openssl-ktls 0.2.1

Openssl KTLS support (with tokio)
Documentation

openssl-ktls

ci License: MIT Crates.io Documentation

Use openssl with kernel TLS offload, optionally with tokio.

This crate implements sync SslStream and async tokio SslStream that are ktls capable, extending the openssl crate.

Get started

Add to Cargo.toml

openssl-ktls = { version = "*", default-features = false, features = ["tokio", "vendored"]}
  • feature tokio enables tokio based async SslStream.
  • feature vendored enableds build openssl from source with ktls enabled. If your system openssl is already built with ktls enabled, you can skip this feature.

Examples

SslStream works the same way as openssl::ssl::SslStream.

let mut connector =
    openssl::ssl::SslConnector::builder(openssl::ssl::SslMethod::tls()).unwrap();
let connector = connector.set_options(openssl_ktls::option::SSL_OP_ENABLE_KTLS)
    .set_cipher_list(openssl_ktls::option::ECDHE_RSA_AES128_GCM_SHA256).unwrap()
    .configure().unwrap();
let ssl = connector.into_ssl("localhost").unwrap();
let tcp_stream = tokio::net::TcpStream::connect("localhost:8080").await.unwrap();
let mut ssl_stream = openssl_ktls::TokioSslStream::new(tcp_stream, ssl).unwrap();
// read and write data on ssl_stream...
// check ktls is used.
let receive_enabled = ssl_s.ktls_recv_enabled();
let send_enabled = ssl_s.ktls_send_enabled();

License

This project is licensed under the MIT license.