Struct pingora_openssl::ssl::SslOptions

source · 
pub struct SslOptions(/* private fields */);
Expand description

Options controlling the behavior of an SslContext.

Implementations§

source§

impl SslOptions

source

pub const DONT_INSERT_EMPTY_FRAGMENTS: SslOptions = _

Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers.

source

pub const ALL: SslOptions = _

A “reasonable default” set of options which enables compatibility flags.

source

pub const NO_QUERY_MTU: SslOptions = _

Do not query the MTU.

Only affects DTLS connections.

source

pub const COOKIE_EXCHANGE: SslOptions = _

Enables Cookie Exchange as described in RFC 4347 Section 4.2.1.

Only affects DTLS connections.

source

pub const NO_TICKET: SslOptions = _

Disables the use of session tickets for session resumption.

source

pub const NO_SESSION_RESUMPTION_ON_RENEGOTIATION: SslOptions = _

Always start a new session when performing a renegotiation on the server side.

source

pub const NO_COMPRESSION: SslOptions = _

Disables the use of TLS compression.

source

pub const ALLOW_UNSAFE_LEGACY_RENEGOTIATION: SslOptions = _

Allow legacy insecure renegotiation with servers or clients that do not support secure renegotiation.

source

pub const SINGLE_ECDH_USE: SslOptions = _

Creates a new key for each session when using ECDHE.

This is always enabled in OpenSSL 1.1.0.

source

pub const SINGLE_DH_USE: SslOptions = _

Creates a new key for each session when using DHE.

This is always enabled in OpenSSL 1.1.0.

source

pub const CIPHER_SERVER_PREFERENCE: SslOptions = _

Use the server’s preferences rather than the client’s when selecting a cipher.

This has no effect on the client side.

source

pub const TLS_ROLLBACK_BUG: SslOptions = _

Disables version rollback attach detection.

source

pub const NO_SSLV2: SslOptions = _

Disables the use of SSLv2.

source

pub const NO_SSLV3: SslOptions = _

Disables the use of SSLv3.

source

pub const NO_TLSV1: SslOptions = _

Disables the use of TLSv1.0.

source

pub const NO_TLSV1_1: SslOptions = _

Disables the use of TLSv1.1.

source

pub const NO_TLSV1_2: SslOptions = _

Disables the use of TLSv1.2.

source

pub const NO_TLSV1_3: SslOptions = _

Disables the use of TLSv1.3.

Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.

source

pub const NO_DTLSV1: SslOptions = _

Disables the use of DTLSv1.0

Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.

source

pub const NO_DTLSV1_2: SslOptions = _

Disables the use of DTLSv1.2.

Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.

source

pub const NO_SSL_MASK: SslOptions = _

Disables the use of all (D)TLS protocol versions.

This can be used as a mask when whitelisting protocol versions.

Requires OpenSSL 1.0.2 or newer.

§Examples

Only support TLSv1.2:

use openssl::ssl::SslOptions;

let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2;
source

pub const NO_RENEGOTIATION: SslOptions = _

Disallow all renegotiation in TLSv1.2 and earlier.

Requires OpenSSL 1.1.0h or newer.

source

pub const ENABLE_MIDDLEBOX_COMPAT: SslOptions = _

Enable TLSv1.3 Compatibility mode.

Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version may have this disabled by default.

source

pub const PRIORITIZE_CHACHA: SslOptions = _

Prioritize ChaCha ciphers when preferred by clients.

Temporarily reprioritize ChaCha20-Poly1305 ciphers to the top of the server cipher list if a ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere in the server cipher list; but still allows other clients to use AES and other ciphers.

Requires enable SslOptions::CIPHER_SERVER_PREFERENCE. Requires OpenSSL 1.1.1 or newer.

source§

impl SslOptions

source

pub const fn empty() -> SslOptions

Get a flags value with all bits unset.

source

pub const fn all() -> SslOptions

Get a flags value with all known bits set.

source

pub const fn bits(&self) -> u64

Get the underlying bits value.

The returned value is exactly the bits set in this flags value.

source

pub const fn from_bits(bits: u64) -> Option<SslOptions>

Convert from a bits value.

This method will return None if any unknown bits are set.

source

pub const fn from_bits_truncate(bits: u64) -> SslOptions

Convert from a bits value, unsetting any unknown bits.

source

pub const fn from_bits_retain(bits: u64) -> SslOptions

Convert from a bits value exactly.

source

pub fn from_name(name: &str) -> Option<SslOptions>

Get a flags value with the bits of a flag with the given name set.

This method will return None if name is empty or doesn’t correspond to any named flag.

source

pub const fn is_empty(&self) -> bool

Whether all bits in this flags value are unset.

source

pub const fn is_all(&self) -> bool

Whether all known bits in this flags value are set.

source

pub const fn intersects(&self, other: SslOptions) -> bool

Whether any set bits in a source flags value are also set in a target flags value.

source

pub const fn contains(&self, other: SslOptions) -> bool

Whether all set bits in a source flags value are also set in a target flags value.

source

pub fn insert(&mut self, other: SslOptions)

The bitwise or (|) of the bits in two flags values.

source

pub fn remove(&mut self, other: SslOptions)

The intersection of a source flags value with the complement of a target flags value (&!).

This method is not equivalent to self & !other when other has unknown bits set. remove won’t truncate other, but the ! operator will.

source

pub fn toggle(&mut self, other: SslOptions)

The bitwise exclusive-or (^) of the bits in two flags values.

source

pub fn set(&mut self, other: SslOptions, value: bool)

Call insert when value is true or remove when value is false.

source

pub const fn intersection(self, other: SslOptions) -> SslOptions

The bitwise and (&) of the bits in two flags values.

source

pub const fn union(self, other: SslOptions) -> SslOptions

The bitwise or (|) of the bits in two flags values.

source

pub const fn difference(self, other: SslOptions) -> SslOptions

The intersection of a source flags value with the complement of a target flags value (&!).

This method is not equivalent to self & !other when other has unknown bits set. difference won’t truncate other, but the ! operator will.

source

pub const fn symmetric_difference(self, other: SslOptions) -> SslOptions

The bitwise exclusive-or (^) of the bits in two flags values.

source

pub const fn complement(self) -> SslOptions

The bitwise negation (!) of the bits in a flags value, truncating the result.

source§

impl SslOptions

source

pub const fn iter(&self) -> Iter<SslOptions>

Yield a set of contained flags values.

Each yielded flags value will correspond to a defined named flag. Any unknown bits will be yielded together as a final flags value.

source

pub const fn iter_names(&self) -> IterNames<SslOptions>

Yield a set of contained named flags values.

This method is like iter, except only yields bits in contained named flags. Any unknown bits, or bits not corresponding to a contained flag will not be yielded.

Trait Implementations§

source§

impl Binary for SslOptions

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.
source§

impl BitAnd for SslOptions

source§

fn bitand(self, other: SslOptions) -> SslOptions

The bitwise and (&) of the bits in two flags values.

§

type Output = SslOptions

The resulting type after applying the & operator.
source§

impl BitAndAssign for SslOptions

source§

fn bitand_assign(&mut self, other: SslOptions)

The bitwise and (&) of the bits in two flags values.

source§

impl BitOr for SslOptions

source§

fn bitor(self, other: SslOptions) -> SslOptions

The bitwise or (|) of the bits in two flags values.

§

type Output = SslOptions

The resulting type after applying the | operator.
source§

impl BitOrAssign for SslOptions

source§

fn bitor_assign(&mut self, other: SslOptions)

The bitwise or (|) of the bits in two flags values.

source§

impl BitXor for SslOptions

source§

fn bitxor(self, other: SslOptions) -> SslOptions

The bitwise exclusive-or (^) of the bits in two flags values.

§

type Output = SslOptions

The resulting type after applying the ^ operator.
source§

impl BitXorAssign for SslOptions

source§

fn bitxor_assign(&mut self, other: SslOptions)

The bitwise exclusive-or (^) of the bits in two flags values.

source§

impl Clone for SslOptions

source§

fn clone(&self) -> SslOptions

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for SslOptions

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
source§

impl Extend<SslOptions> for SslOptions

source§

fn extend<T>(&mut self, iterator: T)
where T: IntoIterator<Item = SslOptions>,

The bitwise or (|) of the bits in each flags value.

source§

fn extend_one(&mut self, item: A)

🔬This is a nightly-only experimental API. (extend_one)
Extends a collection with exactly one element.
source§

fn extend_reserve(&mut self, additional: usize)

🔬This is a nightly-only experimental API. (extend_one)
Reserves capacity in a collection for the given number of additional elements. Read more
source§

impl Flags for SslOptions

source§

const FLAGS: &'static [Flag<SslOptions>] = _

The set of defined flags.
§

type Bits = u64

The underlying bits type.
source§

fn bits(&self) -> u64

Get the underlying bits value. Read more
source§

fn from_bits_retain(bits: u64) -> SslOptions

Convert from a bits value exactly.
§

fn empty() -> Self

Get a flags value with all bits unset.
§

fn all() -> Self

Get a flags value with all known bits set.
§

fn from_bits(bits: Self::Bits) -> Option<Self>

Convert from a bits value. Read more
§

fn from_bits_truncate(bits: Self::Bits) -> Self

Convert from a bits value, unsetting any unknown bits.
§

fn from_name(name: &str) -> Option<Self>

Get a flags value with the bits of a flag with the given name set. Read more
§

fn iter(&self) -> Iter<Self>

Yield a set of contained flags values. Read more
§

fn iter_names(&self) -> IterNames<Self>

Yield a set of contained named flags values. Read more
§

fn is_empty(&self) -> bool

Whether all bits in this flags value are unset.
§

fn is_all(&self) -> bool

Whether all known bits in this flags value are set.
§

fn intersects(&self, other: Self) -> bool
where Self: Sized,

Whether any set bits in a source flags value are also set in a target flags value.
§

fn contains(&self, other: Self) -> bool
where Self: Sized,

Whether all set bits in a source flags value are also set in a target flags value.
§

fn insert(&mut self, other: Self)
where Self: Sized,

The bitwise or (|) of the bits in two flags values.
§

fn remove(&mut self, other: Self)
where Self: Sized,

The intersection of a source flags value with the complement of a target flags value (&!). Read more
§

fn toggle(&mut self, other: Self)
where Self: Sized,

The bitwise exclusive-or (^) of the bits in two flags values.
§

fn set(&mut self, other: Self, value: bool)
where Self: Sized,

Call [Flags::insert] when value is true or [Flags::remove] when value is false.
§

fn intersection(self, other: Self) -> Self

The bitwise and (&) of the bits in two flags values.
§

fn union(self, other: Self) -> Self

The bitwise or (|) of the bits in two flags values.
§

fn difference(self, other: Self) -> Self

The intersection of a source flags value with the complement of a target flags value (&!). Read more
§

fn symmetric_difference(self, other: Self) -> Self

The bitwise exclusive-or (^) of the bits in two flags values.
§

fn complement(self) -> Self

The bitwise negation (!) of the bits in a flags value, truncating the result.
source§

impl FromIterator<SslOptions> for SslOptions

source§

fn from_iter<T>(iterator: T) -> SslOptions
where T: IntoIterator<Item = SslOptions>,

The bitwise or (|) of the bits in each flags value.

source§

impl Hash for SslOptions

source§

fn hash<__H>(&self, state: &mut __H)
where __H: Hasher,

Feeds this value into the given Hasher. Read more
1.3.0 · source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
source§

impl IntoIterator for SslOptions

§

type Item = SslOptions

The type of the elements being iterated over.
§

type IntoIter = Iter<SslOptions>

Which kind of iterator are we turning this into?
source§

fn into_iter(self) -> <SslOptions as IntoIterator>::IntoIter

Creates an iterator from a value. Read more
source§

impl LowerHex for SslOptions

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.
source§

impl Not for SslOptions

source§

fn not(self) -> SslOptions

The bitwise negation (!) of the bits in a flags value, truncating the result.

§

type Output = SslOptions

The resulting type after applying the ! operator.
source§

impl Octal for SslOptions

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.
source§

impl Ord for SslOptions

source§

fn cmp(&self, other: &SslOptions) -> Ordering

This method returns an Ordering between self and other. Read more
1.21.0 · source§

fn max(self, other: Self) -> Self
where Self: Sized,

Compares and returns the maximum of two values. Read more
1.21.0 · source§

fn min(self, other: Self) -> Self
where Self: Sized,

Compares and returns the minimum of two values. Read more
1.50.0 · source§

fn clamp(self, min: Self, max: Self) -> Self
where Self: Sized + PartialOrd,

Restrict a value to a certain interval. Read more
source§

impl PartialEq for SslOptions

source§

fn eq(&self, other: &SslOptions) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
source§

impl PartialOrd for SslOptions

source§

fn partial_cmp(&self, other: &SslOptions) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · source§

fn lt(&self, other: &Rhs) -> bool

This method tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · source§

fn le(&self, other: &Rhs) -> bool

This method tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · source§

fn gt(&self, other: &Rhs) -> bool

This method tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · source§

fn ge(&self, other: &Rhs) -> bool

This method tests greater than or equal to (for self and other) and is used by the >= operator. Read more
source§

impl Sub for SslOptions

source§

fn sub(self, other: SslOptions) -> SslOptions

The intersection of a source flags value with the complement of a target flags value (&!).

This method is not equivalent to self & !other when other has unknown bits set. difference won’t truncate other, but the ! operator will.

§

type Output = SslOptions

The resulting type after applying the - operator.
source§

impl SubAssign for SslOptions

source§

fn sub_assign(&mut self, other: SslOptions)

The intersection of a source flags value with the complement of a target flags value (&!).

This method is not equivalent to self & !other when other has unknown bits set. difference won’t truncate other, but the ! operator will.

source§

impl UpperHex for SslOptions

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.
source§

impl Copy for SslOptions

source§

impl Eq for SslOptions

source§

impl StructuralPartialEq for SslOptions

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.