diff options
| author | Steven Fackler <[email protected]> | 2018-06-02 13:51:56 -0700 |
|---|---|---|
| committer | Steven Fackler <[email protected]> | 2018-06-02 13:58:56 -0700 |
| commit | 0745d6692734f8ecb255440f5672deec614dccfd (patch) | |
| tree | 70fedc23afdda2d624cbf6de604d32f58dea93da /openssl/src/ssl/mod.rs | |
| parent | Merge pull request #940 from CmdrMoozy/rsa_padding (diff) | |
| download | rust-openssl-0745d6692734f8ecb255440f5672deec614dccfd.tar.xz rust-openssl-0745d6692734f8ecb255440f5672deec614dccfd.zip | |
Update to 1.1.1-pre7
The initial session ticket is now sent as part of SSL_accept, so some
tests need to write a single byte through the stream to make sure that
both ends have fully completed to avoid test flakes.
TLSv1.3 cipher suite control has been extracted from the normal cipher
list into a separate method: SslContextBuilder::set_ciphersuites.
Diffstat (limited to 'openssl/src/ssl/mod.rs')
| -rw-r--r-- | openssl/src/ssl/mod.rs | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs index 0f3f9624..5bd04c7f 100644 --- a/openssl/src/ssl/mod.rs +++ b/openssl/src/ssl/mod.rs @@ -952,7 +952,9 @@ impl SslContextBuilder { unsafe { cvt(ffi::SSL_CTX_use_PrivateKey(self.as_ptr(), key.as_ptr())).map(|_| ()) } } - /// Sets the list of supported ciphers. + /// Sets the list of supported ciphers for protocols before TLSv1.3. + /// + /// The `set_ciphersuites` method controls the cipher suites for TLSv1.3. /// /// See [`ciphers`] for details on the format. /// @@ -970,6 +972,29 @@ impl SslContextBuilder { } } + /// Sets the list of supported ciphers for the TLSv1.3 protocol. + /// + /// The `set_cipher_list` method controls lthe cipher suites for protocols before TLSv1.3. + /// + /// The format consists of TLSv1.3 ciphersuite names separated by `:` characters in order of + /// preference. + /// + /// Requires OpenSSL 1.1.1 or newer. + /// + /// This corresponds to [`SSL_CTX_set_ciphersuites`]. + /// + /// [`SSL_CTX_set_ciphersuites`]: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html + #[cfg(ossl111)] + pub fn set_ciphersuites(&mut self, cipher_list: &str) -> Result<(), ErrorStack> { + let cipher_list = CString::new(cipher_list).unwrap(); + unsafe { + cvt(ffi::SSL_CTX_set_ciphersuites( + self.as_ptr(), + cipher_list.as_ptr() as *const _, + )).map(|_| ()) + } + } + /// Enables ECDHE key exchange with an automatically chosen curve list. /// /// Requires OpenSSL 1.0.2. |