Struct rustls_extra::CommonTlsPostHandshakeInformation

pub struct CommonTlsPostHandshakeInformation<'tls_session> {
    pub negotiated_protocol_version: ProtocolVersion,
    pub negotiated_cipher_suite: &'static SupportedCipherSuite,
    pub agreed_application_layer_protocol_negotiation_protocol: Option<&'tls_session [u8]>,
    pub peer_certificates: Vec<Certificate>,
}

TLS information available after successful handshaking that is common to both clients and servers.

Fields

negotiated_protocol_version: ProtocolVersion

Negotiated protocol version.

negotiated_cipher_suite: &'static SupportedCipherSuite

Negotiated cipher suite.

agreed_application_layer_protocol_negotiation_protocol: Option<&'tls_session [u8]>

Agreed application layer protocol negotation (ALPN) protocol.

None if no protocol was agreed or no protocol was supplied.

peer_certificates: Vec<Certificate>

Peer certificates.

Methods

impl<'tls_session> CommonTlsPostHandshakeInformation<'tls_session>

pub fn from_tls_session(
    tls_session: &'tls_session impl Session
) -> Self

Creates from a TLS session.

pub fn calculate_tls_server_end_point_channel_binding_certificate_hash(
    &self
) -> Vec<u8>

RFC defines 5929 three channel bindings: tls-unique, tls-server-end-point and tls-unique-for-telnet.

These are officially not defined for TLS 1.3 (RFC 8446).

It is actually impossible to calculate tls-unique for TLS 1.3. tls-unique-for-telnet should be considered dead.

Thus only tls-server-end-point is potentially usable. Additionally, it is supported by common database products, including Postgres and MongoDb, with the SCRAM-SHA-256-PLUS SASL authentication mechanism.

Trait Implementations

impl<'tls_session> Debug for CommonTlsPostHandshakeInformation<'tls_session>

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.