结构体 ClientConfig 

pub struct ClientConfig {

    pub alpn_protocols: Vec<Vec<u8>>,
    pub check_selected_alpn: bool,
    pub resumption: Resumption,
    pub max_fragment_size: Option<usize>,
    pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>,
    pub enable_sni: bool,
    pub key_log: Arc<dyn KeyLog>,
    pub enable_secret_extraction: bool,
    pub enable_early_data: bool,
    pub time_provider: Arc<dyn TimeProvider>,
    pub cert_decompressors: Vec<&'static dyn CertDecompressor>,
    pub cert_compressors: Vec<&'static dyn CertCompressor>,
    pub cert_compression_cache: Arc<CompressionCache>,
    /* private fields */
}

Common configuration 用于 (typically) all connections made by 一个 program.

Making one of these is cheap, though one of the inputs may be expensive: gathering trust roots 从 the operating system 到 add 到 the RootCertStore passed 到 with_root_certificates() (the rustls-native-certs crate is often 用 用于 this) may take on the order of 一个 few hundred milliseconds.

These must be created via the ClientConfig::builder() 或 ClientConfig::builder_with_provider() function.

Note that using ConfigBuilder<ClientConfig, WantsVersions>::with_ech() will produce 一个 common configuration specific 到 the provided crate::client::EchConfig that may not be appropriate 用于 all connections made by the program. In this case the configuration should only be shared by connections intended 用于 domains that offer the provided crate::client::EchConfig in their DNS zone.

Defaults

• ClientConfig::max_fragment_size: the default is None (meaning 16kB).
• ClientConfig::resumption: supports resumption with up to 256 server names, using session ids or tickets, with a max of eight tickets per server.
• ClientConfig::alpn_protocols: the default is empty – no ALPN protocol is negotiated.
• ClientConfig::key_log: key material is not logged.
• ClientConfig::cert_decompressors: depends on the crate features, see compress::default_cert_decompressors().
• ClientConfig::cert_compressors: depends on the crate features, see compress::default_cert_compressors().
• ClientConfig::cert_compression_cache: caches the most recently used 4 compressions

字段

alpn_protocols: Vec<Vec<u8>>

我们在 client hello 中包含的 ALPN 协议。 若为空，则不发送 ALPN 扩展。

check_selected_alpn: bool

Whether 到 检查 the selected ALPN was offered.

此 default is true.

resumption: Resumption

How 并 when the client can resume 一个 previous session.

Sharing resumption between ClientConfigs

In 一个 program using many ClientConfigs it may improve resumption rates (which has 一个 significant impact on connection performance) if those configs share 一个 single Resumption。

However, resumption is only allowed between two ClientConfigs if their client_auth_cert_resolver (ie, potential client authentication credentials) 并 verifier (ie, server certificate verification settings) are the same (according 到 Arc::ptr_eq)。

To illustrate, imagine two ClientConfigs A 并 B。 A fully validates the server certificate, B does not. If A 并 B shared 一个 resumption store, it would be possible 用于 一个 session originated by B 到 be inserted into the store, 并 then resumed by A。 This would give 一个 false impression 到 the user of A that the server certificate is fully validated.

max_fragment_size: Option<usize>

此 maximum size of 明文 input 到 be emitted in 一个 single TLS record. A value of None is equivalent 到 the TLS maximum of 16 kB.

rustls enforces an arbitrary minimum of 32 bytes 用于 this field. Out of range values are reported as errors 从 ClientConnection::new。

Setting this value 到 一个 little less than the TCP MSS may improve latency 用于 stream-y workloads.

client_auth_cert_resolver: Arc<dyn ResolvesClientCert>

How 到 decide what client auth certificate/keys 到 use.

enable_sni: bool

Whether 到 send the Server Name Indication (SNI) extension during the client handshake.

此 default is true.

key_log: Arc<dyn KeyLog>

How 到 output 密钥材料 用于 debugging. 此 default does nothing.

enable_secret_extraction: bool

Allows traffic secrets 到 be extracted after the handshake, e.g. 用于 kTLS setup.

enable_early_data: bool

Whether 到 send data on the first flight (“early data”) in TLS 1.3 handshakes.

此 default is false.

time_provider: Arc<dyn TimeProvider>

提供当前系统时间

cert_decompressors: Vec<&'static dyn CertDecompressor>

How 到 decompress the server’s certificate chain.

If this is non-empty, the RFC8779 certificate compression extension is offered, 并 any compressed certificates are transparently decompressed during the handshake.

This only applies 到 TLS 1.3 connections. It is ignored 用于 TLS1.2 connections.

cert_compressors: Vec<&'static dyn CertCompressor>

How 到 compress the client’s certificate chain.

If 一个 server supports this extension, 并 advertises support 用于 one of the compression algorithms included here, the client certificate ， compressed according 到 RFC8779。

This only applies 到 TLS 1.3 connections. It is ignored 用于 TLS1.2 connections.

cert_compression_cache: Arc<CompressionCache>

Caching 用于 compressed 证书

This is optional: compress::CompressionCache::Disabled gives 一个 cache that does no caching.

实现

impl ClientConfig

pub fn builder() -> ConfigBuilder<Self, WantsVerifier>

创建一个 builder 用于 一个 client configuration with the process-default CryptoProvider 并 safe protocol version defaults.

更多信息请参阅 ConfigBuilder 文档。

pub fn builder_with_protocol_versions( versions: &[&'static SupportedProtocolVersion], ) -> ConfigBuilder<Self, WantsVerifier>

创建一个 builder 用于 一个 client configuration with the process-default CryptoProvider 并 the provided protocol versions.

Panics if

• the supported versions are not compatible with the provider (eg. the combination of ciphersuites supported by the provider and supported versions lead to zero cipher suites being usable),
• if a CryptoProvider cannot be resolved using a combination of the crate features and process default.

更多信息请参阅 ConfigBuilder 文档。

pub fn builder_with_provider( provider: Arc<CryptoProvider>, ) -> ConfigBuilder<Self, WantsVersions>

创建一个 builder 用于 一个 client configuration with 一个 specific CryptoProvider。

This will use the provider’s configured ciphersuites. You must additionally choose which protocol versions 到 enable, using with_protocol_versions 或 with_safe_default_protocol_versions 并 handling the Result in case 一个 protocol version is not supported by the provider’s ciphersuites.

更多信息请参阅 ConfigBuilder 文档。

pub fn builder_with_details( provider: Arc<CryptoProvider>, time_provider: Arc<dyn TimeProvider>, ) -> ConfigBuilder<Self, WantsVersions>

创建一个 builder 用于 一个 client configuration with no default implementation details.

This API must be 用于 no_std users.

You must provide 一个 specific TimeProvider。

You must provide 一个 specific CryptoProvider。

This will use the provider’s configured ciphersuites. You must additionally choose which protocol versions 到 enable, using with_protocol_versions 或 with_safe_default_protocol_versions 并 handling the Result in case 一个 protocol version is not supported by the provider’s ciphersuites.

更多信息请参阅 ConfigBuilder 文档。

pub fn fips(&self) -> bool

返回 true if connections made with this ClientConfig will operate in FIPS mode.

This is different 从 CryptoProvider::fips(): CryptoProvider::fips() is concerned only with cryptography, whereas this also covers TLS-level configuration that NIST recommends, as well as ECH HPKE suites if applicable.

pub fn crypto_provider(&self) -> &Arc<CryptoProvider>

返回用于构造此客户端配置的密码提供者

pub fn dangerous(&mut self) -> DangerousClientConfig<'_>

访问配置选项，其使用危险且需要 extra care.

Trait 实现

impl Clone for ClientConfig

fn clone(&self) -> ClientConfig

返回值的副本。 更多信息

fn clone_from(&mut self, source: &Self)

Performs copy-assignment 从 source. 更多信息

impl Debug for ClientConfig

fn fmt(&self, f: &mut Formatter<'_>) -> Result

使用给定的格式化器格式化此值。 更多信息

impl ConfigSide for ClientConfig