Struct rustls::client::ClientConfig
source · pub struct ClientConfig {
pub(super) cipher_suites: Vec<SupportedCipherSuite>,
pub(super) kx_groups: Vec<&'static SupportedKxGroup>,
pub alpn_protocols: Vec<Vec<u8>>,
pub resumption: Resumption,
pub max_fragment_size: Option<usize>,
pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>,
pub(super) versions: EnabledVersions,
pub enable_sni: bool,
pub(super) verifier: Arc<dyn ServerCertVerifier>,
pub key_log: Arc<dyn KeyLog>,
pub enable_early_data: bool,
}
Expand description
Common configuration for (typically) all connections made by a program.
Making one of these is cheap, though one of the inputs may be expensive: gathering trust roots
from the operating system to add to the RootCertStore
passed to with_root_certificates()
(the rustls-native-certs crate is often used for this) may take on the order of a few hundred
milliseconds.
These must be created via the ClientConfig::builder()
function.
§Defaults
ClientConfig::max_fragment_size
: the default isNone
: TLS packets are not fragmented to a specific size.ClientConfig::resumption
: supports resumption with up to 256 server names, using session ids or tickets, with a max of eight tickets per server.ClientConfig::alpn_protocols
: the default is empty – no ALPN protocol is negotiated.ClientConfig::key_log
: key material is not logged.
Fields§
§cipher_suites: Vec<SupportedCipherSuite>
List of ciphersuites, in preference order.
kx_groups: Vec<&'static SupportedKxGroup>
List of supported key exchange algorithms, in preference order – the first element is the highest priority.
The first element in this list is the default key share algorithm, and in TLS1.3 a key share for it is sent in the client hello.
alpn_protocols: Vec<Vec<u8>>
Which ALPN protocols we include in our client hello. If empty, no ALPN extension is sent.
resumption: Resumption
How and when the client can resume a previous session.
max_fragment_size: Option<usize>
The maximum size of TLS message we’ll emit. If None, we don’t limit TLS message lengths except to the 2**16 limit specified in the standard.
rustls enforces an arbitrary minimum of 32 bytes for this field. Out of range values are reported as errors from ClientConnection::new.
Setting this value to the TCP MSS may improve latency for stream-y workloads.
client_auth_cert_resolver: Arc<dyn ResolvesClientCert>
How to decide what client auth certificate/keys to use.
versions: EnabledVersions
Supported versions, in no particular order. The default is all supported versions.
enable_sni: bool
Whether to send the Server Name Indication (SNI) extension during the client handshake.
The default is true.
verifier: Arc<dyn ServerCertVerifier>
How to verify the server certificate chain.
key_log: Arc<dyn KeyLog>
How to output key material for debugging. The default does nothing.
enable_early_data: bool
Whether to send data on the first flight (“early data”) in TLS 1.3 handshakes.
The default is false.
Implementations§
source§impl ClientConfig
impl ClientConfig
sourcepub fn builder() -> ConfigBuilder<Self, WantsCipherSuites>
pub fn builder() -> ConfigBuilder<Self, WantsCipherSuites>
Create a builder to build up the client configuration.
For more information, see the ConfigBuilder
documentation.
sourcepub(crate) fn supports_version(&self, v: ProtocolVersion) -> bool
pub(crate) fn supports_version(&self, v: ProtocolVersion) -> bool
We support a given TLS version if it’s quoted in the configured versions and at least one ciphersuite for this version is also configured.
sourcepub fn dangerous(&mut self) -> DangerousClientConfig<'_>
pub fn dangerous(&mut self) -> DangerousClientConfig<'_>
Access configuration options whose use is dangerous and requires extra care.
pub(super) fn find_cipher_suite( &self, suite: CipherSuite, ) -> Option<SupportedCipherSuite>
Trait Implementations§
source§impl Clone for ClientConfig
impl Clone for ClientConfig
source§fn clone(&self) -> ClientConfig
fn clone(&self) -> ClientConfig
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for ClientConfig
impl Debug for ClientConfig
impl ConfigSide for ClientConfig
impl Sealed for ClientConfig
Auto Trait Implementations§
impl Freeze for ClientConfig
impl !RefUnwindSafe for ClientConfig
impl Send for ClientConfig
impl Sync for ClientConfig
impl Unpin for ClientConfig
impl !UnwindSafe for ClientConfig
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)