Go to file
Nyaaori e6cc0af949
chore: Remove unused dependencies
2023-07-23 16:35:35 +02:00
.github Replace super-linter with mega-linter 2022-04-28 15:37:41 +01:00
api chore: Remove unused dependencies 2023-07-23 16:35:35 +02:00
api-test chore: Remove unused dependencies 2023-07-23 16:35:35 +02:00
ci-gen Replace super-linter with mega-linter 2022-04-28 15:37:41 +01:00
examples TlsConnector::connect_default 2021-02-21 07:18:42 +00:00
impl-native-tls Bump version to 0.9.0 2022-04-28 17:23:19 +01:00
impl-not-tls Bump version to 0.9.0 2022-04-28 17:23:19 +01:00
impl-openssl Bump version to 0.9.0 2022-04-28 17:23:19 +01:00
impl-rustls Bump version to 0.9.0 2022-04-28 17:23:19 +01:00
impl-security-framework Bump version to 0.9.0 2022-04-28 17:23:19 +01:00
impl-stub Bump version to 0.9.0 2022-04-28 17:23:19 +01:00
interop Some benchmarks 2021-02-26 21:47:15 +00:00
test-cert-gen Bump version to 0.9.0 2022-04-28 17:23:19 +01:00
.editorconfig backup 2017-06-03 06:17:02 +03:00
.gitignore Github workflow for CI 2020-06-28 06:06:01 +01:00
.rustfmt.toml rustfmt 2021-02-14 18:14:47 +00:00
.travis.yml-disabled Github workflow for CI 2020-06-28 06:06:01 +01:00
CHANGELOG.md Update CHANGELOG.md 2022-04-28 17:08:05 +01:00
Cargo.toml tls-api-not-tls 2021-02-20 04:53:11 +00:00
LICENSE Initial commit 2017-06-03 03:25:14 +03:00
README.md Markdown lint 2021-02-20 12:18:55 +00:00

README.md

GitHub Workflow Status License crates.io

One TLS API to rule them all

Supports:

  • tokio and async-std
  • rustls, native-tls, openssl, security-framework

Crates in this repository

  • tls-api — TLS API without any implementation and without dependencies
  • tls-api-native-tls — implementation of TLS API over native-tls crate
  • tls-api-openssl — implementation of TLS API over openssl crate
  • tls-api-rustls — implementation of TLS API over rustls crate
  • tls-api-security-framework — implementation of TLS API over security framework crate
  • tls-api-schannel — missing implementation of TLS API over schannel crate
  • tls-api-stub — stub API implementation which returns an error on any operation
  • tls-api-not-tls — stub API implementation which pretends to be TLS, but returns wrapped plain socket
  • test-cert-gen — utility to generate certificate for unit tests

Why one might want to use TLS API instead of concrete implementation

  • it is not decided yet which TLS implementation is better, start prototyping with one, and then switch to another
  • something doesn't work, no idea why, maybe try another implementation which would provide better diagnostics
  • provide a library over TLS (like database client) and allow user do specify preferred TLS implementation
  • do a performace comparison of TLS implementations on the same code base
  • if one implementation is buggy, it's easy to switch to another without heavy rewrite

Example

download-rust-lang-org.rs contains the implementation of simple TLS client downloading rust-lang.org, which is invoked with four backends.

Implementations comparison

openssl rustls security-framework native-tls
Can fetch google.com:443 Yes Yes Yes Yes
Server works Yes Yes Yes Yes
Client ALPN Yes Yes Yes Yes
Server ALPN Yes Yes No No
Server init from DER key Yes Yes No No
Server init from PKCS12 Yes No Yes Yes

Why not simply use XXX

Why not simply use native-tls

  • does not support server side ALPN
  • requires PKCS #12 keys on the server side
  • building OpenSSL on Linux is not always trivial

Why not simply use openssl

  • sometimes it's hard to compile it
  • some concerns about OpenSSL safety

Why not simply use rustls

  • diagnostics of rustls is not perfect
  • certain TLS features are not supported

Why not simply use security-framework

  • only works on Apple
  • does not support server side ALPN