Struct rustls::SupportedCipherSuite
[−]
[src]
pub struct SupportedCipherSuite {
pub suite: CipherSuite,
pub kx: KeyExchangeAlgorithm,
pub bulk: BulkAlgorithm,
pub hash: HashAlgorithm,
pub sign: SignatureAlgorithm,
pub enc_key_len: usize,
pub fixed_iv_len: usize,
pub explicit_nonce_len: usize,
}A cipher suite supported by rustls.
All possible instances of this class are provided by the library in
the ALL_CIPHERSUITES array.
Fields
suite: CipherSuite
The TLS enumeration naming this cipher suite.
kx: KeyExchangeAlgorithm
bulk: BulkAlgorithm
hash: HashAlgorithm
sign: SignatureAlgorithm
enc_key_len: usize
fixed_iv_len: usize
explicit_nonce_len: usize
This is a non-standard extension which extends the key block to provide an initial explicit nonce offset, in a deterministic and safe way. GCM needs this, chacha20poly1305 works this way by design.
Methods
impl SupportedCipherSuite[src]
fn get_hash(&self) -> &'static Algorithm
fn do_client_kx(&self, kx_params: &[u8]) -> Option<KeyExchangeResult>
We have parameters and a verified public key in kx_params.
Generate an ephemeral key, generate the shared secret, and
return it and the public half in a KeyExchangeResult.
fn start_server_kx(&self, named_group: NamedGroup) -> Option<KeyExchange>
fn resolve_sig_scheme(&self,
offered: &[SignatureScheme])
-> Option<SignatureScheme>
offered: &[SignatureScheme])
-> Option<SignatureScheme>
Resolve a single supported SignatureScheme from the
offered SupportedSignatureSchemes. If we return None,
the handshake terminates.
fn get_aead_alg(&self) -> &'static Algorithm
fn key_block_len(&self) -> usize
fn usable_for_version(&self, version: ProtocolVersion) -> bool
Return true if this suite is usable for TLS version.
fn can_resume_to(&self, new_suite: &SupportedCipherSuite) -> bool
Can a session using suite self resume using suite new_suite?