Struct rustls::client::ClientConfig
source · pub struct ClientConfig {
pub(super) cipher_suites: Vec<SupportedCipherSuite>,
pub(super) kx_groups: Vec<&'static SupportedKxGroup>,
pub alpn_protocols: Vec<Vec<u8>>,
pub resumption: Resumption,
pub max_fragment_size: Option<usize>,
pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>,
pub(super) versions: EnabledVersions,
pub enable_sni: bool,
pub(super) verifier: Arc<dyn ServerCertVerifier>,
pub key_log: Arc<dyn KeyLog>,
pub enable_early_data: bool,
}
Expand description
Common configuration for (typically) all connections made by a program.
Making one of these is cheap, though one of the inputs may be expensive: gathering trust roots
from the operating system to add to the RootCertStore
passed to with_root_certificates()
(the rustls-native-certs crate is often used for this) may take on the order of a few hundred
milliseconds.
These must be created via the ClientConfig::builder()
function.
§Defaults
ClientConfig::max_fragment_size
: the default isNone
: TLS packets are not fragmented to a specific size.ClientConfig::resumption
: supports resumption with up to 256 server names, using session ids or tickets, with a max of eight tickets per server.ClientConfig::alpn_protocols
: the default is empty – no ALPN protocol is negotiated.ClientConfig::key_log
: key material is not logged.
Fields§
§cipher_suites: Vec<SupportedCipherSuite>
List of ciphersuites, in preference order.
kx_groups: Vec<&'static SupportedKxGroup>
List of supported key exchange algorithms, in preference order – the first element is the highest priority.
The first element in this list is the default key share algorithm, and in TLS1.3 a key share for it is sent in the client hello.
alpn_protocols: Vec<Vec<u8>>
Which ALPN protocols we include in our client hello. If empty, no ALPN extension is sent.
resumption: Resumption
How and when the client can resume a previous session.
max_fragment_size: Option<usize>
The maximum size of TLS message we’ll emit. If None, we don’t limit TLS message lengths except to the 2**16 limit specified in the standard.
rustls enforces an arbitrary minimum of 32 bytes for this field. Out of range values are reported as errors from ClientConnection::new.
Setting this value to the TCP MSS may improve latency for stream-y workloads.
client_auth_cert_resolver: Arc<dyn ResolvesClientCert>
How to decide what client auth certificate/keys to use.
versions: EnabledVersions
Supported versions, in no particular order. The default is all supported versions.
enable_sni: bool
Whether to send the Server Name Indication (SNI) extension during the client handshake.
The default is true.
verifier: Arc<dyn ServerCertVerifier>
How to verify the server certificate chain.
key_log: Arc<dyn KeyLog>
How to output key material for debugging. The default does nothing.
enable_early_data: bool
Whether to send data on the first flight (“early data”) in TLS 1.3 handshakes.
The default is false.
Implementations§
source§impl ClientConfig
impl ClientConfig
sourcepub fn builder() -> ConfigBuilder<Self, WantsCipherSuites>
pub fn builder() -> ConfigBuilder<Self, WantsCipherSuites>
Create a builder to build up the client configuration.
For more information, see the ConfigBuilder
documentation.
sourcepub(crate) fn supports_version(&self, v: ProtocolVersion) -> bool
pub(crate) fn supports_version(&self, v: ProtocolVersion) -> bool
We support a given TLS version if it’s quoted in the configured versions and at least one ciphersuite for this version is also configured.
sourcepub fn dangerous(&mut self) -> DangerousClientConfig<'_>
pub fn dangerous(&mut self) -> DangerousClientConfig<'_>
Access configuration options whose use is dangerous and requires extra care.
pub(super) fn find_cipher_suite( &self, suite: CipherSuite, ) -> Option<SupportedCipherSuite>
Trait Implementations§
source§impl Clone for ClientConfig
impl Clone for ClientConfig
source§fn clone(&self) -> ClientConfig
fn clone(&self) -> ClientConfig
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more