Struct rustls::ServerConfig [] [src]

pub struct ServerConfig {
    pub ciphersuites: Vec<&'static SupportedCipherSuite>,
    pub ignore_client_order: bool,
    pub session_storage: Mutex<Box<StoresServerSessions + Send>>,
    pub ticketer: Box<ProducesTickets>,
    pub cert_resolver: Box<ResolvesServerCert>,
    pub alpn_protocols: Vec<String>,
    pub client_auth_roots: RootCertStore,
    pub client_auth_offer: bool,
    pub client_auth_mandatory: bool,
    pub versions: Vec<ProtocolVersion>,
}

Common configuration for a set of server sessions.

Making one of these can be expensive, and should be once per process rather than once per connection.

Fields

List of ciphersuites, in preference order.

Ignore the client's ciphersuite order. Instead, choose the top ciphersuite in the server list which is supported by the client.

How to store client sessions.

How to produce tickets.

How to choose a server cert and key.

Protocol names we support, most preferred first. If empty we don't do ALPN at all.

List of client authentication root certificates.

Whether to attempt client auth.

Whether to complete handshakes with clients which don't do client auth.

Supported protocol versions, in no particular order. The default is all supported versions.

Methods

impl ServerConfig
[src]

Make a ServerConfig with a default set of ciphersuites, no keys/certificates, no ALPN protocols, no client auth, and no session persistence.

Sets the session persistence layer to persist.

Sets a single certificate chain and matching private key. This certificate and key is used for all subsequent connections, irrespective of things like SNI hostname.

cert_chain is a vector of DER-encoded certificates. key_der is a DER-encoded RSA private key.

Set the ALPN protocol list to the given protocol names. Overwrites any existing configured protocols.

The first element in the protocols list is the most preferred, the last is the least preferred.

Enables client authentication. The server will ask for and validate certificates to the given list of root certs. If mandatory is true, the server will fail to handshake with a client if it does not do client auth.