Comments (5)
I don't think the Rustls project will develop a first-party RustCrypto-based provider, but others have already started on that as part of the RustCrypto project.
For the time being I would recommend just using the first-party ring provider if that works on your platform.
from rustls.
Ok!
Thanks a lot for the comments and references. Even though I believe pure Rust backend would be better in several ways I understand the engineering time to maintain multiple backends here would be significant.
👋
from rustls.
That's reassuring to hear. Thanks for the explanation! 🙏
from rustls.
Describe the solution you'd like
I believe using pure Rust libraries, such as the ones from the RustCrypto project would make cross-compilation easier. I'd use a RustCrypto backend even if it is implementing a small set of only modern cipher suites.
I think the solution you're describing exists today: https://github.com/RustCrypto/rustls-rustcrypto
It's a crate in the Rust Crypto org and I think that's the best place for it to live. The Rust Crypto developers are better positioned to support that crate than we would be in the Rustls org.
from rustls.
We're certainly supportive of the goal of a pure rust cryptography backend. Much of the motivation for the cryptography provider interface work was to enable everyone to choose a backend to use based on their own prioritization weights.
I understand the engineering time to maintain multiple backends here would be significant.
It's worth noting we don't meaningfully maintain the underlying cryptography provider options that are built-in either, just the surface points for where they meet Rustls. aws-lc-rs
has a team at Amazon that maintains it and *ring*
(also an OpenSSL derivative like aws-lc-rs
) is maintained by Brian Smith. We'll also work closely with the Rust Crypto team to help maintain an end-to-end solution that works for folks, but in all cases the Rustls team is collaborating with third parties.
from rustls.
Related Issues (20)
- Suggest registering for OpenSSF Best Practices badge HOT 7
- Pass ClientHello by reference to ResolvesServerCert HOT 2
- GHSA-6g7w-8wpp-frhj and CVE-2024-32650 don't make it clear that async rustls servers aren't susceptible HOT 2
- AWS LC fails against golang TLS server while ring works fine HOT 6
- Rustls w/ aws-lc-rs on Windows requires NASM HOT 31
- Making impl ClientHelloPayload public ? HOT 21
- Question. Does rustls have something to hide cert (as it is sensitive data ) in binary and memory HOT 3
- Verify that SigningKey matches public key within certificate HOT 6
- Ensuring that a provider based on the one built-in is used HOT 8
- Compile error when target is watchos HOT 2
- Expose ability to customize ClientHello message HOT 4
- How I use CryptoProvider::install_default() ? HOT 3
- Illegal instruction on arm-a72 HOT 3
- Build rustls v0.23.5 with musl HOT 2
- UnbufferedConnectionState HOT 2
- Unbuffered process_tls_records does not mach usage scenario HOT 2
- Clean up crate feature naming
- build failure due to aws-lc-sys v0.16.0 HOT 1
- `UnknownIssuer` with self-signed certificate HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustls.