Struct rustls::ServerConfig
[−]
[src]
pub struct ServerConfig { pub ciphersuites: Vec<&'static SupportedCipherSuite>, pub ignore_client_order: bool, pub session_storage: Mutex<Box<StoresServerSessions>>, pub cert_resolver: Box<ResolvesCert>, pub alpn_protocols: Vec<String>, pub client_auth_roots: RootCertStore, pub client_auth_offer: bool, pub client_auth_mandatory: bool, }
Common configuration for a set of server sessions.
Making one of these can be expensive, and should be once per process rather than once per connection.
Fields
ciphersuites: Vec<&'static SupportedCipherSuite>
List of ciphersuites, in preference order.
ignore_client_order: bool
Ignore the client's ciphersuite order. Instead, choose the top ciphersuite in the server list which is supported by the client.
session_storage: Mutex<Box<StoresServerSessions>>
How to store client sessions.
cert_resolver: Box<ResolvesCert>
How to choose a server cert and key.
alpn_protocols: Vec<String>
Protocol names we support, most preferred first. If empty we don't do ALPN at all.
client_auth_roots: RootCertStore
List of client authentication root certificates.
client_auth_offer: bool
Whether to attempt client auth.
client_auth_mandatory: bool
Whether to complete handshakes with clients which don't do client auth.
Methods
impl ServerConfig
[src]
fn new() -> ServerConfig
Make a ServerConfig
with a default set of ciphersuites,
no keys/certificates, no ALPN protocols, no client auth, and
no session persistence.
fn set_persistence(&mut self, persist: Box<StoresServerSessions + Send + Sync>)
Sets the session persistence layer to persist
.
fn set_single_cert(&mut self, cert_chain: Vec<Vec<u8>>, key_der: Vec<u8>)
Sets a single certificate chain and matching private key. This certificate and key is used for all subsequent connections, irrespective of things like SNI hostname.
cert_chain
is a vector of DER-encoded certificates.
key_der
is a DER-encoded RSA private key.
fn set_protocols(&mut self, protocols: &[String])
Set the ALPN protocol list to the given protocol names. Overwrites any existing configured protocols.
The first element in the protocols
list is the most
preferred, the last is the least preferred.
fn set_client_auth_roots(&mut self, certs: Vec<Vec<u8>>, mandatory: bool)
Enables client authentication. The server will ask for
and validate certificates to the given list of root
certs
. If mandatory
is true, the server will fail
to handshake with a client if it does not do client auth.