Nyaaori
/
rust-tls-api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
378 Commits
11 Branches
26 Tags
883 KiB
Rust 100%
 
master
v0.9
v0.8
v0.7
v0.6
v0.5
v0.4
v0.3
v0.2
v0.1
alpn
v0.1.10
v0.1.11
v0.1.12
v0.1.14
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
Nyaaori e6cc0af949
chore: Remove unused dependencies 		4 months ago
.github Replace super-linter with mega-linter 2 years ago
api chore: Remove unused dependencies 4 months ago
api-test chore: Remove unused dependencies 4 months ago
ci-gen Replace super-linter with mega-linter 2 years ago
examples TlsConnector::connect_default 3 years ago
impl-native-tls Bump version to 0.9.0 2 years ago
impl-not-tls Bump version to 0.9.0 2 years ago
impl-openssl Bump version to 0.9.0 2 years ago
impl-rustls Bump version to 0.9.0 2 years ago
impl-security-framework Bump version to 0.9.0 2 years ago
impl-stub Bump version to 0.9.0 2 years ago
interop Some benchmarks 3 years ago
test-cert-gen Bump version to 0.9.0 2 years ago
.editorconfig backup 7 years ago
.gitignore Github workflow for CI 3 years ago
.rustfmt.toml rustfmt 3 years ago
.travis.yml-disabled Github workflow for CI 3 years ago
CHANGELOG.md Update CHANGELOG.md 2 years ago
Cargo.toml tls-api-not-tls 3 years ago
LICENSE Initial commit 7 years ago
README.md Markdown lint 3 years ago

README.md

GitHub Workflow Status License crates.io

One TLS API to rule them all

Supports:

  • tokio and async-std
  • rustls, native-tls, openssl, security-framework

Crates in this repository

  • tls-api — TLS API without any implementation and without dependencies
  • tls-api-native-tls — implementation of TLS API over native-tls crate
  • tls-api-openssl — implementation of TLS API over openssl crate
  • tls-api-rustls — implementation of TLS API over rustls crate
  • tls-api-security-framework — implementation of TLS API over security framework crate
  • tls-api-schannel — missing implementation of TLS API over schannel crate
  • tls-api-stub — stub API implementation which returns an error on any operation
  • tls-api-not-tls — stub API implementation which pretends to be TLS, but returns wrapped plain socket
  • test-cert-gen — utility to generate certificate for unit tests

Why one might want to use TLS API instead of concrete implementation

  • it is not decided yet which TLS implementation is better, start prototyping with one, and then switch to another
  • something doesn't work, no idea why, maybe try another implementation which would provide better diagnostics
  • provide a library over TLS (like database client) and allow user do specify preferred TLS implementation
  • do a performace comparison of TLS implementations on the same code base
  • if one implementation is buggy, it's easy to switch to another without heavy rewrite

Example

download-rust-lang-org.rs contains the implementation of simple TLS client downloading rust-lang.org, which is invoked with four backends.

Implementations comparison

openssl rustls security-framework native-tls
Can fetch google.com:443 Yes Yes Yes Yes
Server works Yes Yes Yes Yes
Client ALPN Yes Yes Yes Yes
Server ALPN Yes Yes No No
Server init from DER key Yes Yes No No
Server init from PKCS12 Yes No Yes Yes

Why not simply use XXX

Why not simply use native-tls

  • does not support server side ALPN
  • requires PKCS #12 keys on the server side
  • building OpenSSL on Linux is not always trivial

Why not simply use openssl

  • sometimes it's hard to compile it
  • some concerns about OpenSSL safety

Why not simply use rustls

  • diagnostics of rustls is not perfect
  • certain TLS features are not supported

Why not simply use security-framework

  • only works on Apple
  • does not support server side ALPN