pub fn custom_provider(
provided_cipher_suites: Option<Vec<SupportedCipherSuite>>,
provided_kx_group: Option<Vec<&'static dyn SupportedKxGroup>>,
) -> CryptoProviderExpand description
Create a CryptoProvider with specific cipher suites and key exchange groups during setup.
provided_cipher_suites takes in an optional Vec<> of SupportedCipherSuites
The supplied arguments for provided_cipher_suite will be used when when negotiating the TLS cipher suite;
and should be placed in preference order, where the first element has highest priority.
If None or an empty Vec<> is provided the DEFAULT_CIPHER_SUITES will be used instead.
provided_kx_group takes in an optional Vec<> of SupportedKxGroup
The supplied arguments for provided_kx_group will be used when when negotiating the TLS key exchange;
and should be placed in preference order, where the first element has highest priority.
If None or an empty Vec<> is provided the default will be used instead.
Sample usage:
use rustls::{ClientConfig, RootCertStore};
use rustls_openssl::custom_provider;
use rustls_openssl::cipher_suite::TLS13_AES_128_GCM_SHA256;
use rustls_openssl::kx_group::SECP256R1;
use std::sync::Arc;
use webpki_roots;
let mut root_store = RootCertStore {
roots: webpki_roots::TLS_SERVER_ROOTS.iter().cloned().collect(),
};
// Set custom config of cipher suites that have been imported from rustls_openssl.
let cipher_suites = vec![TLS13_AES_128_GCM_SHA256];
let kx_group = vec![SECP256R1];
let mut config =
ClientConfig::builder_with_provider(Arc::new(custom_provider(
Some(cipher_suites), Some(kx_group))))
.with_safe_default_protocol_versions()
.unwrap()
.with_root_certificates(root_store)
.with_no_client_auth();