Struct rustls::ClientConfig

pub struct ClientConfig {
    pub ciphersuites: Vec<&'static SupportedCipherSuite>,
    pub root_store: RootCertStore,
    pub alpn_protocols: Vec<Vec<u8>>,
    pub session_persistence: Arc<dyn StoresClientSessions>,
    pub mtu: Option<usize>,
    pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>,
    pub enable_tickets: bool,
    pub versions: Vec<ProtocolVersion>,
    pub ct_logs: Option<&'static [&'static Log<'static>]>,
    pub enable_sni: bool,
    pub key_log: Arc<dyn KeyLog>,
    pub enable_early_data: bool,
    // some fields omitted
}

Common configuration for (typically) all connections made by a program.

Making one of these can be expensive, and should be once per process rather than once per connection.

Fields

ciphersuites: Vec<&'static SupportedCipherSuite>

List of ciphersuites, in preference order.

root_store: RootCertStore

Collection of root certificates.

alpn_protocols: Vec<Vec<u8>>

Which ALPN protocols we include in our client hello. If empty, no ALPN extension is sent.

session_persistence: Arc<dyn StoresClientSessions>

How we store session data or tickets.

mtu: Option<usize>

Our MTU. If None, we don’t limit TLS message sizes.

client_auth_cert_resolver: Arc<dyn ResolvesClientCert>

How to decide what client auth certificate/keys to use.

enable_tickets: bool

Whether to support RFC5077 tickets. You must provide a working session_persistence member for this to have any meaningful effect.

The default is true.

versions: Vec<ProtocolVersion>

Supported versions, in no particular order. The default is all supported versions.

ct_logs: Option<&'static [&'static Log<'static>]>

Collection of certificate transparency logs. If this collection is empty, then certificate transparency checking is disabled.

enable_sni: bool

Whether to send the Server Name Indication (SNI) extension during the client handshake.

The default is true.

key_log: Arc<dyn KeyLog>

How to output key material for debugging. The default does nothing.

enable_early_data: bool

Whether to send data on the first flight (“early data”) in TLS 1.3 handshakes.

The default is false.

Implementations

impl ClientConfig

pub fn new() -> ClientConfig

Make a ClientConfig with a default set of ciphersuites, no root certificates, no ALPN protocols, and no client auth.

The default session persistence provider stores up to 32 items in memory.

pub fn with_ciphersuites(
    ciphersuites: &[&'static SupportedCipherSuite]
) -> ClientConfig

Make a ClientConfig with a custom set of ciphersuites, no root certificates, no ALPN protocols, and no client auth.

The default session persistence provider stores up to 32 items in memory.

pub fn set_protocols(&mut self, protocols: &[Vec<u8>])

Set the ALPN protocol list to the given protocol names. Overwrites any existing configured protocols. The first element in the protocols list is the most preferred, the last is the least preferred.

pub fn set_persistence(&mut self, persist: Arc<dyn StoresClientSessions>)

Sets persistence layer to persist.

pub fn set_mtu(&mut self, mtu: &Option<usize>)

Sets MTU to mtu. If None, the default is used. If Some(x) then x must be greater than 5 bytes.

pub fn set_single_client_cert(
    &mut self,
    cert_chain: Vec<Certificate>,
    key_der: PrivateKey
) -> Result<(), TLSError>

Sets a single client authentication certificate and private key. This is blindly used for all servers that ask for client auth.

cert_chain is a vector of DER-encoded certificates, key_der is a DER-encoded RSA or ECDSA private key.

pub fn dangerous(&mut self) -> DangerousClientConfig<'_>

Access configuration options whose use is dangerous and requires extra care.

Trait Implementations

impl Clone for ClientConfig

fn clone(&self) -> ClientConfig

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Default for ClientConfig

fn default() -> Self

Returns the “default value” for a type.