pub struct Tls12CipherSuite {
pub common: CipherSuiteCommon,
pub prf_provider: &'static dyn Prf,
pub kx: KeyExchangeAlgorithm,
pub sign: &'static [SignatureScheme],
pub aead_alg: &'static dyn Tls12AeadAlgorithm,
}
tls12
only.Expand description
A TLS 1.2 cipher suite supported by rustls.
Fields§
§common: CipherSuiteCommon
Common cipher suite fields.
prf_provider: &'static dyn Prf
How to compute the TLS1.2 PRF for the suite’s hash function.
If you have a TLS1.2 PRF implementation, you should directly implement the crypto::tls12::Prf
trait.
If not, you can implement the crypto::hmac::Hmac
trait (and associated), and then use
crypto::tls12::PrfUsingHmac
.
kx: KeyExchangeAlgorithm
How to exchange/agree keys.
In TLS1.2, the key exchange method (eg, Elliptic Curve Diffie-Hellman with Ephemeral keys – ECDHE) is baked into the cipher suite, but the details to achieve it are negotiated separately.
This controls how protocol messages (like the ClientKeyExchange
message) are interpreted
once this cipher suite has been negotiated.
sign: &'static [SignatureScheme]
How to sign messages for authentication.
This is a set of SignatureScheme
s that are usable once this cipher suite has been
negotiated.
The precise scheme used is then chosen from this set by the selected authentication key.
aead_alg: &'static dyn Tls12AeadAlgorithm
How to produce a MessageDecrypter
or MessageEncrypter
from raw key material.
Implementations§
Source§impl Tls12CipherSuite
impl Tls12CipherSuite
Sourcepub fn resolve_sig_schemes(
&self,
offered: &[SignatureScheme],
) -> Vec<SignatureScheme>
pub fn resolve_sig_schemes( &self, offered: &[SignatureScheme], ) -> Vec<SignatureScheme>
Resolve the set of supported SignatureScheme
s from the
offered signature schemes. If we return an empty
set, the handshake terminates.