Struct openssl::ssl::SslOptions

pub struct SslOptions { /* private fields */ }

Options controlling the behavior of an SslContext.

Implementations

impl SslOptions

pub const DONT_INSERT_EMPTY_FRAGMENTS: Self = _

Disables a countermeasure against an SSLv3/TLSv1.0 vulnerability affecting CBC ciphers.

pub const ALL: Self = _

A “reasonable default” set of options which enables compatibility flags.

pub const NO_QUERY_MTU: Self = _

Do not query the MTU.

Only affects DTLS connections.

pub const COOKIE_EXCHANGE: Self = _

Enables Cookie Exchange as described in RFC 4347 Section 4.2.1.

Only affects DTLS connections.

pub const NO_TICKET: Self = _

Disables the use of session tickets for session resumption.

pub const NO_SESSION_RESUMPTION_ON_RENEGOTIATION: Self = _

Always start a new session when performing a renegotiation on the server side.

pub const NO_COMPRESSION: Self = _

Disables the use of TLS compression.

pub const ALLOW_UNSAFE_LEGACY_RENEGOTIATION: Self = _

Allow legacy insecure renegotiation with servers or clients that do not support secure renegotiation.

pub const SINGLE_ECDH_USE: Self = _

Creates a new key for each session when using ECDHE.

This is always enabled in OpenSSL 1.1.0.

pub const SINGLE_DH_USE: Self = _

Creates a new key for each session when using DHE.

This is always enabled in OpenSSL 1.1.0.

pub const CIPHER_SERVER_PREFERENCE: Self = _

Use the server’s preferences rather than the client’s when selecting a cipher.

This has no effect on the client side.

pub const TLS_ROLLBACK_BUG: Self = _

Disables version rollback attach detection.

pub const NO_SSLV2: Self = _

Disables the use of SSLv2.

pub const NO_SSLV3: Self = _

Disables the use of SSLv3.

pub const NO_TLSV1: Self = _

Disables the use of TLSv1.0.

pub const NO_TLSV1_1: Self = _

Disables the use of TLSv1.1.

pub const NO_TLSV1_2: Self = _

Disables the use of TLSv1.2.

pub const NO_TLSV1_3: Self = _

Disables the use of TLSv1.3.

Requires OpenSSL 1.1.1 or LibreSSL 3.4.0 or newer.

pub const NO_DTLSV1: Self = _

Disables the use of DTLSv1.0

Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.

pub const NO_DTLSV1_2: Self = _

Disables the use of DTLSv1.2.

Requires OpenSSL 1.0.2 or LibreSSL 3.3.2 or newer.

pub const NO_SSL_MASK: Self = _

Disables the use of all (D)TLS protocol versions.

This can be used as a mask when whitelisting protocol versions.

Requires OpenSSL 1.0.2 or newer.

Examples

Only support TLSv1.2:

use openssl::ssl::SslOptions;

let options = SslOptions::NO_SSL_MASK & !SslOptions::NO_TLSV1_2;

pub const NO_RENEGOTIATION: Self = _

Disallow all renegotiation in TLSv1.2 and earlier.

Requires OpenSSL 1.1.0h or newer.

pub const ENABLE_MIDDLEBOX_COMPAT: Self = _

Enable TLSv1.3 Compatibility mode.

Requires OpenSSL 1.1.1 or newer. This is on by default in 1.1.1, but a future version may have this disabled by default.

pub const PRIORITIZE_CHACHA: Self = _

Prioritize ChaCha ciphers when preferred by clients.

Temporarily reprioritize ChaCha20-Poly1305 ciphers to the top of the server cipher list if a ChaCha20-Poly1305 cipher is at the top of the client cipher list. This helps those clients (e.g. mobile) use ChaCha20-Poly1305 if that cipher is anywhere in the server cipher list; but still allows other clients to use AES and other ciphers.

Requires enable SslOptions::CIPHER_SERVER_PREFERENCE. Requires OpenSSL 1.1.1 or newer.

pub const fn empty() -> Self

Returns an empty set of flags.

pub const fn all() -> Self

Returns the set containing all flags.

pub const fn bits(&self) -> u64

Returns the raw value of the flags currently stored.

pub const fn from_bits(bits: u64) -> Option<Self>

Convert from underlying bit representation, unless that representation contains bits that do not correspond to a flag.

pub const fn from_bits_truncate(bits: u64) -> Self

Convert from underlying bit representation, dropping any bits that do not correspond to flags.

pub const unsafe fn from_bits_unchecked(bits: u64) -> Self

Convert from underlying bit representation, preserving all bits (even those not corresponding to a defined flag).

Safety

The caller of the bitflags! macro can chose to allow or disallow extra bits for their bitflags type.

The caller of from_bits_unchecked() has to ensure that all bits correspond to a defined flag or that extra bits are valid for this bitflags type.

pub const fn is_empty(&self) -> bool

Returns true if no flags are currently stored.

pub const fn is_all(&self) -> bool

Returns true if all flags are currently set.

pub const fn intersects(&self, other: Self) -> bool

Returns true if there are flags common to both self and other.

pub const fn contains(&self, other: Self) -> bool

Returns true if all of the flags in other are contained within self.

pub fn insert(&mut self, other: Self)

Inserts the specified flags in-place.

pub fn remove(&mut self, other: Self)

Removes the specified flags in-place.

pub fn toggle(&mut self, other: Self)

Toggles the specified flags in-place.

pub fn set(&mut self, other: Self, value: bool)

Inserts or removes the specified flags depending on the passed value.

pub const fn intersection(self, other: Self) -> Self

Returns the intersection between the flags in self and other.

Specifically, the returned set contains only the flags which are present in both self and other.

This is equivalent to using the & operator (e.g. ops::BitAnd), as in flags & other.

pub const fn union(self, other: Self) -> Self

Returns the union of between the flags in self and other.

Specifically, the returned set contains all flags which are present in either self or other, including any which are present in both (see Self::symmetric_difference if that is undesirable).

This is equivalent to using the | operator (e.g. ops::BitOr), as in flags | other.

pub const fn difference(self, other: Self) -> Self

Returns the difference between the flags in self and other.

Specifically, the returned set contains all flags present in self, except for the ones present in other.

It is also conceptually equivalent to the “bit-clear” operation: flags & !other (and this syntax is also supported).

This is equivalent to using the - operator (e.g. ops::Sub), as in flags - other.

pub const fn symmetric_difference(self, other: Self) -> Self

Returns the symmetric difference between the flags in self and other.

Specifically, the returned set contains the flags present which are present in self or other, but that are not present in both. Equivalently, it contains the flags present in exactly one of the sets self and other.

This is equivalent to using the ^ operator (e.g. ops::BitXor), as in flags ^ other.

pub const fn complement(self) -> Self

Returns the complement of this set of flags.

Specifically, the returned set contains all the flags which are not set in self, but which are allowed for this type.

Alternatively, it can be thought of as the set difference between Self::all() and self (e.g. Self::all() - self)

This is equivalent to using the ! operator (e.g. ops::Not), as in !flags.

Trait Implementations

impl Binary for SslOptions

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl BitAnd<SslOptions> for SslOptions

fn bitand(self, other: Self) -> Self

Returns the intersection between the two sets of flags.

type Output = SslOptions

The resulting type after applying the & operator.

impl BitAndAssign<SslOptions> for SslOptions

fn bitand_assign(&mut self, other: Self)

Disables all flags disabled in the set.

impl BitOr<SslOptions> for SslOptions

fn bitor(self, other: SslOptions) -> Self

Returns the union of the two sets of flags.

type Output = SslOptions

The resulting type after applying the | operator.

impl BitOrAssign<SslOptions> for SslOptions

fn bitor_assign(&mut self, other: Self)

Adds the set of flags.

impl BitXor<SslOptions> for SslOptions

fn bitxor(self, other: Self) -> Self

Returns the left flags, but with all the right flags toggled.

type Output = SslOptions

The resulting type after applying the ^ operator.

impl BitXorAssign<SslOptions> for SslOptions

fn bitxor_assign(&mut self, other: Self)

Toggles the set of flags.

impl Clone for SslOptions

fn clone(&self) -> SslOptions

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for SslOptions

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Extend<SslOptions> for SslOptions

fn extend<T: IntoIterator<Item = Self>>(&mut self, iterator: T)

Extends a collection with the contents of an iterator.

fn extend_one(&mut self, item: A)

🔬This is a nightly-only experimental API. (extend_one)

Extends a collection with exactly one element.

fn extend_reserve(&mut self, additional: usize)

🔬This is a nightly-only experimental API. (extend_one)

Reserves capacity in a collection for the given number of additional elements.

impl FromIterator<SslOptions> for SslOptions

fn from_iter<T: IntoIterator<Item = Self>>(iterator: T) -> Self

Creates a value from an iterator.

impl Hash for SslOptions

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl LowerHex for SslOptions

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Not for SslOptions

fn not(self) -> Self

Returns the complement of this set of flags.

type Output = SslOptions

The resulting type after applying the ! operator.

impl Octal for SslOptions

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Ord for SslOptions

fn cmp(&self, other: &SslOptions) -> Ordering

This method returns an Ordering between self and other.

fn max(self, other: Self) -> Selfwhere Self: Sized,

Compares and returns the maximum of two values.

fn min(self, other: Self) -> Selfwhere Self: Sized,

Compares and returns the minimum of two values.

fn clamp(self, min: Self, max: Self) -> Selfwhere Self: Sized + PartialOrd<Self>,

Restrict a value to a certain interval.

impl PartialEq<SslOptions> for SslOptions

fn eq(&self, other: &SslOptions) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd<SslOptions> for SslOptions

fn partial_cmp(&self, other: &SslOptions) -> Option<Ordering>

This method returns an ordering between self and other values if one exists.

fn lt(&self, other: &Rhs) -> bool

This method tests less than (for self and other) and is used by the < operator.

fn le(&self, other: &Rhs) -> bool

This method tests less than or equal to (for self and other) and is used by the <= operator.

fn gt(&self, other: &Rhs) -> bool

This method tests greater than (for self and other) and is used by the > operator.

fn ge(&self, other: &Rhs) -> bool

This method tests greater than or equal to (for self and other) and is used by the >= operator.

impl Sub<SslOptions> for SslOptions

fn sub(self, other: Self) -> Self

Returns the set difference of the two sets of flags.

type Output = SslOptions

The resulting type after applying the - operator.

impl SubAssign<SslOptions> for SslOptions

fn sub_assign(&mut self, other: Self)

Disables all flags enabled in the set.

impl UpperHex for SslOptions

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Copy for SslOptions

impl Eq for SslOptions

impl StructuralEq for SslOptions

impl StructuralPartialEq for SslOptions