Comments (5)
I don't think the Rustls project will develop a first-party RustCrypto-based provider, but others have already started on that as part of the RustCrypto project.
For the time being I would recommend just using the first-party ring provider if that works on your platform.
from rustls.
Ok!
Thanks a lot for the comments and references. Even though I believe pure Rust backend would be better in several ways I understand the engineering time to maintain multiple backends here would be significant.
👋
from rustls.
That's reassuring to hear. Thanks for the explanation! 🙏
from rustls.
Describe the solution you'd like
I believe using pure Rust libraries, such as the ones from the RustCrypto project would make cross-compilation easier. I'd use a RustCrypto backend even if it is implementing a small set of only modern cipher suites.
I think the solution you're describing exists today: https://github.com/RustCrypto/rustls-rustcrypto
It's a crate in the Rust Crypto org and I think that's the best place for it to live. The Rust Crypto developers are better positioned to support that crate than we would be in the Rustls org.
from rustls.
We're certainly supportive of the goal of a pure rust cryptography backend. Much of the motivation for the cryptography provider interface work was to enable everyone to choose a backend to use based on their own prioritization weights.
I understand the engineering time to maintain multiple backends here would be significant.
It's worth noting we don't meaningfully maintain the underlying cryptography provider options that are built-in either, just the surface points for where they meet Rustls. aws-lc-rs
has a team at Amazon that maintains it and *ring*
(also an OpenSSL derivative like aws-lc-rs
) is maintained by Brian Smith. We'll also work closely with the Rust Crypto team to help maintain an end-to-end solution that works for folks, but in all cases the Rustls team is collaborating with third parties.
from rustls.
Related Issues (20)
- BadSignature when using P-256 (prime256v1) curve with sha512 HOT 2
- Productionise post-quantum support
- Arguments "--resumption" and "--tickets" don't change server's behavior for TLS1.3 (in example tlsserver-mio) HOT 5
- `cargo doc` fails when docsrs is enabled but fips is disabled due to `cfg(any))` HOT 4
- `no-std` support for targets w/o atomics? HOT 11
- no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point HOT 1
- How to use CryptoProvider::install_default()? how to create params? HOT 2
- How to save my generated cert and key? HOT 1
- Generalize error return from TicketSwitcher generator fn
- Test data shouldn't be included in the crates.io releases HOT 2
- Rework layout of FFDHE support to be linker-friendly
- Document how long a minor version is supported HOT 1
- early data questions HOT 1
- client can send more TLS1.3 early data than maximum if early data is read
- lint markdown, spelling, etc. in GitHub CI HOT 4
- CI cross-build testing with (more) embedded targets HOT 1
- "PROTOCOL_ERROR" when using storage.googleapis.com, tokio-rustls-tls HOT 4
- Unbuffered client with iouring can't establish connection HOT 4
- Make `ring` the default again
- Make `ring` the default again HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustls.