    pub fixed_iv_len: usize,
    pub explicit_nonce_len: usize,
    // some fields omitted
}
Expand description

A cipher suite supported by rustls.

All possible instances of this class are provided by the library in the ALL_CIPHERSUITES array.

Fields

suite: CipherSuite

The TLS enumeration naming this cipher suite.

kx: KeyExchangeAlgorithm

How to exchange/agree keys.

bulk: BulkAlgorithm

How to do bulk encryption.

hash: HashAlgorithm

How to do hashing.

sign: Option<&'static [SignatureScheme]>

How to sign messages for authentication.

This is not present for TLS1.3, because authentication is orthogonal to the ciphersuite concept there.

enc_key_len: usize

Encryption key length, for the bulk algorithm.

fixed_iv_len: usize

How long the fixed part of the ‘IV’ is.

This isn’t usually an IV, but we continue the terminology misuse to match the standard.

explicit_nonce_len: usize

This is a non-standard extension which extends the key block to provide an initial explicit nonce offset, in a deterministic and safe way. GCM needs this, chacha20poly1305 works this way by design.

Implementations

Which hash function to use with this suite.

We have parameters and a verified public key in kx_params. Generate an ephemeral key, generate the shared secret, and return it and the public half in a KeyExchangeResult.

Start the KX process with the given group. This generates the server’s share, but we don’t yet have the client’s share.

Resolve the set of supported SignatureSchemes from the offered SupportedSignatureSchemes. If we return an empty set, the handshake terminates.

Length of key block that needs to be output by the key derivation phase for this suite.

Return true if this suite is usable for TLS version.

Return true if this suite is usable for a key only offering sigalg signatures. This resolves to true for all TLS1.3 suites.

Can a session using suite self resume using suite new_suite?

Trait Implementations

Formats the value using the given formatter. Read more

This method tests for self and other values to be equal, and is used by ==. Read more

This method tests for !=.

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Performs the conversion.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.