rustls VS systemd

Compare rustls vs systemd and see what are their differences.

rustls

A modern TLS library in Rust (by rustls)

systemd

The systemd System and Service Manager (by systemd)
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
rustls systemd
57 495
5,375 12,313
4.0% 1.8%
9.9 10.0
4 days ago about 13 hours ago
Rust C
GNU General Public License v3.0 or later GNU General Public License v3.0 only
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

rustls

Posts with mentions or reviews of rustls. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-02-28.
  • Pingora: HTTP Server and Proxy Library, in Rust, by Cloudflare, Released
    6 projects | news.ycombinator.com | 28 Feb 2024
    Being able to use rustls as a drop-in replacement for openssl is on their roadmap: https://github.com/rustls/rustls/blob/main/ROADMAP.md#future...

    So that'll certainly one option in the future.

    6 projects | news.ycombinator.com | 28 Feb 2024
    Rustls claims to support TLS 1.2 as well (https://github.com/rustls/rustls)
    6 projects | news.ycombinator.com | 28 Feb 2024
  • Alternative to openssl for reqwest https with client certs.
    3 projects | /r/rust | 8 Dec 2023
  • What are the scenarios where "Rewrite it in Rust" didn't meet your expectations or couldn't be successfully implemented?
    16 projects | /r/rust | 9 Jun 2023
    I also studied this question on FFI several weeks ago in terms of "rewrite part of the system in Rust". Unexpected results could be semantic issues (e.g., different error handling methods) or security issues (FFI could be a soundness hole). I suggest going through the issues of libraries that have started rewriting work such as rust-openssl or rustls (This is the one trying to rewrite in whole rust rather than using FFI; however, you will not be able to find the mapping function in the C version and compare them). I hope this helps!
  • A brief guide to choosing TLS crates
    5 projects | /r/rust | 9 Jun 2023
    Now for rust implementation of tls. Certificates can be loaded in two ways. * Finds and loads certificates using OS specific tools3 * Uses a rust implementation of webpki4 for loading with certificates5
  • Microsoft is busy rewriting core Windows library code in memory-safe Rust
    2 projects | news.ycombinator.com | 27 Apr 2023
    > Ring is mostly C/Assembly

    Crypto needs to be written in Assembly to ensure that operations take a constant time, regardless of input. Writing it in a high level language like C or Rust opens you up to the compiler "optimising" routines and making them no longer constant time.

    But you already knew this. And you also knew that the security audit (https://github.com/rustls/rustls/blob/master/audit/TLS-01-re...) of ring was favourable

    > No issues were found with regards to the cryptographic engineering of rustls or its underlying ring library. A recommendation is provided in TLS-01-001 to optionally supplement the already solid cryptographic library with another cryptographic provider (EverCrypt) with an added benefit of formally verified cryptographic primitives. Overall, it is very clear that the developers of rustls have an extensive knowledge on how to correctly implement the TLS stack whilst avoiding the common pitfalls that surround the TLS ecosystem. This knowledge has translated reliably into an implementation of exceptional quality.

    You said

    > a standard library with feature flags and editions would make rust ridiculously much more productive

    What's the difference between opting into a library with a feature flag and opting in with a line in Cargo.toml? Let's say you want to use the de-facto regex library. Would it really be ridiculously productive if you said you wanted the "regex" feature flag instead of the "regex" crate?

    I do agree that the standard library does need a versioning story so they can remove long deprecated functions. Where it gets complicated is if a new method is reintroduced using the same name in a later edition.

  • Is Rust really safe? How to identify functions that can potentially cause panic
    6 projects | /r/rust | 12 Mar 2023
    I believe it is more relevant than you think: servers running in containers, web assembler tasks running in browsers, embedded devices and kernels with total control of the system, all have the ability to do something more sensible than plain out SIGABRT or similar, and in many the case is not that the complete system is falling down. For example RustTLS is looking into allowing fallible allocators and as a pretty general-purpose library that seems like a nice feature. I do wish ulimit -v worked in a sensible manner with applications.
  • MCloudTT: An asynchronous MQTT v5 Broker written in Rust
    2 projects | /r/rust | 28 Feb 2023
    I think it is this issue. But I'll get back to you tomorrow
  • Architecture with rust
    5 projects | /r/learnrust | 9 Feb 2023
    Then you also might need to use rustls , some kind of oauth crate and a persistence layer of choice (database).

systemd

Posts with mentions or reviews of systemd. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-02-21.
  • X.org Server Clears Out Remnants for Supporting Old Compilers
    2 projects | news.ycombinator.com | 21 Feb 2024
    - Mysterious PID1 crash related to timedatectl, resolved by replacing /etc/localtime with a regular file instead of symlink (to a file on same FS). How do you strace PID1 to get some idea what's going on? You don't. Good thing timezone management needs to be part of init!

    - Mysterious issue in resolvectl, some sort of race condition, 2-year old bug report https://github.com/systemd/systemd/issues/22775 - at least you actually don't have to use this one.

    And those are just the two that I've had to spend hours on in the past few years.

    Not using systemd is barely a choice, even if you don't use systemd itself you nearly have to use things which are designed in exactly the same bad ways (polkit, systemd-udevd), there are several (negative) changes which even systemd-resistant distros have adopted for conformity which were first driven by systemd, lots of software has completely removed their provided init-scripts and replaced them with systemd unit files only so you have to write your own or go dig it up from the git history...

    Oh and it's extremely brittle and one little piece breaking means you can't boot at all, not even in single user, since everything is jammed into PID1... so good luck even examining what's going on.

    I could go on but of course you've already seen and chosen to ignore any argument I could make.

  • Ask HN: Who wants to be hired? (February 2024)
    19 projects | news.ycombinator.com | 1 Feb 2024
    Hi HN! I'm a Linux security engineer looking for work on Open Source software. I've done some security work in the Linux Kernel (containerization primitives), in systemd as well as some work on Secure Boot.

    Notably I've implemented auto-enrollment of secure boot keys in systemd. See (https://github.com/systemd/systemd/pull/20255 & https://lpc.events/event/16/contributions/1259/).

    Lately, I've been very interested in MicroVMs and minimizing the Linux Kernel attack surface.

    Message me if any of that sounds interesting!

  • New Renderers for GTK
    9 projects | news.ycombinator.com | 29 Jan 2024
    The xdg-portal attempt was misguided and I don't beleive anyone is pursuing it at this point. Ideally drm-leasing would be managed by the login manager, allowing multiple compositors to lease connectors and run independently on other monitors, as well as being used for VR headsets. https://github.com/systemd/systemd/issues/29078.

    Sidenote: I hacked the wayland protocol implementation for gnome into working at least for SteamVR, but at least with AMD gpus there is some serious bug preventing the card from performing properly. It basically throttles itself for no reason and never hits the refresh rates needed for smooth VR, especially since there is no asynchronous reprojection at the moment. So while ideally the drm-leasing problem would be solved already there are other even more important problems to solve with linux VR for now.

  • A Suprising Discovery Inside the Steam Deck's APU
    2 projects | news.ycombinator.com | 15 Jan 2024
    > It is very hardware dependent.

    NVIDIA GPUs definitely make things more difficult, at least in the suspend-then-hibernate case. Here's where I reported a hacky workaround:

    https://forums.developer.nvidia.com/t/systemds-suspend-then-...

    See also:

    https://github.com/systemd/systemd/issues/27559

    NVIDIA kinda sorta just doesn't give a shit, unfortunately.

  • Why would you still want to use strace in 2023? [video]
    4 projects | news.ycombinator.com | 8 Jan 2024
    > You'll still care that you can write that file, right?

    Sometimes you don't need it.

    systemd itself just checks that `/etc/initrd-release` exists and runs in initrd mode changing its default target to boot into (IIRC you can also manually change the default target to `initrd.target` in the initrd, but this way the default systemd vendored files don't need to be touched).

    https://github.com/systemd/systemd/blob/7f13af72f89452950226...

  • Systemd through the eyes of a musl distribution maintainer
    6 projects | news.ycombinator.com | 6 Jan 2024
    I generally embrace systemd and have been pretty happy with it but there's one component which simply doesn't work correctly and that's systemd-resolved in combination with DNSSEC. I eventually had to replace it with Knot Resolver which works flawlessly on the same machine / network.

    https://github.com/systemd/systemd/issues/9867

    6 projects | news.ycombinator.com | 6 Jan 2024
    There's a willingness from the systemd devs to start incorporating Rust into it, possibly quite soon: https://github.com/systemd/systemd/pull/19598
    6 projects | news.ycombinator.com | 6 Jan 2024
    uint8_t signature[8]; /* "LPKSHHRH" */

    == Lennart Poettering, Kay Siver, Harald Hoyer, Red Hat

    I don't know the details but I heard at some point Kay and Lennart had a falling out within the project. By the time I got involved in journald development @ CoreOS, neither Kay nor Harald were visibly participating anymore... It was kind of annoying, as it left just Lennart to review any journald PRs, who was obviously busy, but eventually got around to it. I think it's worth noting that despite being the person who receives all the systemd hate, Lennart didn't promptly abandon maintenance of the project after getting installed everywhere.

    [0] https://github.com/systemd/systemd/blob/v255/src/libsystemd/...

  • Earlyoom – Early OOM Daemon for Linux
    2 projects | news.ycombinator.com | 13 Dec 2023
    Or systemd's systemd-oomd https://github.com/systemd/systemd/pull/15206

    The answer for both of those is "if you're unfortunate enough to be running a 2.6 kernel linux server from 2005, then you can't use cgroupsv2 and thus can't use oomd or systemd-oomd".

  • Systemd's new blue screen of death (systemd-bsod)
    2 projects | /r/linux | 9 Dec 2023
    Ok? I never said he wasn't involved, but he didn't create this tool. And for your info, he wasn't the only systemd developer that was involved as well. But of course, you immediatly started throwing a tantrum at just reading his name because all you can whine about is how systemd is the source of all evil and Poettering is the devil!

What are some alternatives?

When comparing rustls and systemd you can also consider the following projects:

rust-native-tls

openrc - The OpenRC init system

rust-openssl - OpenSSL bindings for Rust

tini - A tiny but valid `init` for containers

inotify-tools - inotify-tools is a C library and a set of command-line programs providing a simple interface to inotify.

s6 - The s6 supervision suite.

mkcert - A simple zero-config tool to make locally trusted development certificates with any names you'd like.

earlyoom - earlyoom - Early OOM Daemon for Linux

supervisor - Supervisor process control system for Unix (supervisord)

ring - Safe, fast, small crypto using Rust

webpki - WebPKI X.509 Certificate Validation in Rust

dracut - dracut the event driven initramfs infrastructure