A trait for the ability to encrypt and decrypt tickets.
fn enabled(&self) -> bool
Returns true if this implementation will encrypt/decrypt tickets. Should return false if this is a dummy implementation: the server will not send the SessionTicket extension and will not call the other functions.
fn get_lifetime(&self) -> u32
Returns the lifetime in seconds of tickets produced now. The lifetime is provided as a hint to clients that the ticket will not be useful after the given time.
This lifetime must be implemented by key rolling and erasure, not by storing a lifetime in the ticket.
The objective is to limit damage to forward secrecy caused by tickets, not just limiting their lifetime.
Encrypt and authenticate
plain, returning the resulting
ticket. Return None if
plain cannot be encrypted for
some reason: an empty ticket will be sent and the connection
cipher, validating its authenticity protection
and recovering the plaintext.
cipher is fully attacker
controlled, so this decryption must be side-channel free,
panic-proof, and otherwise bullet-proof. If the decryption
fails, return None.