Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/stepancheg/rust-tls-api
TLS API for Rust, and API implementations over native-tls and openssl in separate crates
https://github.com/stepancheg/rust-tls-api
openssl rust tls
Last synced: 5 days ago
JSON representation
TLS API for Rust, and API implementations over native-tls and openssl in separate crates
- Host: GitHub
- URL: https://github.com/stepancheg/rust-tls-api
- Owner: stepancheg
- License: mit
- Created: 2017-06-03T00:25:14.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2023-12-05T23:24:57.000Z (about 1 year ago)
- Last Synced: 2024-04-23T23:04:05.867Z (9 months ago)
- Topics: openssl, rust, tls
- Language: Rust
- Homepage:
- Size: 646 KB
- Stars: 49
- Watchers: 6
- Forks: 28
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# This project has a new home
[New home](https://github.com/edgedb/rust-tls-api/)
# Original notes
[](https://github.com/stepancheg/rust-tls-api/actions?query=workflow%3ACI)
[](https://github.com/stepancheg/rust-tls-api/blob/master/LICENSE)
[](https://crates.io/crates/tls-api)
# One TLS API to rule them all
Supports:
* **tokio** and **async-std**
* **rustls**, **native-tls**, **openssl**, **security-framework**
## Crates in this repository
* tls-api — TLS API without any implementation and without dependencies
* tls-api-native-tls — implementation of TLS API over
[native-tls](https://github.com/sfackler/rust-native-tls) crate
* tls-api-openssl — implementation of TLS API over
[openssl](https://github.com/sfackler/rust-openssl) crate
* tls-api-rustls — implementation of TLS API over
[rustls](https://github.com/ctz/rustls) crate
* tls-api-security-framework — implementation of TLS API over
[security framework](https://github.com/sfackler/rust-security-framework) crate
* tls-api-schannel — _missing_ implementation of TLS API over
[schannel](https://github.com/steffengy/schannel-rs) crate
* tls-api-stub — stub API implementation which returns an error on any operation
* tls-api-not-tls — stub API implementation which pretends to be TLS, but returns wrapped plain socket
* test-cert-gen — utility to generate certificate for unit tests
## Why one might want to use TLS API instead of concrete implementation
* it is not decided yet which TLS implementation is better, start prototyping with one, and then switch to another
* something doesn't work, no idea why, maybe try another implementation which would provide better diagnostics
* provide a library over TLS (like database client) and allow user do specify preferred TLS implementation
* do a performace comparison of TLS implementations on the same code base
* if one implementation is buggy, it's easy to switch to another without heavy rewrite
## Example
[download-rust-lang-org.rs](https://github.com/stepancheg/rust-tls-api/blob/master/examples/examples/download-rust-lang-org.rs#L66)
contains the implementation of simple TLS client downloading rust-lang.org,
which is invoked with four backends.
## Implementations comparison
| | openssl | rustls | security-framework | native-tls |
| ------------------------ | ------- | ------ |--------------------| ---------- |
| Can fetch google.com:443 | Yes | Yes | Yes | Yes |
| Server works | Yes | Yes | Yes | Yes |
| Client ALPN | Yes | Yes | Yes | Yes |
| Server ALPN | Yes | Yes | No | No |
| Server init from DER key | Yes | Yes | No | No |
| Server init from PKCS12 | Yes | No | Yes | Yes |
## Why not simply use XXX
### Why not simply use native-tls
* does not support server side ALPN
* requires PKCS #12 keys on the server side
* building OpenSSL on Linux is not always trivial
### Why not simply use openssl
* sometimes it's hard to compile it
* some concerns about OpenSSL safety
### Why not simply use rustls
* diagnostics of rustls is not perfect
* certain TLS features are not supported
### Why not simply use security-framework
* only works on Apple
* does not support server side ALPN