Configuration of the TLS stack
certificate chain and private key of the first certificate
#
ciphers
| : Ciphersuite.ciphersuite list | ; | (* | ordered list (regarding preference) of supported cipher suites | *) |
#
protocol_versions
| : Core.tls_version * Core.tls_version | ; | (* | supported protocol versions (min, max) | *) |
#
hashes
| : Nocrypto.Hash.hash list | ; | (* | ordered list of supported hash algorithms (regarding preference) | *) |
#
use_reneg
| : bool | ; | (* | endpoint should accept renegotiation requests | *) |
#
secure_reneg
| : bool | ; | (* | other end must use secure renegotiation (RFC 5746) | *) |
#
authenticator
| : X509.Authenticator.t option | ; | (* | optional X509 authenticator | *) |
#
peer_name
| : string option | ; | (* | optional name of other endpoint (used for SNI RFC4366) | *) |
#
own_certificate
| : own_cert option | ; | (* | optional certificate chain | *) |
configuration parameters
Cipher selection related utilities.
All the ciphers this library can use.
All the PFS ciphers this library can use.
pfs_of ciphers
selects only PFS ciphers.
min_dh_size
is minimal diffie hellman group size in bits (currently 512)
min_rsa_key_size
is minimal RSA modulus key size in bits (currently 1024)
opaque type of a client configuration
opaque type of a server configuration
client_exn ?ciphers ?version ?hashes ?reneg ?validator ?secure_reneg
is client
configuration with the given parameters
server_exn ?ciphers ?version ?hashes ?reneg ?certificate ?secure_reneg
is server
configuration with the given parameters