Struct rustls::server::ServerConfig
source · pub struct ServerConfig {
pub ignore_client_order: bool,
pub max_fragment_size: Option<usize>,
pub session_storage: Arc<dyn StoresServerSessions + Send + Sync>,
pub ticketer: Arc<dyn ProducesTickets>,
pub cert_resolver: Arc<dyn ResolvesServerCert>,
pub alpn_protocols: Vec<Vec<u8>>,
pub key_log: Arc<dyn KeyLog>,
pub max_early_data_size: u32,
pub send_half_rtt_data: bool,
/* private fields */
}
Expand description
Common configuration for a set of server sessions.
Making one of these can be expensive, and should be once per process rather than once per connection.
These must be created via the ServerConfig::builder()
function.
Defaults
ServerConfig::max_fragment_size
: the default isNone
: TLS packets are not fragmented to a specific size.ServerConfig::session_storage
: the default stores 256 sessions in memory.ServerConfig::alpn_protocols
: the default is empty – no ALPN protocol is negotiated.ServerConfig::key_log
: key material is not logged.
Fields§
§ignore_client_order: bool
Ignore the client’s ciphersuite order. Instead, choose the top ciphersuite in the server list which is supported by the client.
max_fragment_size: Option<usize>
The maximum size of TLS message we’ll emit. If None, we don’t limit TLS message lengths except to the 2**16 limit specified in the standard.
rustls enforces an arbitrary minimum of 32 bytes for this field. Out of range values are reported as errors from ServerConnection::new.
Setting this value to the TCP MSS may improve latency for stream-y workloads.
session_storage: Arc<dyn StoresServerSessions + Send + Sync>
How to store client sessions.
ticketer: Arc<dyn ProducesTickets>
How to produce tickets.
cert_resolver: Arc<dyn ResolvesServerCert>
How to choose a server cert and key.
alpn_protocols: Vec<Vec<u8>>
Protocol names we support, most preferred first. If empty we don’t do ALPN at all.
key_log: Arc<dyn KeyLog>
How to output key material for debugging. The default does nothing.
max_early_data_size: u32
Amount of early data to accept for sessions created by this config. Specify 0 to disable early data. The default is 0.
Read the early data via ServerConnection::early_data
.
The units for this are both plaintext bytes, and ciphertext bytes, depending on whether the server accepts a client’s early_data or not. It is therefore recommended to include some slop in this value to account for the unknown amount of ciphertext expansion in the latter case.
send_half_rtt_data: bool
Whether the server should send “0.5RTT” data. This means the server sends data after its first flight of handshake messages, without waiting for the client to complete the handshake.
This can improve TTFB latency for either server-speaks-first protocols,
or client-speaks-first protocols when paired with “0RTT” data. This
comes at the cost of a subtle weakening of the normal handshake
integrity guarantees that TLS provides. Note that the initial
ClientHello
is indirectly authenticated because it is included
in the transcript used to derive the keys used to encrypt the data.
This only applies to TLS1.3 connections. TLS1.2 connections cannot do this optimisation and this setting is ignored for them. It is also ignored for TLS1.3 connections that even attempt client authentication.
This defaults to false. This means the first application data
sent by the server comes after receiving and validating the client’s
handshake up to the Finished
message. This is the safest option.
Implementations§
source§impl ServerConfig
impl ServerConfig
sourcepub fn builder() -> ConfigBuilder<Self, WantsCipherSuites>
pub fn builder() -> ConfigBuilder<Self, WantsCipherSuites>
Create builder to build up the server configuration.
For more information, see the ConfigBuilder
documentation.
Trait Implementations§
source§impl Clone for ServerConfig
impl Clone for ServerConfig
source§fn clone(&self) -> ServerConfig
fn clone(&self) -> ServerConfig
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more