Rustls Alternatives
Similar projects and alternatives to rustls
-
-
-
mkcert
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
-
-
-
-
rust-crypto
A (mostly) pure-Rust implementation of various cryptographic algorithms.
-
Scout APM
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
-
BLAKE3
the official Rust and C implementations of the BLAKE3 cryptographic hash function
-
-
sodiumoxide
[DEPRECATED] Sodium Oxide: Fast cryptographic library for Rust (bindings to libsodium)
-
-
-
-
-
-
ripgrep
ripgrep recursively searches directories for a regex pattern while respecting your gitignore
-
-
magic-wormhole
get things from one computer to another, safely [Moved to: https://github.com/magic-wormhole/magic-wormhole] (by warner)
-
-
.NET Runtime
.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
Reviews and mentions
-
Building static Rust binaries for Linux
You may be unable to statically link your binary even after all this, due to dependencies that mandate dynamic linking. In some cases this is avoidable, such as using rustls in place of OpenSSL for cryptography, and hyper in place of bindings to cURL for HTTP, not so much in others. Thanks to the convention of native-linking crates using the -sys suffix in their name it is fairly simple to find if your build has dependencies that dynamically link to libraries. Using cargo's native tree subcommand and greping (or ripgreping for me), you can locate native dependencies. Running cargo tree | rg -- -sys against androidx-release-watcher's v4.1.0 release gives us this:
-
What encryption crates do you guys recommend, especially one with support for streams
You could also just straight up use a full tls implementation like https://github.com/rustls/rustls. Rusttls does support a read/write interface.
- rustls 0.20 has been released!
-
OpenSSL 3.0
Are there projects who are switching from openssl to these rust based projects? https://github.com/rustls/rustls https://github.com/briansmith/ring . If yes, then what is their experience?
-
Which FOSS project do you recommend donating to and why?
[1] https://github.com/ctz/rustls
-
OpenSSL for WASM
If it's an option, maybe look at converting the crate to use Rustls (it may already be an option for the crate). https://github.com/ctz/rustls
-
Why is SSL such a pain?
After I couldn't get simple google example to work ("How to generate a self-signed SSL certificate") I was searching on the rustls repo and found this issue about self-signed certs which made it sound like it wasn't straight forward. Looking into the mentioned test-ca directory wasn't helping either. I might have also accidentally been hit by this issue.
-
BLAKE3 1.0.0
I benchmarked hardware AES vs software ChaCha20, and the former showed an overall performance improvement of an end to end QUIC software stack of more than 50%. The pure crypto difference is probably even higher. That's a huge gap - even thought it might totally be possible that the ChaCha20 implementation of Ring is still improvable.
As a result of that, I asked for rustls to default to AES instead of the previous ChaCha20 default [1]
-
Preparing Rustls for Wider Adoption
Namely ring [2], which, according to github, contains 47.3% Assembly and some C as well.
I'm not trolling here - we were discussing this a lot in my peer group lately.
There's a categorization here (I don't have access to the triage spreadsheet though):
https://github.com/ctz/rustls/issues/447#issuecomment-820719...
It seems like there's been the most effort on category 4, the ones that can't be reached but can often be proven away with refactoring and typestate. Removing these ensures that the APIs don't expose Result types to callers unnecessarily.
Category 1-3 have different severity, but they are all planned to be folded into Result error values.
-
LibreSSL unaffected by recent OpenSSL vulnerabilities
Well, rustls is a pretty solid TLS stack for Rust.
While it doesn't have the decade(s) of eyes on it that openSSL and libreSSL have, it did receive fairly high praise when audited by cure53
-
OpenSSL Security Advisory [25 March 2021]
Well, RusTLS has been audited by third-party and no exploitable weaknesses have been found while ‘the team of auditors considered the general code quality to be exceptional and can attest to a solid impression left consistently by all scope items’.
-
Two new high-severity OpenSSL security advisories
RustTLS should be considered as an alternative where appropriate. It got a pretty good audit report, and of course null pointer derefs ( such as in issue #2 ) is pretty much impossible in Rust. https://github.com/ctz/rustls/blob/master/audit/TLS-01-report.pdf
-
OpenSSL will release a HIGH severity issue fix on 25th
I am a maintainer for rustls (https://github.com/ctz/rustls).
What would your team need to be able to migrate to a different TLS stack that so far has proven to be safer, and passed its first security audit with flying colors? (https://github.com/ctz/rustls/blob/main/audit/TLS-01-report....)
(I am also currently available on part-time freelance basis, feel free to contact me if you need commercial support on your endeavour to structurally address your TLS security issues.)
Stats
rustls/rustls is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
Popular Comparisons
There are 33 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.