Struct rustls::client::client_conn::ClientConfig

pub struct ClientConfig {
    pub(super) cipher_suites: Vec<SupportedCipherSuite>,
    pub(super) kx_groups: Vec<&'static SupportedKxGroup>,
    pub alpn_protocols: Vec<Vec<u8>>,
    pub resumption: Resumption,
    pub max_fragment_size: Option<usize>,
    pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>,
    pub(super) versions: EnabledVersions,
    pub enable_sni: bool,
    pub(super) verifier: Arc<dyn ServerCertVerifier>,
    pub key_log: Arc<dyn KeyLog>,
    pub enable_early_data: bool,
}

Common configuration for (typically) all connections made by a program.

Making one of these is cheap, though one of the inputs may be expensive: gathering trust roots from the operating system to add to the RootCertStore passed to with_root_certificates() (the rustls-native-certs crate is often used for this) may take on the order of a few hundred milliseconds.

These must be created via the ClientConfig::builder() function.

Defaults

• ClientConfig::max_fragment_size: the default is None: TLS packets are not fragmented to a specific size.
• ClientConfig::resumption: supports resumption with up to 256 server names, using session ids or tickets, with a max of eight tickets per server.
• ClientConfig::alpn_protocols: the default is empty – no ALPN protocol is negotiated.
• ClientConfig::key_log: key material is not logged.

Fields

cipher_suites: Vec<SupportedCipherSuite>

List of ciphersuites, in preference order.

kx_groups: Vec<&'static SupportedKxGroup>

List of supported key exchange algorithms, in preference order – the first element is the highest priority.

The first element in this list is the default key share algorithm, and in TLS1.3 a key share for it is sent in the client hello.

alpn_protocols: Vec<Vec<u8>>

Which ALPN protocols we include in our client hello. If empty, no ALPN extension is sent.

resumption: Resumption

How and when the client can resume a previous session.

max_fragment_size: Option<usize>

The maximum size of TLS message we’ll emit. If None, we don’t limit TLS message lengths except to the 2**16 limit specified in the standard.

rustls enforces an arbitrary minimum of 32 bytes for this field. Out of range values are reported as errors from ClientConnection::new.

Setting this value to the TCP MSS may improve latency for stream-y workloads.

client_auth_cert_resolver: Arc<dyn ResolvesClientCert>

How to decide what client auth certificate/keys to use.

versions: EnabledVersions

Supported versions, in no particular order. The default is all supported versions.

enable_sni: bool

Whether to send the Server Name Indication (SNI) extension during the client handshake.

The default is true.

verifier: Arc<dyn ServerCertVerifier>

How to verify the server certificate chain.

key_log: Arc<dyn KeyLog>

How to output key material for debugging. The default does nothing.

enable_early_data: bool

Whether to send data on the first flight (“early data”) in TLS 1.3 handshakes.

The default is false.

Implementations

impl ClientConfig

pub fn builder() -> ConfigBuilder<Self, WantsCipherSuites>

Create a builder to build up the client configuration.

For more information, see the ConfigBuilder documentation.

pub(crate) fn supports_version(&self, v: ProtocolVersion) -> bool

We support a given TLS version if it’s quoted in the configured versions and at least one ciphersuite for this version is also configured.

pub fn dangerous(&mut self) -> DangerousClientConfig<'_>

Access configuration options whose use is dangerous and requires extra care.

pub(super) fn find_cipher_suite( &self, suite: CipherSuite, ) -> Option<SupportedCipherSuite>

Trait Implementations

impl Clone for ClientConfig

fn clone(&self) -> ClientConfig

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for ClientConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl ConfigSide for ClientConfig

impl Sealed for ClientConfig