MySQL 9.1.0
Source Code Documentation
TlsServerContext Class Reference

TLS Context for the server side. More...

#include <tls_server_context.h>

Inheritance diagram for TlsServerContext:
[legend]

Public Member Functions

 TlsServerContext (TlsVersion min_version=TlsVersion::TLS_1_2, TlsVersion max_version=TlsVersion::AUTO, bool session_cache_mode=false, size_t session_cache_size=0, unsigned int session_cache_timeout=0)
 construct a TLS Context for server-side. More...
 
stdx::expected< void, std::error_code > init_tmp_dh (const std::string &dh_params)
 init temporary DH parameters. More...
 
stdx::expected< void, std::error_code > cipher_list (const std::string &ciphers)
 set cipher-list. More...
 
stdx::expected< void, std::error_code > verify (TlsVerify verify, stdx::flags< TlsVerifyOpts > tls_opts={})
 set how cerifiticates should be verified. More...
 
int security_level () const
 get the security level. More...
 
stdx::expected< void, std::error_code > session_id_context (const unsigned char *sid_ctx, unsigned int sid_ctx_len)
 set the session-id context for ssl-context reuse. More...
 
- Public Member Functions inherited from TlsContext
 TlsContext (const SSL_METHOD *method)
 construct a TlsContext based on the SSL_METHODs provided by openssl. More...
 
stdx::expected< void, std::error_code > ssl_ca (const std::string &ca_file, const std::string &ca_path)
 set CA file and CA directory. More...
 
stdx::expected< void, std::error_code > crl (const std::string &crl_file, const std::string &crl_path)
 set CRL file and CRL directory. More...
 
SSL_CTX * get () const
 get non-owning pointer to SSL_CTX. More...
 
stdx::expected< void, std::error_code > version_range (TlsVersion min_version, TlsVersion max_version)
 set the supported TLS version range. More...
 
TlsVersion min_version () const
 get the min TLS version. More...
 
stdx::expected< void, std::error_code > curves_list (const std::string &curves)
 init elliptic curves for DH ciphers for Perfect Forward Security. More...
 
std::vector< std::string > cipher_list () const
 get current cipher-list. More...
 
void info_callback (InfoCallback)
 set info callback. More...
 
InfoCallback info_callback () const
 get info callback More...
 
int security_level () const
 get security_level. More...
 
long session_cache_hits () const
 get session reuse cache hits number More...
 
stdx::expected< void, std::error_code > load_key_and_cert (const std::string &private_key_file, const std::string &cert_chain_file)
 load key and cert. More...
 

Static Public Member Functions

static std::vector< std::string > default_ciphers ()
 default ciphers. More...
 
- Static Public Member Functions inherited from TlsContext
static constexpr bool has_set_curves_list ()
 if TLS context allows to change elliptic curves list. More...
 
static constexpr bool has_set_cipher_suites ()
 if TLS context allows setting cipher-suites (TLSv1.3 and later). More...
 

Static Public Attributes

static constexpr std::array unacceptable_cipher_spec
 unacceptable ciphers. More...
 

Additional Inherited Members

- Public Types inherited from TlsContext
using InfoCallback = void(*)(const SSL *, int, int)
 
- Protected Attributes inherited from TlsContext
std::unique_ptr< SSL_CTX, decltype(&SSL_CTX_free)> ssl_ctx_
 

Detailed Description

TLS Context for the server side.

Constructor & Destructor Documentation

◆ TlsServerContext()

TlsServerContext::TlsServerContext ( TlsVersion  min_version = TlsVersion::TLS_1_2,
TlsVersion  max_version = TlsVersion::AUTO,
bool  session_cache_mode = false,
size_t  session_cache_size = 0,
unsigned int  session_cache_timeout = 0 
)

construct a TLS Context for server-side.

Member Function Documentation

◆ cipher_list()

stdx::expected< void, std::error_code > TlsServerContext::cipher_list ( const std::string &  ciphers)

set cipher-list.

list is filtered for unacceptable_cipher_spec

Parameters
cipherscolon separated list of ciphers
See also
openssl ciphers

◆ default_ciphers()

std::vector< std::string > TlsServerContext::default_ciphers ( )
static

default ciphers.

◆ init_tmp_dh()

stdx::expected< void, std::error_code > TlsServerContext::init_tmp_dh ( const std::string &  dh_params)

init temporary DH parameters.

Parameters
dh_paramsfilename of a PEM file with DH parameters

◆ security_level()

int TlsServerContext::security_level ( ) const

get the security level.

| sec-level | RSA-min-key-size | +--------—+---------------—+ | 1 | 1024 | | 2 | 2048 | | 3 | 3072 | | 4 | 7680 | | 5 | 15360 |

See also
SSL_CTX_get_security_level()
Returns
the security level of the ssl-ctx.

◆ session_id_context()

stdx::expected< void, std::error_code > TlsServerContext::session_id_context ( const unsigned char *  sid_ctx,
unsigned int  sid_ctx_len 
)

set the session-id context for ssl-context reuse.

unique identifier of the ssl-ctx.

Parameters
sid_ctxopaque string of size sid_ctx_len
sid_ctx_lenlength of sid_ctx_len

◆ verify()

stdx::expected< void, std::error_code > TlsServerContext::verify ( TlsVerify  verify,
stdx::flags< TlsVerifyOpts tls_opts = {} 
)

set how cerifiticates should be verified.

Parameters
verifyNONE or PEER
tls_optsextra options for PEER
Exceptions
std::illegal_argumentif verify is NONE and tls_opts is != 0

Member Data Documentation

◆ unacceptable_cipher_spec

constexpr std::array TlsServerContext::unacceptable_cipher_spec
staticconstexpr
Initial value:
{
"!aNULL", "!eNULL", "!EXPORT", "!LOW", "!MD5", "!DES",
"!3DES", "!RC2", "!RC4", "!PSK", "!kDH", "!SSLv3",
}

unacceptable ciphers.

they are filtered out if set through cipher_list()


The documentation for this class was generated from the following files: