1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217
//! # Rustls - a modern TLS library //! Rustls is a TLS library that aims to provide a good level of cryptographic security, //! requires no configuration to achieve that security, and provides no unsafe features or //! obsolete cryptography. //! //! ## Current features //! //! * TLS1.2 only. //! * ECDSA or RSA server authentication by clients. //! * RSA server authentication by servers. //! * Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves. //! * AES128-GCM and AES256-GCM bulk encryption, with safe nonces. //! * Chacha20Poly1305 bulk encryption. //! * ALPN support. //! * SNI support. //! * Tunable MTU to make TLS messages match size of underlying transport. //! * Resumption by clients. //! * Resumption by servers. //! * Client authentication by clients. //! * Client authentication by servers. //! //! ## Possible future features //! //! * ECDSA server authentication by servers. //! * PSK support. //! * TLS1.3. //! * Resumption via tickets. //! * OCSP stapling. //! * Certificate pinning. //! //! ## Non-features //! //! The following things are broken, obsolete, badly designed, underspecified, //! dangerous and/or insane. Rustls does not support: //! //! * SSL1, SSL2, SSL3, TLS1 or TLS1.1. //! * RC4. //! * DES or triple DES. //! * EXPORT ciphersuites. //! * MAC-then-encrypt ciphersuites. //! * Ciphersuites without forward secrecy. //! * Renegotiation. //! * Kerberos. //! * Compression. //! * Discrete-log Diffie-Hellman. //! * Automatic protocol version downgrade. //! * AES-GCM with unsafe nonces. //! //! There are plenty of other libraries that provide these features should you //! need them. //! //! ## Design Overview //! ### Rustls does not take care of network IO //! It doesn't make or accept TCP connections, or do DNS, or read or write files. //! //! There's example client and server code which uses mio to do all needed network //! IO. //! //! ### Rustls provides encrypted pipes //! These are the `ServerSession` and `ClientSession` types. You supply raw TLS traffic //! on the left (via the `read_tls()` and `write_tls()` methods) and then read/write the //! plaintext on the right: //! //! ```text //! TLS Plaintext //! === ========= //! read_tls() +-----------------------+ io::Read //! | | //! +---------> ClientSession +---------> //! | or | //! <---------+ ServerSession <---------+ //! | | //! write_tls() +-----------------------+ io::Write //! ``` //! //! These objects are not `Send` or `Sync`, so exist in one thread unless you make //! your own arrangements. //! //! ### Rustls takes care of server certificate verification //! You do not need to provide anything other than a set of root certificates to trust. //! Certificate verification cannot be turned off or disabled. //! //! ## Getting started //! This is the minimum you need to do to make a TLS client connection. //! //! First, we make a `ClientConfig`. You're likely to make one of these per process, //! and use it for all connections made by that process. //! //! ``` //! let mut config = rustls::ClientConfig::new(); //! ``` //! //! Next we load some root certificates. These are used to authenticate the server. //! The recommended way is to depend on the `webpki_roots` crate which contains //! the Mozilla set of root certificates. //! //! ```rust,ignore //! config.root_store.add_trust_anchors(&webpki_roots::ROOTS); //! ``` //! //! Now we can make a session. You need to provide the server's hostname so we //! know what to expect to find in the server's certificate. //! //! ```no_run //! # use std::sync::Arc; //! # let mut config = rustls::ClientConfig::new(); //! let rc_config = Arc::new(config); //! let mut client = rustls::ClientSession::new(&rc_config, "example.com"); //! ``` //! //! Now you should do appropriate IO for the `client` object. If `client.wants_read()` yields //! true, you should call `client.read_tls()` when the underlying connection has data. //! Likewise, if `client.wants_write()` yields true, you should call `client.write_tls()` //! when the underlying connection is able to send data. You should continue doing this //! as long as the connection is valid. //! //! The return types of `read_tls()` and `write_tls()` only tell you if the IO worked. No //! parsing or processing of the TLS messages is done. After each `read_tls()` you should //! therefore call `client.process_new_packets()` which parses and processes the messages. //! Any error returned from `process_new_packets` is fatal to the session, and will tell you //! why. For example, if the server's certificate is expired `process_new_packets` will //! return `Err(WebPKIError(CertExpired))`. //! //! You can extract newly received data by calling `client.read()` (via the `io::Read` //! trait). You can send data to the peer by calling `client.write()` (via the `io::Write` //! trait). Note that `client.write()` buffers data you send if the TLS session is not //! yet established: this is useful for writing (say) a HTTP request, but don't write huge //! amounts of data. //! //! The following code uses a fictional socket IO API for illustration, and does not handle //! errors. //! //! ```text //! use std::io; //! //! client.write(b"GET / HTTP/1.0\r\n\r\n").unwrap(); //! let mut socket = connect("example.com", 443); //! loop { //! if client.wants_read() && socket.ready_for_read() { //! client.read_tls(&mut socket).unwrap(); //! client.process_new_packets().unwrap(); //! //! let mut plaintext = Vec::new(); //! client.read_to_end(&mut plaintext).unwrap(); //! io::stdout().write(&plaintext).unwrap(); //! } //! //! if client.wants_write() && socket.ready_for_write() { //! client.write_tls(&mut socket).unwrap(); //! } //! //! socket.wait_for_something_to_happen(); //! } //! ``` //! //! # Examples //! `tlsserver` and `tlsclient` are full worked examples. These both use mio. //! /* Our dependencies: */ /* webpki for certificate verification. */ extern crate webpki; /* *ring* for cryptography. */ extern crate ring; /* untrusted for feeding ring and webpki. */ extern crate untrusted; /* rust-base64 for pemfile module. */ extern crate base64; /* log for logging. */ #[macro_use] extern crate log; mod util; #[macro_use] mod msgs; mod error; mod rand; mod hash_hs; mod prf; mod session; mod pemfile; mod x509; mod sign; mod verify; mod handshake; mod server_hs; mod client_hs; mod suites; mod server; mod client; /// Internal classes which may be useful outside the library. /// The contents of this section DO NOT form part of the stable interface. pub mod internal { /// Functions for parsing PEM files containing certificates/keys. pub mod pemfile { pub use pemfile::{certs, rsa_private_keys}; } /// Low-level TLS message parsing and encoding functions. pub mod msgs { pub use msgs::*; } } /* The public interface is: */ pub use error::TLSError; pub use session::Session; pub use verify::{RootCertStore}; pub use client::{StoresClientSessions, ClientSessionMemoryCache, ClientConfig, ClientSession}; pub use server::{StoresServerSessions, ServerSessionMemoryCache, ServerConfig, ServerSession}; pub use suites::{ALL_CIPHERSUITES, SupportedCipherSuite};