TlsClientConfig

network_protocol::transport::tls

Struct TlsClientConfig

pub struct TlsClientConfig { /* private fields */ }

Expand description

TLS Client Configuration

Implementations§

impl TlsClientConfig

pub fn new<S: Into<String>>(server_name: S) -> Self

Create a new TLS client configuration

pub fn with_tls_versions(self, versions: Vec<TlsVersion>) -> Self

Set allowed TLS protocol versions

pub fn with_cipher_suites( self, cipher_suites: Vec<SupportedCipherSuite>, ) -> Self

Set allowed cipher suites

pub fn with_client_certificate<S: Into<String>>( self, cert_path: S, key_path: S, ) -> Self

Configure client authentication for mTLS

pub fn insecure(self) -> Self

Allow insecure connections (skip certificate verification)

§WARNING: Security Risk

This mode disables certificate verification entirely and should ONLY be used for:

Development and testing
Debugging environments
Internal networks with certificate pinning enabled

NEVER use this in production without explicit certificate pinning via with_pinned_cert_hash().

For maximum security, only use this with the “dangerous_configuration” feature enabled, which is a strong indicator this is for testing/development only.

pub fn with_pinned_cert_hash(self, hash: Vec<u8>) -> Self

Pin a certificate by its SHA-256 hash/fingerprint

This provides additional security by only accepting connections from servers with the exact certificate matching this hash. Can be combined with insecure mode for development environments where you want to skip standard CA verification but still verify a specific cert.

pub fn calculate_cert_hash(cert: &Certificate) -> Vec<u8> ⓘ

Calculate SHA-256 hash for a certificate to use with pinning

pub fn load_client_config(&self) -> Result<ClientConfig>

Load the TLS client configuration

pub fn server_name(&self) -> Result<ServerName>

Get the server name as a rustls::ServerName

Auto Trait Implementations§

impl Freeze for TlsClientConfig

impl !RefUnwindSafe for TlsClientConfig

impl Send for TlsClientConfig

impl Sync for TlsClientConfig

impl Unpin for TlsClientConfig

impl !UnwindSafe for TlsClientConfig

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more