rustls::client

Struct ClientConfig

source
pub struct ClientConfig {
    pub alpn_protocols: Vec<Vec<u8>>,
    pub resumption: Resumption,
    pub max_fragment_size: Option<usize>,
    pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>,
    pub enable_sni: bool,
    pub key_log: Arc<dyn KeyLog>,
    pub enable_secret_extraction: bool,
    pub enable_early_data: bool,
    /* private fields */
}
Expand description

Common configuration for (typically) all connections made by a program.

Making one of these is cheap, though one of the inputs may be expensive: gathering trust roots from the operating system to add to the RootCertStore passed to with_root_certificates() (the rustls-native-certs crate is often used for this) may take on the order of a few hundred milliseconds.

These must be created via the ClientConfig::builder() or ClientConfig::builder_with_provider() function.

§Defaults

Fields§

§alpn_protocols: Vec<Vec<u8>>

Which ALPN protocols we include in our client hello. If empty, no ALPN extension is sent.

§resumption: Resumption

How and when the client can resume a previous session.

§max_fragment_size: Option<usize>

The maximum size of plaintext input to be emitted in a single TLS record. A value of None is equivalent to the TLS maximum of 16 kB.

rustls enforces an arbitrary minimum of 32 bytes for this field. Out of range values are reported as errors from ClientConnection::new.

Setting this value to a little less than the TCP MSS may improve latency for stream-y workloads.

§client_auth_cert_resolver: Arc<dyn ResolvesClientCert>

How to decide what client auth certificate/keys to use.

§enable_sni: bool

Whether to send the Server Name Indication (SNI) extension during the client handshake.

The default is true.

§key_log: Arc<dyn KeyLog>

How to output key material for debugging. The default does nothing.

§enable_secret_extraction: bool

Allows traffic secrets to be extracted after the handshake, e.g. for kTLS setup.

§enable_early_data: bool

Whether to send data on the first flight (“early data”) in TLS 1.3 handshakes.

The default is false.

Implementations§

source§

impl ClientConfig

source

pub fn builder() -> ConfigBuilder<Self, WantsVerifier>

Create a builder for a client configuration with the default CryptoProvider: crypto::ring::default_provider and safe ciphersuite and protocol defaults.

For more information, see the ConfigBuilder documentation.

source

pub fn builder_with_protocol_versions( versions: &[&'static SupportedProtocolVersion], ) -> ConfigBuilder<Self, WantsVerifier>

Create a builder for a client configuration with the default CryptoProvider: crypto::ring::default_provider, safe ciphersuite defaults and the provided protocol versions.

Panics if provided an empty slice of supported versions.

For more information, see the ConfigBuilder documentation.

source

pub fn builder_with_provider( provider: Arc<CryptoProvider>, ) -> ConfigBuilder<Self, WantsVersions>

Create a builder for a client configuration with a specific CryptoProvider.

This will use the provider’s configured ciphersuites. You must additionally choose which protocol versions to enable, using with_protocol_versions or with_safe_default_protocol_versions and handling the Result in case a protocol version is not supported by the provider’s ciphersuites.

For more information, see the ConfigBuilder documentation.

source

pub fn dangerous(&mut self) -> DangerousClientConfig<'_>

Access configuration options whose use is dangerous and requires extra care.

Trait Implementations§

source§

impl Clone for ClientConfig

source§

fn clone(&self) -> Self

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for ClientConfig

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
source§

impl ConfigSide for ClientConfig

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.