pub trait ProducesTickets: Send + Sync {
    fn enabled(&self) -> bool;
    fn lifetime(&self) -> u32;
    fn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>;
    fn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>;
}
Expand description

A trait for the ability to encrypt and decrypt tickets.

Required Methods

Returns true if this implementation will encrypt/decrypt tickets. Should return false if this is a dummy implementation: the server will not send the SessionTicket extension and will not call the other functions.

Returns the lifetime in seconds of tickets produced now. The lifetime is provided as a hint to clients that the ticket will not be useful after the given time.

This lifetime must be implemented by key rolling and erasure, not by storing a lifetime in the ticket.

The objective is to limit damage to forward secrecy caused by tickets, not just limiting their lifetime.

Encrypt and authenticate plain, returning the resulting ticket. Return None if plain cannot be encrypted for some reason: an empty ticket will be sent and the connection will continue.

Decrypt cipher, validating its authenticity protection and recovering the plaintext. cipher is fully attacker controlled, so this decryption must be side-channel free, panic-proof, and otherwise bullet-proof. If the decryption fails, return None.

Implementors