pingora_openssl::ssl

Struct SslOptions

Source
pub struct SslOptions(/* private fields */);
Expand description

Options controlling the behavior of an SslContext.

Implementations§

Source§

impl SslOptions

Source

pub const DONT_INSERT_EMPTY_FRAGMENTS: SslOptions = _

Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers.

Source

pub const ALL: SslOptions = _

A “reasonable default” set of options which enables compatibility flags.

Source

pub const NO_QUERY_MTU: SslOptions = _

Do not query the MTU.

Only affects DTLS connections.

Source

pub const COOKIE_EXCHANGE: SslOptions = _

Enables Cookie Exchange as described in RFC 4347 Section 4.2.1.

Only affects DTLS connections.

Source

pub const NO_TICKET: SslOptions = _

Disables the use of session tickets for session resumption.

Source

pub const NO_SESSION_RESUMPTION_ON_RENEGOTIATION: SslOptions = _

Always start a new session when performing a renegotiation on the server side.

Source

pub const NO_COMPRESSION: SslOptions = _

Disables the use of TLS compression.

Source

pub const ALLOW_UNSAFE_LEGACY_RENEGOTIATION: SslOptions = _

Allow legacy insecure renegotiation with servers or clients that do not support secure renegotiation.

Source

pub const SINGLE_ECDH_USE: SslOptions = _

Creates a new key for each session when using ECDHE.

This is always enabled in OpenSSL 1.1.0.

Source

pub const SINGLE_DH_USE: SslOptions = _

Creates a new key for each session when using DHE.

This is always enabled in OpenSSL 1.1.0.

Source

pub const CIPHER_SERVER_PREFERENCE: SslOptions = _

Use the server’s preferences rather than the client’s when selecting a cipher.

This has no effect on the client side.

Source

pub const TLS_ROLLBACK_BUG: SslOptions = _

Disables version rollback attach detection.

Source

pub const NO_SSLV2: SslOptions = _

Disables the use of SSLv2.

Source

pub const NO_SSLV3: SslOptions = _

Disables the use of SSLv3.

Source

pub const NO_TLSV1: SslOptions = _

Disables the use of TLSv1.0.

Source

pub const NO_TLSV1_1: SslOptions = _

Disables the use of TLSv1.1.

Source

pub const NO_TLSV1_2: SslOptions = _

Disables the use of TLSv1.2.

Source

pub const NO_TLSV1_3: SslOptions = _

Disables the use of TLSv1.3.

Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.

Source

pub const NO_DTLSV1: SslOptions = _

Disables the use of DTLSv1.0

Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.

Source

pub const NO_DTLSV1_2: SslOptions = _

Disables the use of DTLSv1.2.

Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.

Source

pub const NO_SSL_MASK: SslOptions = _

Disables the use of all (D)TLS protocol versions.

This can be used as a mask when whitelisting protocol versions.

Requires OpenSSL 1.0.2 or newer.

§Examples

Only support TLSv1.2:

use openssl::ssl::SslOptions;

let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2;
Source

pub const NO_RENEGOTIATION: SslOptions = _

Disallow all renegotiation in TLSv1.2 and earlier.

Requires OpenSSL 1.1.0h or newer.

Source

pub const ENABLE_MIDDLEBOX_COMPAT: SslOptions = _

Enable TLSv1.3 Compatibility mode.

Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version may have this disabled by default.

Source

pub const PRIORITIZE_CHACHA: SslOptions = _

Prioritize ChaCha ciphers when preferred by clients.

Temporarily reprioritize ChaCha20-Poly1305 ciphers to the top of the server cipher list if a ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere in the server cipher list; but still allows other clients to use AES and other ciphers.

Requires enable SslOptions::CIPHER_SERVER_PREFERENCE. Requires OpenSSL 1.1.1 or newer.

Source§

impl SslOptions

Source

pub const fn empty() -> SslOptions

Get a flags value with all bits unset.

Source

pub const fn all() -> SslOptions

Get a flags value with all known bits set.

Source

pub const fn bits(&self) -> u64

Get the underlying bits value.

The returned value is exactly the bits set in this flags value.

Source

pub const fn from_bits(bits: u64) -> Option<SslOptions>

Convert from a bits value.

This method will return None if any unknown bits are set.

Source

pub const fn from_bits_truncate(bits: u64) -> SslOptions

Convert from a bits value, unsetting any unknown bits.

Source

pub const fn from_bits_retain(bits: u64) -> SslOptions

Convert from a bits value exactly.

Source

pub fn from_name(name: &str) -> Option<SslOptions>

Get a flags value with the bits of a flag with the given name set.

This method will return None if name is empty or doesn’t correspond to any named flag.

Source

pub const fn is_empty(&self) -> bool

Whether all bits in this flags value are unset.

Source

pub const fn is_all(&self) -> bool

Whether all known bits in this flags value are set.

Source

pub const fn intersects(&self, other: SslOptions) -> bool

Whether any set bits in a source flags value are also set in a target flags value.

Source

pub const fn contains(&self, other: SslOptions) -> bool

Whether all set bits in a source flags value are also set in a target flags value.

Source

pub fn insert(&mut self, other: SslOptions)

The bitwise or (|) of the bits in two flags values.

Source

pub fn remove(&mut self, other: SslOptions)

The intersection of a source flags value with the complement of a target flags value (&!).

This method is not equivalent to self & !other when other has unknown bits set. remove won’t truncate other, but the ! operator will.

Source

pub fn toggle(&mut self, other: SslOptions)

The bitwise exclusive-or (^) of the bits in two flags values.

Source

pub fn set(&mut self, other: SslOptions, value: bool)

Call insert when value is true or remove when value is false.

Source

pub const fn intersection(self, other: SslOptions) -> SslOptions

The bitwise and (&) of the bits in two flags values.

Source

pub const fn union(self, other: SslOptions) -> SslOptions

The bitwise or (|) of the bits in two flags values.

Source

pub const fn difference(self, other: SslOptions) -> SslOptions

The intersection of a source flags value with the complement of a target flags value (&!).

This method is not equivalent to self & !other when other has unknown bits set. difference won’t truncate other, but the ! operator will.

Source

pub const fn symmetric_difference(self, other: SslOptions) -> SslOptions

The bitwise exclusive-or (^) of the bits in two flags values.

Source

pub const fn complement(self) -> SslOptions

The bitwise negation (!) of the bits in a flags value, truncating the result.

Source§

impl SslOptions

Source

pub const fn iter(&self) -> Iter<SslOptions>

Yield a set of contained flags values.

Each yielded flags value will correspond to a defined named flag. Any unknown bits will be yielded together as a final flags value.

Source

pub const fn iter_names(&self) -> IterNames<SslOptions>

Yield a set of contained named flags values.

This method is like iter, except only yields bits in contained named flags. Any unknown bits, or bits not corresponding to a contained flag will not be yielded.

Trait Implementations§

Source§

impl Binary for SslOptions

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl BitAnd for SslOptions

Source§

fn bitand(self, other: SslOptions) -> SslOptions

The bitwise and (&) of the bits in two flags values.

Source§

type Output = SslOptions

The resulting type after applying the & operator.
Source§

impl BitAndAssign for SslOptions

Source§

fn bitand_assign(&mut self, other: SslOptions)

The bitwise and (&) of the bits in two flags values.

Source§

impl BitOr for SslOptions

Source§

fn bitor(self, other: SslOptions) -> SslOptions

The bitwise or (|) of the bits in two flags values.

Source§

type Output = SslOptions

The resulting type after applying the | operator.
Source§

impl BitOrAssign for SslOptions

Source§

fn bitor_assign(&mut self, other: SslOptions)

The bitwise or (|) of the bits in two flags values.

Source§

impl BitXor for SslOptions

Source§

fn bitxor(self, other: SslOptions) -> SslOptions

The bitwise exclusive-or (^) of the bits in two flags values.

Source§

type Output = SslOptions

The resulting type after applying the ^ operator.
Source§

impl BitXorAssign for SslOptions

Source§

fn bitxor_assign(&mut self, other: SslOptions)

The bitwise exclusive-or (^) of the bits in two flags values.

Source§

impl Clone for SslOptions

Source§

fn clone(&self) -> SslOptions

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for SslOptions

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Extend<SslOptions> for SslOptions

Source§

fn extend<T>(&mut self, iterator: T)
where T: IntoIterator<Item = SslOptions>,

The bitwise or (|) of the bits in each flags value.

Source§

fn extend_one(&mut self, item: A)

🔬This is a nightly-only experimental API. (extend_one)
Extends a collection with exactly one element.
Source§

fn extend_reserve(&mut self, additional: usize)

🔬This is a nightly-only experimental API. (extend_one)
Reserves capacity in a collection for the given number of additional elements. Read more
Source§

impl Flags for SslOptions

Source§

const FLAGS: &'static [Flag<SslOptions>] = _

The set of defined flags.
Source§

type Bits = u64

The underlying bits type.
Source§

fn bits(&self) -> u64

Get the underlying bits value. Read more
Source§

fn from_bits_retain(bits: u64) -> SslOptions

Convert from a bits value exactly.
Source§

fn empty() -> Self

Get a flags value with all bits unset.
Source§

fn all() -> Self

Get a flags value with all known bits set.
Source§

fn from_bits(bits: Self::Bits) -> Option<Self>

Convert from a bits value. Read more
Source§

fn from_bits_truncate(bits: Self::Bits) -> Self

Convert from a bits value, unsetting any unknown bits.
Source§

fn from_name(name: &str) -> Option<Self>

Get a flags value with the bits of a flag with the given name set. Read more
Source§

fn iter(&self) -> Iter<Self>

Yield a set of contained flags values. Read more
Source§

fn iter_names(&self) -> IterNames<Self>

Yield a set of contained named flags values. Read more
Source§

fn is_empty(&self) -> bool

Whether all bits in this flags value are unset.
Source§

fn is_all(&self) -> bool

Whether all known bits in this flags value are set.
Source§

fn intersects(&self, other: Self) -> bool
where Self: Sized,

Whether any set bits in a source flags value are also set in a target flags value.
Source§

fn contains(&self, other: Self) -> bool
where Self: Sized,

Whether all set bits in a source flags value are also set in a target flags value.
Source§

fn insert(&mut self, other: Self)
where Self: Sized,

The bitwise or (|) of the bits in two flags values.
Source§

fn remove(&mut self, other: Self)
where Self: Sized,

The intersection of a source flags value with the complement of a target flags value (&!). Read more
Source§

fn toggle(&mut self, other: Self)
where Self: Sized,

The bitwise exclusive-or (^) of the bits in two flags values.
Source§

fn set(&mut self, other: Self, value: bool)
where Self: Sized,

Call Flags::insert when value is true or Flags::remove when value is false.
Source§

fn intersection(self, other: Self) -> Self

The bitwise and (&) of the bits in two flags values.
Source§

fn union(self, other: Self) -> Self

The bitwise or (|) of the bits in two flags values.
Source§

fn difference(self, other: Self) -> Self

The intersection of a source flags value with the complement of a target flags value (&!). Read more
Source§

fn symmetric_difference(self, other: Self) -> Self

The bitwise exclusive-or (^) of the bits in two flags values.
Source§

fn complement(self) -> Self

The bitwise negation (!) of the bits in a flags value, truncating the result.
Source§

impl FromIterator<SslOptions> for SslOptions

Source§

fn from_iter<T>(iterator: T) -> SslOptions
where T: IntoIterator<Item = SslOptions>,

The bitwise or (|) of the bits in each flags value.

Source§

impl Hash for SslOptions

Source§

fn hash<__H>(&self, state: &mut __H)
where __H: Hasher,

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl IntoIterator for SslOptions

Source§

type Item = SslOptions

The type of the elements being iterated over.
Source§

type IntoIter = Iter<SslOptions>

Which kind of iterator are we turning this into?
Source§

fn into_iter(self) -> <SslOptions as IntoIterator>::IntoIter

Creates an iterator from a value. Read more
Source§

impl LowerHex for SslOptions

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Not for SslOptions

Source§

fn not(self) -> SslOptions

The bitwise negation (!) of the bits in a flags value, truncating the result.

Source§

type Output = SslOptions

The resulting type after applying the ! operator.
Source§

impl Octal for SslOptions

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Ord for SslOptions

Source§

fn cmp(&self, other: &SslOptions) -> Ordering

This method returns an Ordering between self and other. Read more
1.21.0 · Source§

fn max(self, other: Self) -> Self
where Self: Sized,

Compares and returns the maximum of two values. Read more
1.21.0 · Source§

fn min(self, other: Self) -> Self
where Self: Sized,

Compares and returns the minimum of two values. Read more
1.50.0 · Source§

fn clamp(self, min: Self, max: Self) -> Self
where Self: Sized,

Restrict a value to a certain interval. Read more
Source§

impl PartialEq for SslOptions

Source§

fn eq(&self, other: &SslOptions) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl PartialOrd for SslOptions

Source§

fn partial_cmp(&self, other: &SslOptions) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl Sub for SslOptions

Source§

fn sub(self, other: SslOptions) -> SslOptions

The intersection of a source flags value with the complement of a target flags value (&!).

This method is not equivalent to self & !other when other has unknown bits set. difference won’t truncate other, but the ! operator will.

Source§

type Output = SslOptions

The resulting type after applying the - operator.
Source§

impl SubAssign for SslOptions

Source§

fn sub_assign(&mut self, other: SslOptions)

The intersection of a source flags value with the complement of a target flags value (&!).

This method is not equivalent to self & !other when other has unknown bits set. difference won’t truncate other, but the ! operator will.

Source§

impl UpperHex for SslOptions

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Copy for SslOptions

Source§

impl Eq for SslOptions

Source§

impl StructuralPartialEq for SslOptions

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.