Add RustCrypto cryptographic backend about rustls HOT 5 CLOSED

I don't think the Rustls project will develop a first-party RustCrypto-based provider, but others have already started on that as part of the RustCrypto project.

For the time being I would recommend just using the first-party ring provider if that works on your platform.

from rustls.

Ok!

Thanks a lot for the comments and references. Even though I believe pure Rust backend would be better in several ways I understand the engineering time to maintain multiple backends here would be significant.

👋

from rustls.

That's reassuring to hear. Thanks for the explanation! 🙏

from rustls.

Describe the solution you'd like
I believe using pure Rust libraries, such as the ones from the RustCrypto project would make cross-compilation easier. I'd use a RustCrypto backend even if it is implementing a small set of only modern cipher suites.

I think the solution you're describing exists today: https://github.com/RustCrypto/rustls-rustcrypto

It's a crate in the Rust Crypto org and I think that's the best place for it to live. The Rust Crypto developers are better positioned to support that crate than we would be in the Rustls org.

from rustls.

We're certainly supportive of the goal of a pure rust cryptography backend. Much of the motivation for the cryptography provider interface work was to enable everyone to choose a backend to use based on their own prioritization weights.

I understand the engineering time to maintain multiple backends here would be significant.

It's worth noting we don't meaningfully maintain the underlying cryptography provider options that are built-in either, just the surface points for where they meet Rustls. aws-lc-rs has a team at Amazon that maintains it and *ring* (also an OpenSSL derivative like aws-lc-rs) is maintained by Brian Smith. We'll also work closely with the Rust Crypto team to help maintain an end-to-end solution that works for folks, but in all cases the Rustls team is collaborating with third parties.

from rustls.