Struct ClientHello 

pub struct ClientHello<'a> { /* private fields */ }

Available on crate feature tls only.

A struct representing the received Client Hello

Implementations

impl<'a> ClientHello<'a>

pub fn server_name(&self) -> Option<&str>

Get the server name indicator.

Returns None if the client did not supply a SNI.

pub fn signature_schemes(&self) -> &[SignatureScheme]

Get the compatible signature schemes.

Returns standard-specified default if the client omitted this extension.

pub fn alpn(&self) -> Option<impl Iterator<Item = &'a [u8]>>

Get the ALPN protocol identifiers submitted by the client.

Returns None if the client did not include an ALPN extension.

Application Layer Protocol Negotiation (ALPN) is a TLS extension that lets a client submit a set of identifiers that each a represent an application-layer protocol. The server will then pick its preferred protocol from the set submitted by the client. Each identifier is represented as a byte array, although common values are often ASCII-encoded. See the official RFC-7301 specifications at https://datatracker.ietf.org/doc/html/rfc7301 for more information on ALPN.

For example, a HTTP client might specify “http/1.1” and/or “h2”. Other well-known values are listed in the at IANA registry at https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids.

The server can specify supported ALPN protocols by setting ServerConfig::alpn_protocols. During the handshake, the server will select the first protocol configured that the client supports.

pub fn cipher_suites(&self) -> &[CipherSuite]

Get cipher suites.

pub fn server_cert_types(&self) -> Option<&'a [CertificateType]>

Get the server certificate types offered in the ClientHello.

Returns None if the client did not include a certificate type extension.

pub fn client_cert_types(&self) -> Option<&'a [CertificateType]>

Get the client certificate types offered in the ClientHello.

Returns None if the client did not include a certificate type extension.

pub fn certificate_authorities(&self) -> Option<&'a [DistinguishedName]>

Get the certificate_authorities extension sent by the client.

Returns None if the client did not send this extension.

pub fn named_groups(&self) -> Option<&'a [NamedGroup]>

Get the named_groups extension sent by the client.

This means different things in different versions of TLS:

Originally it was introduced as the “elliptic_curves” extension for TLS1.2. It described the elliptic curves supported by a client for all purposes: key exchange, signature verification (for server authentication), and signing (for client auth). Later RFC7919 extended this to include FFDHE “named groups”, but FFDHE groups in this context only relate to key exchange.

In TLS1.3 it was renamed to “named_groups” and now describes all types of key exchange mechanisms, and does not relate at all to elliptic curves used for signatures.

Trait Implementations

impl<'a> Debug for ClientHello<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.