Struct rustls::client::ClientConfig

source ·
pub struct ClientConfig {
    pub(super) cipher_suites: Vec<SupportedCipherSuite>,
    pub(super) kx_groups: Vec<&'static SupportedKxGroup>,
    pub alpn_protocols: Vec<Vec<u8>>,
    pub resumption: Resumption,
    pub max_fragment_size: Option<usize>,
    pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>,
    pub(super) versions: EnabledVersions,
    pub enable_sni: bool,
    pub(super) verifier: Arc<dyn ServerCertVerifier>,
    pub key_log: Arc<dyn KeyLog>,
    pub enable_early_data: bool,
}
Expand description

Common configuration for (typically) all connections made by a program.

Making one of these is cheap, though one of the inputs may be expensive: gathering trust roots from the operating system to add to the RootCertStore passed to with_root_certificates() (the rustls-native-certs crate is often used for this) may take on the order of a few hundred milliseconds.

These must be created via the ClientConfig::builder() function.

§Defaults

Fields§

§cipher_suites: Vec<SupportedCipherSuite>

List of ciphersuites, in preference order.

§kx_groups: Vec<&'static SupportedKxGroup>

List of supported key exchange algorithms, in preference order – the first element is the highest priority.

The first element in this list is the default key share algorithm, and in TLS1.3 a key share for it is sent in the client hello.

§alpn_protocols: Vec<Vec<u8>>

Which ALPN protocols we include in our client hello. If empty, no ALPN extension is sent.

§resumption: Resumption

How and when the client can resume a previous session.

§max_fragment_size: Option<usize>

The maximum size of TLS message we’ll emit. If None, we don’t limit TLS message lengths except to the 2**16 limit specified in the standard.

rustls enforces an arbitrary minimum of 32 bytes for this field. Out of range values are reported as errors from ClientConnection::new.

Setting this value to the TCP MSS may improve latency for stream-y workloads.

§client_auth_cert_resolver: Arc<dyn ResolvesClientCert>

How to decide what client auth certificate/keys to use.

§versions: EnabledVersions

Supported versions, in no particular order. The default is all supported versions.

§enable_sni: bool

Whether to send the Server Name Indication (SNI) extension during the client handshake.

The default is true.

§verifier: Arc<dyn ServerCertVerifier>

How to verify the server certificate chain.

§key_log: Arc<dyn KeyLog>

How to output key material for debugging. The default does nothing.

§enable_early_data: bool

Whether to send data on the first flight (“early data”) in TLS 1.3 handshakes.

The default is false.

Implementations§

source§

impl ClientConfig

source

pub fn builder() -> ConfigBuilder<Self, WantsCipherSuites>

Create a builder to build up the client configuration.

For more information, see the ConfigBuilder documentation.

source

pub(crate) fn supports_version(&self, v: ProtocolVersion) -> bool

We support a given TLS version if it’s quoted in the configured versions and at least one ciphersuite for this version is also configured.

source

pub fn dangerous(&mut self) -> DangerousClientConfig<'_>

Access configuration options whose use is dangerous and requires extra care.

source

pub(super) fn find_cipher_suite( &self, suite: CipherSuite, ) -> Option<SupportedCipherSuite>

Trait Implementations§

source§

impl Clone for ClientConfig

source§

fn clone(&self) -> ClientConfig

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for ClientConfig

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl ConfigSide for ClientConfig

source§

impl Sealed for ClientConfig

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.