Struct Tls12CipherSuite 

pub struct Tls12CipherSuite {
    pub common: CipherSuiteCommon,
    pub protocol_version: &'static Tls12Version,
    pub prf_provider: &'static dyn Prf,
    pub kx: KeyExchangeAlgorithm,
    pub sign: &'static [SignatureScheme],
    pub aead_alg: &'static dyn Tls12AeadAlgorithm,
}

A TLS 1.2 cipher suite supported by rustls.

Fields

common: CipherSuiteCommon

Common cipher suite fields.

protocol_version: &'static Tls12Version

The associated protocol version.

This field should have the value rustls::version::TLS12_VERSION.

This value contains references to the TLS1.2 protocol handling code. This means that a program that does not contain any Tls12CipherSuite values also does not contain any reference to the TLS1.2 protocol handling code, and the linker can remove it.

prf_provider: &'static dyn Prf

How to compute the TLS1.2 PRF for the suite’s hash function.

If you have a TLS1.2 PRF implementation, you should directly implement the crypto::tls12::Prf trait.

If not, you can implement the crypto::hmac::Hmac trait (and associated), and then use crypto::tls12::PrfUsingHmac.

kx: KeyExchangeAlgorithm

How to exchange/agree keys.

In TLS1.2, the key exchange method (eg, Elliptic Curve Diffie-Hellman with Ephemeral keys – ECDHE) is baked into the cipher suite, but the details to achieve it are negotiated separately.

This controls how protocol messages (like the ClientKeyExchange message) are interpreted once this cipher suite has been negotiated.

sign: &'static [SignatureScheme]

How to sign messages for authentication.

This is a set of SignatureSchemes that are usable once this cipher suite has been negotiated.

The precise scheme used is then chosen from this set by the selected authentication key.

aead_alg: &'static dyn Tls12AeadAlgorithm

How to produce a MessageDecrypter or MessageEncrypter from raw key material.

Implementations

impl Tls12CipherSuite

pub fn resolve_sig_schemes( &self, offered: &[SignatureScheme], ) -> Vec<SignatureScheme>

Resolve the set of supported SignatureSchemes from the offered signature schemes. If we return an empty set, the handshake terminates.

pub fn fips(&self) -> bool

Return true if this is backed by a FIPS-approved implementation.

This means all the constituent parts that do cryptography return true for fips().

Trait Implementations

impl Debug for Tls12CipherSuite

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl From<&'static Tls12CipherSuite> for SupportedCipherSuite

fn from(s: &'static Tls12CipherSuite) -> Self

Converts to this type from the input type.

impl PartialEq for Tls12CipherSuite

fn eq(&self, other: &Self) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.