rama::tls::rustls::dep::tokio_rustls::rustls::client

Struct ClientConfig

pub struct ClientConfig {
Show 13 fields pub alpn_protocols: Vec<Vec<u8>>, pub resumption: Resumption, pub max_fragment_size: Option<usize>, pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>, pub enable_sni: bool, pub key_log: Arc<dyn KeyLog>, pub enable_secret_extraction: bool, pub enable_early_data: bool, pub require_ems: bool, pub time_provider: Arc<dyn TimeProvider>, pub cert_decompressors: Vec<&'static dyn CertDecompressor>, pub cert_compressors: Vec<&'static dyn CertCompressor>, pub cert_compression_cache: Arc<CompressionCache>, /* private fields */
}
Expand description

Common configuration for (typically) all connections made by a program.

Making one of these is cheap, though one of the inputs may be expensive: gathering trust roots from the operating system to add to the RootCertStore passed to with_root_certificates() (the rustls-native-certs crate is often used for this) may take on the order of a few hundred milliseconds.

These must be created via the ClientConfig::builder() or ClientConfig::builder_with_provider() function.

Note that using ConfigBuilder<ClientConfig, WantsVersions>::with_ech() will produce a common configuration specific to the provided crate::client::EchConfig that may not be appropriate for all connections made by the program. In this case the configuration should only be shared by connections intended for domains that offer the provided crate::client::EchConfig in their DNS zone.

§Defaults

Fields§

§alpn_protocols: Vec<Vec<u8>>

Which ALPN protocols we include in our client hello. If empty, no ALPN extension is sent.

§resumption: Resumption

How and when the client can resume a previous session.

§max_fragment_size: Option<usize>

The maximum size of plaintext input to be emitted in a single TLS record. A value of None is equivalent to the TLS maximum of 16 kB.

rustls enforces an arbitrary minimum of 32 bytes for this field. Out of range values are reported as errors from ClientConnection::new.

Setting this value to a little less than the TCP MSS may improve latency for stream-y workloads.

§client_auth_cert_resolver: Arc<dyn ResolvesClientCert>

How to decide what client auth certificate/keys to use.

§enable_sni: bool

Whether to send the Server Name Indication (SNI) extension during the client handshake.

The default is true.

§key_log: Arc<dyn KeyLog>

How to output key material for debugging. The default does nothing.

§enable_secret_extraction: bool

Allows traffic secrets to be extracted after the handshake, e.g. for kTLS setup.

§enable_early_data: bool

Whether to send data on the first flight (“early data”) in TLS 1.3 handshakes.

The default is false.

§require_ems: bool

If set to true, requires the server to support the extended master secret extraction method defined in RFC 7627.

The default is true if the fips crate feature is enabled, false otherwise.

It must be set to true to meet FIPS requirement mentioned in section D.Q Transition of the TLS 1.2 KDF to Support the Extended Master Secret from FIPS 140-3 IG.pdf.

§time_provider: Arc<dyn TimeProvider>

Provides the current system time

§cert_decompressors: Vec<&'static dyn CertDecompressor>

How to decompress the server’s certificate chain.

If this is non-empty, the RFC8779 certificate compression extension is offered, and any compressed certificates are transparently decompressed during the handshake.

This only applies to TLS1.3 connections. It is ignored for TLS1.2 connections.

§cert_compressors: Vec<&'static dyn CertCompressor>

How to compress the client’s certificate chain.

If a server supports this extension, and advertises support for one of the compression algorithms included here, the client certificate will be compressed according to RFC8779.

This only applies to TLS1.3 connections. It is ignored for TLS1.2 connections.

§cert_compression_cache: Arc<CompressionCache>

Caching for compressed certificates.

This is optional: compress::CompressionCache::Disabled gives a cache that does no caching.

Implementations§

§

impl ClientConfig

pub fn builder() -> ConfigBuilder<ClientConfig, WantsVerifier>

Create a builder for a client configuration with the process-default CryptoProvider and safe protocol version defaults.

For more information, see the ConfigBuilder documentation.

pub fn builder_with_protocol_versions( versions: &[&'static SupportedProtocolVersion], ) -> ConfigBuilder<ClientConfig, WantsVerifier>

Create a builder for a client configuration with the process-default CryptoProvider and the provided protocol versions.

Panics if

  • the supported versions are not compatible with the provider (eg. the combination of ciphersuites supported by the provider and supported versions lead to zero cipher suites being usable),
  • if a CryptoProvider cannot be resolved using a combination of the crate features and process default.

For more information, see the ConfigBuilder documentation.

pub fn builder_with_provider( provider: Arc<CryptoProvider>, ) -> ConfigBuilder<ClientConfig, WantsVersions>

Create a builder for a client configuration with a specific CryptoProvider.

This will use the provider’s configured ciphersuites. You must additionally choose which protocol versions to enable, using with_protocol_versions or with_safe_default_protocol_versions and handling the Result in case a protocol version is not supported by the provider’s ciphersuites.

For more information, see the ConfigBuilder documentation.

pub fn builder_with_details( provider: Arc<CryptoProvider>, time_provider: Arc<dyn TimeProvider>, ) -> ConfigBuilder<ClientConfig, WantsVersions>

Create a builder for a client configuration with no default implementation details.

This API must be used by no_std users.

You must provide a specific TimeProvider.

You must provide a specific CryptoProvider.

This will use the provider’s configured ciphersuites. You must additionally choose which protocol versions to enable, using with_protocol_versions or with_safe_default_protocol_versions and handling the Result in case a protocol version is not supported by the provider’s ciphersuites.

For more information, see the ConfigBuilder documentation.

pub fn fips(&self) -> bool

Return true if connections made with this ClientConfig will operate in FIPS mode.

This is different from CryptoProvider::fips(): CryptoProvider::fips() is concerned only with cryptography, whereas this also covers TLS-level configuration that NIST recommends, as well as ECH HPKE suites if applicable.

pub fn crypto_provider(&self) -> &Arc<CryptoProvider>

Return the crypto provider used to construct this client configuration.

pub fn dangerous(&mut self) -> DangerousClientConfig<'_>

Access configuration options whose use is dangerous and requires extra care.

Trait Implementations§

§

impl Clone for ClientConfig

§

fn clone(&self) -> ClientConfig

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
§

impl Debug for ClientConfig

§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
§

impl ConfigSide for ClientConfig

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
§

impl<T> Conv for T

§

fn conv<T>(self) -> T
where Self: Into<T>,

Converts self into T using Into<T>. Read more
§

impl<T> FmtForward for T

§

fn fmt_binary(self) -> FmtBinary<Self>
where Self: Binary,

Causes self to use its Binary implementation when Debug-formatted.
§

fn fmt_display(self) -> FmtDisplay<Self>
where Self: Display,

Causes self to use its Display implementation when Debug-formatted.
§

fn fmt_lower_exp(self) -> FmtLowerExp<Self>
where Self: LowerExp,

Causes self to use its LowerExp implementation when Debug-formatted.
§

fn fmt_lower_hex(self) -> FmtLowerHex<Self>
where Self: LowerHex,

Causes self to use its LowerHex implementation when Debug-formatted.
§

fn fmt_octal(self) -> FmtOctal<Self>
where Self: Octal,

Causes self to use its Octal implementation when Debug-formatted.
§

fn fmt_pointer(self) -> FmtPointer<Self>
where Self: Pointer,

Causes self to use its Pointer implementation when Debug-formatted.
§

fn fmt_upper_exp(self) -> FmtUpperExp<Self>
where Self: UpperExp,

Causes self to use its UpperExp implementation when Debug-formatted.
§

fn fmt_upper_hex(self) -> FmtUpperHex<Self>
where Self: UpperHex,

Causes self to use its UpperHex implementation when Debug-formatted.
§

fn fmt_list(self) -> FmtList<Self>
where &'a Self: for<'a> IntoIterator,

Formats each item in a sequence. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T> FutureExt for T

§

fn with_context(self, otel_cx: Context) -> WithContext<Self>

Attaches the provided Context to this type, returning a WithContext wrapper. Read more
§

fn with_current_context(self) -> WithContext<Self>

Attaches the current Context to this type, returning a WithContext wrapper. Read more
§

impl<T> Instrument for T

§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided [Span], returning an Instrumented wrapper. Read more
§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
§

impl<T> Pipe for T
where T: ?Sized,

§

fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> R
where Self: Sized,

Pipes by value. This is generally the method you want to use. Read more
§

fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> R
where R: 'a,

Borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> R
where R: 'a,

Mutably borrows self and passes that borrow into the pipe function. Read more
§

fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> R
where Self: Borrow<B>, B: 'a + ?Sized, R: 'a,

Borrows self, then passes self.borrow() into the pipe function. Read more
§

fn pipe_borrow_mut<'a, B, R>( &'a mut self, func: impl FnOnce(&'a mut B) -> R, ) -> R
where Self: BorrowMut<B>, B: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.borrow_mut() into the pipe function. Read more
§

fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> R
where Self: AsRef<U>, U: 'a + ?Sized, R: 'a,

Borrows self, then passes self.as_ref() into the pipe function.
§

fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> R
where Self: AsMut<U>, U: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.as_mut() into the pipe function.
§

fn pipe_deref<'a, T, R>(&'a self, func: impl FnOnce(&'a T) -> R) -> R
where Self: Deref<Target = T>, T: 'a + ?Sized, R: 'a,

Borrows self, then passes self.deref() into the pipe function.
§

fn pipe_deref_mut<'a, T, R>( &'a mut self, func: impl FnOnce(&'a mut T) -> R, ) -> R
where Self: DerefMut<Target = T> + Deref, T: 'a + ?Sized, R: 'a,

Mutably borrows self, then passes self.deref_mut() into the pipe function.
§

impl<T> Pointable for T

§

const ALIGN: usize = _

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
§

impl<T> PolicyExt for T
where T: ?Sized,

§

fn and<S, P, B, E>(self, other: P) -> And<T, P>
where T: Policy<S, B, E>, P: Policy<S, B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
§

fn or<S, P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<S, B, E>, P: Policy<S, B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
source§

impl<T> Same for T

source§

type Output = T

Should always be Self
§

impl<T> Tap for T

§

fn tap(self, func: impl FnOnce(&Self)) -> Self

Immutable access to a value. Read more
§

fn tap_mut(self, func: impl FnOnce(&mut Self)) -> Self

Mutable access to a value. Read more
§

fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Immutable access to the Borrow<B> of a value. Read more
§

fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Mutable access to the BorrowMut<B> of a value. Read more
§

fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Immutable access to the AsRef<R> view of a value. Read more
§

fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Mutable access to the AsMut<R> view of a value. Read more
§

fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Immutable access to the Deref::Target of a value. Read more
§

fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Mutable access to the Deref::Target of a value. Read more
§

fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self

Calls .tap() only in debug builds, and is erased in release builds.
§

fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self

Calls .tap_mut() only in debug builds, and is erased in release builds.
§

fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Self
where Self: Borrow<B>, B: ?Sized,

Calls .tap_borrow() only in debug builds, and is erased in release builds.
§

fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Self
where Self: BorrowMut<B>, B: ?Sized,

Calls .tap_borrow_mut() only in debug builds, and is erased in release builds.
§

fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Self
where Self: AsRef<R>, R: ?Sized,

Calls .tap_ref() only in debug builds, and is erased in release builds.
§

fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Self
where Self: AsMut<R>, R: ?Sized,

Calls .tap_ref_mut() only in debug builds, and is erased in release builds.
§

fn tap_deref_dbg<T>(self, func: impl FnOnce(&T)) -> Self
where Self: Deref<Target = T>, T: ?Sized,

Calls .tap_deref() only in debug builds, and is erased in release builds.
§

fn tap_deref_mut_dbg<T>(self, func: impl FnOnce(&mut T)) -> Self
where Self: DerefMut<Target = T> + Deref, T: ?Sized,

Calls .tap_deref_mut() only in debug builds, and is erased in release builds.
source§

impl<T> ToOwned for T
where T: Clone,

source§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
§

impl<T> TryConv for T

§

fn try_conv<T>(self) -> Result<T, Self::Error>
where Self: TryInto<T>,

Attempts to convert self into T using TryInto<T>. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

source§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V

§

impl<T> WithSubscriber for T

§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a [WithDispatch] wrapper. Read more
§

impl<T> ErasedDestructor for T
where T: 'static,

§

impl<T> MaybeSendSync for T