[][src]Trait rustls::ProducesTickets

pub trait ProducesTickets: Send + Sync {
    fn enabled(&self) -> bool;
fn get_lifetime(&self) -> u32;
fn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>;
fn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>; }

A trait for the ability to encrypt and decrypt tickets.

Required methods

fn enabled(&self) -> bool

Returns true if this implementation will encrypt/decrypt tickets. Should return false if this is a dummy implementation: the server will not send the SessionTicket extension and will not call the other functions.

fn get_lifetime(&self) -> u32

Returns the lifetime in seconds of tickets produced now. The lifetime is provided as a hint to clients that the ticket will not be useful after the given time.

This lifetime must be implemented by key rolling and erasure, not by storing a lifetime in the ticket.

The objective is to limit damage to forward secrecy caused by tickets, not just limiting their lifetime.

fn encrypt(&self, plain: &[u8]) -> Option<Vec<u8>>

Encrypt and authenticate plain, returning the resulting ticket. Return None if plain cannot be encrypted for some reason: an empty ticket will be sent and the connection will continue.

fn decrypt(&self, cipher: &[u8]) -> Option<Vec<u8>>

Decrypt cipher, validating its authenticity protection and recovering the plaintext. cipher is fully attacker controlled, so this decryption must be side-channel free, panic-proof, and otherwise bullet-proof. If the decryption fails, return None.

Loading content...


Loading content...