Skip to main content

Crate boring_rustls_provider

Crate boring_rustls_provider

Expand description

A rustls CryptoProvider backed by BoringSSL.

§Quick start

let config = rustls::ClientConfig::builder_with_provider(
        boring_rustls_provider::provider().into(),
    )
    .with_safe_default_protocol_versions()
    .unwrap()
    .with_root_certificates(rustls::RootCertStore::empty())
    .with_no_client_auth();

§Features

No features are enabled by default. The provider ships with TLS 1.3 support out of the box; additional capabilities are opt-in via feature flags:

fips — Build against FIPS-validated BoringSSL and restrict the provider to FIPS-approved algorithms (SP 800-52r2). Implies mlkem.
mlkem — Enable the X25519MLKEM768 post-quantum hybrid key exchange group.
tls12 — Enable TLS 1.2 cipher suites.
logging — Enable debug logging via the log crate.

Modules§

sign: Private key loading and TLS signing operations.
tls12: TLS 1.2 cipher suite definitions (requires the tls12 feature).
tls13: TLS 1.3 cipher suite definitions.
verify: Signature verification algorithms for certificate validation.

Functions§

provider: Returns a CryptoProvider with the default set of cipher suites and key exchange groups.
provider_with_ciphers: Returns a CryptoProvider using the given cipher suites.