pub struct Tls12CipherSuite {
    pub common: CipherSuiteCommon,
    pub prf_provider: &'static dyn Prf,
    pub kx: KeyExchangeAlgorithm,
    pub sign: &'static [SignatureScheme],
    pub aead_alg: &'static dyn Tls12AeadAlgorithm,
Available on crate feature tls12 only.
Expand description

A TLS 1.2 cipher suite supported by rustls.


§common: CipherSuiteCommon

Common cipher suite fields.

§prf_provider: &'static dyn Prf

How to compute the TLS1.2 PRF for the suite’s hash function.

If you have a TLS1.2 PRF implementation, you should directly implement the crypto::tls12::Prf trait.

If not, you can implement the crypto::hmac::Hmac trait (and associated), and then use crypto::tls12::PrfUsingHmac.

§kx: KeyExchangeAlgorithm

How to exchange/agree keys.

In TLS1.2, the key exchange method (eg, Elliptic Curve Diffie-Hellman with Ephemeral keys – ECDHE) is baked into the cipher suite, but the details to achieve it are negotiated separately.

This controls how protocol messages (like the ClientKeyExchange message) are interpreted once this cipher suite has been negotiated.

§sign: &'static [SignatureScheme]

How to sign messages for authentication.

This is a set of SignatureSchemes that are usable once this cipher suite has been negotiated.

The precise scheme used is then chosen from this set by the selected authentication key.

§aead_alg: &'static dyn Tls12AeadAlgorithm

How to produce a MessageDecrypter or MessageEncrypter from raw key material.



impl Tls12CipherSuite


pub fn resolve_sig_schemes( &self, offered: &[SignatureScheme], ) -> Vec<SignatureScheme>

Resolve the set of supported SignatureSchemes from the offered signature schemes. If we return an empty set, the handshake terminates.


pub fn fips(&self) -> bool

Return true if this is backed by a FIPS-approved implementation.

This means all the constituent parts that do cryptography return true for fips().

Trait Implementations§


impl Debug for Tls12CipherSuite


fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl From<&'static Tls12CipherSuite> for SupportedCipherSuite


fn from(s: &'static Tls12CipherSuite) -> Self

Converts to this type from the input type.

impl PartialEq for Tls12CipherSuite


fn eq(&self, other: &Self) -> bool

This method tests for self and other values to be equal, and is used by ==.
1.0.0 · source§

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

