Type Alias wtransport::config::TlsClientConfig

source · 
pub type TlsClientConfig = ClientConfig;
Expand description

Alias of crate::tls::rustls::ClientConfig.

Aliased Type§

struct TlsClientConfig {
    pub alpn_protocols: Vec<Vec<u8>>,
    pub resumption: Resumption,
    pub max_fragment_size: Option<usize>,
    pub client_auth_cert_resolver: Arc<dyn ResolvesClientCert>,
    pub enable_sni: bool,
    pub key_log: Arc<dyn KeyLog>,
    pub enable_secret_extraction: bool,
    pub enable_early_data: bool,
    pub time_provider: Arc<dyn TimeProvider>,
    pub cert_decompressors: Vec<&'static dyn CertDecompressor>,
    pub cert_compressors: Vec<&'static dyn CertCompressor>,
    pub cert_compression_cache: Arc<CompressionCache>,
    /* private fields */
}

Fields§

§alpn_protocols: Vec<Vec<u8>>

Which ALPN protocols we include in our client hello. If empty, no ALPN extension is sent.

§resumption: Resumption

How and when the client can resume a previous session.

§max_fragment_size: Option<usize>

The maximum size of plaintext input to be emitted in a single TLS record. A value of None is equivalent to the TLS maximum of 16 kB.

rustls enforces an arbitrary minimum of 32 bytes for this field. Out of range values are reported as errors from ClientConnection::new.

Setting this value to a little less than the TCP MSS may improve latency for stream-y workloads.

§client_auth_cert_resolver: Arc<dyn ResolvesClientCert>

How to decide what client auth certificate/keys to use.

§enable_sni: bool

Whether to send the Server Name Indication (SNI) extension during the client handshake.

The default is true.

§key_log: Arc<dyn KeyLog>

How to output key material for debugging. The default does nothing.

§enable_secret_extraction: bool

Allows traffic secrets to be extracted after the handshake, e.g. for kTLS setup.

§enable_early_data: bool

Whether to send data on the first flight (“early data”) in TLS 1.3 handshakes.

The default is false.

§time_provider: Arc<dyn TimeProvider>

Provides the current system time

§cert_decompressors: Vec<&'static dyn CertDecompressor>

How to decompress the server’s certificate chain.

If this is non-empty, the RFC8779 certificate compression extension is offered, and any compressed certificates are transparently decompressed during the handshake.

This only applies to TLS1.3 connections. It is ignored for TLS1.2 connections.

§cert_compressors: Vec<&'static dyn CertCompressor>

How to compress the client’s certificate chain.

If a server supports this extension, and advertises support for one of the compression algorithms included here, the client certificate will be compressed according to RFC8779.

This only applies to TLS1.3 connections. It is ignored for TLS1.2 connections.

§cert_compression_cache: Arc<CompressionCache>

Caching for compressed certificates.

This is optional: [compress::CompressionCache::Disabled] gives a cache that does no caching.