Rust-Written #Rustls Now Reportedly Outperforming #OpenSSL & #BoringSSL
Rustls Outperforms OpenSSL and BoringSSL
Rustls is a memory safe TLS implementation with a focus on performance. It is production ready and used in a wide range of applications.
Got my first HTTPS response from #haproxy using #rustls openssl-compat. I won't say this working corrrectly yet, and I had to patch a few things in haproxy but at least this is a start. Don't expect an official support, I'm just doing this for experimenting :-) https://github.com/wlallemand/haproxy/blob/20240525-rustls-libssl/RUSTLS_LIBSSL.NOTES
looks like rustls 0.23 in actix-web is moving forward today :)
The nym mixnode anonymity router now builds on OpenBSD! It's not using LibreSSL but rustls. Anyone here maybe had a look at rustls or have an opinion about it? Background: https://github.com/nymtech/nym/issues/4284
If you have been waiting for part 2 of the blog series about the performance work we have been doing on #rustls for Prossimo ISRG, your wait is over!
As part of #ISRG's work towards memory-safe infrastructure for the internet, @cpu has opened a merge request that implements TLS ECH support on the client side:
https://github.com/rustls/rustls/pull/1718
We agree that "the ECH spec is very challenging to implement and required a lot of trial/error" and we are working with #DEfO to help implementers. Please reach out if that is you:
https://defo.ie/#contact
"Using `mem::take` to reduce heap allocations"
This is the first post of a series where we go through the performance work we did in rustls, a modern TLS library in Rust. Today we tame the borrow checker using `mem::take`.
The Open Source Cryptography Workshop is returning for 2024, again after #RWC. We’re requesting ideas for sessions from the community, focused on those who build and use open source #cryptography libraries and solutions. Last year we held sessions about bugfinding, adopting #Rustls in libcurl, and clean-sheet #cryptosystem design.
The RFP form is available via https://oscwork.shop/2024/
If you are using Rust for web or considering doing so, you might be excited to hear that rustls merged a PR to make ring an optional dependency. Soon(-ish) you will be able to choose which cryptography backend to use with rustls, including one written fully in Rust. That would help with making your projects easier to build.
Big thank you to rustls team, including Joe Birr-Pixton, @djc, and @cpu!
https://dfmsite6.jaroel.nl is now running on #leptos + #Axum with #Rustls .
It serves the files for Uitzendin gemist from curlftpfs mount with a regular Servedir thingy.
https://github.com/jaroel/dfm_site/tree/leptos-site
ps the whole thing is cross compiled on my macbook air M1 to #i686-unknown-linux-musl, which gives me a ~20mb binary with a web-enabled application server with TLS support and http-redirect.
Deployed using scp + ssh :)
In #RDM we too often take the technical layers that ensure privacy and integrity of data exchange for granted, despite dozen of critical incidents over the last years. We therefore welcome the recent decision of the German @sovtechfund to fund the ISRG's #Prossimo project with 1.5 MEUR to reduce attack surfaces in important components like #TLS libraries:
https://www.memorysafety.org/blog/1.5m-from-sovereign-tech-fund/
While I couldn't be at the Open Source Cryptography Workshop or #RealWorldCrypto to speak and collaborate in-person (because I got COVID again, woo), I recorded my Workshop talk about #Rustls-FFI and #curl, which just played there in Tokyo.
I've embedded the recording in my blogpost here: https://insufficient.coffee/2023/03/30/opensource-crypto-workshop-rustls-ffi/
I got some good live questions about using multiple layers of statically (or dynamically) linked FFI libraries, and about compiling rustls-ffi on systems unsupported by #ring.
It's a little alarming that I'm leaving for #RWC2023 in #Tokyo in like, 36 hours. Also still amusing to me that it'll be my first time attending in person, after all these years.
My talk about #Rustls and #Rustls-ffi is ready (except I'm going to stress about it until I give it), but this is my first international travel this era, so I'm stressing.
https://insufficient.coffee/2023/03/21/rwc-and-opensource-crypto-workshop-2023/