Crate rustls_cng_crypto

Crate rustls_cng_crypto 

Source
Expand description

§rustls-cng-crypto

A rustls crypto provider for Windows that uses CNG for crypto.

§Supported Ciphers

Supported cipher suites are listed below, in descending order of preference.

If the tls12 feature is disabled then the TLS 1.2 cipher suites will not be available.

§TLS 1.3

  • TLS13_AES_256_GCM_SHA384
  • TLS13_AES_128_GCM_SHA256
  • TLS13_CHACHA20_POLY1305_SHA256

§TLS 1.2

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

§Supported Key Exchanges

In descending order of preference:

  • X25519
  • SECP256R1
  • SECP384R1

§Usage

Add rustls-cng-crypto to your Cargo.toml:

[dependencies]
rustls = { version = "0.23.0", features = ["tls12", "std"], default-features = false }
rustls_cng_crypto = "0.1.0"

§Configuration

Use default_provider() to create a provider using cipher suites and key exchange groups listed above. Use custom_provider() to specify custom cipher suites and key exchange groups.

§Features

  • tls12: Enables TLS 1.2 cipher suites. Enabled by default.
  • fips: Changes the default provider to use FIPS-approved cipher suites and key exchange groups. See [fips].

Modules§

cipher_suite
Supported cipher suites.
kx_group
Supported key exchange groups.

Structs§

KeyProvider
A struct that implements rustls::crypto::KeyProvider.
SecureRandom
A struct that implements rustls::crypto::SecureRandom using CNG.
ShutdownHandle
A handle that, when dropped, will free all algorithm providers initialized by this crate.

Constants§

ALL_KX_GROUPS
Supported KeyExchange groups.

Statics§

ALL_CIPHER_SUITES
All supported cipher suites in descending order of preference:
SUPPORTED_SIG_ALGS
A WebPkiSupportedAlgorithms value defining the supported signature algorithms.

Functions§

custom_provider
Create a CryptoProvider with specific cipher suites and key exchange groups
default_provider
Returns a CNG-based CryptoProvider using all available cipher suites (ALL_CIPHER_SUITES) and key exchange groups (ALL_KX_GROUPS).
fips_provider
Returns a CNG-based CryptoProvider using FIPS-approved cipher suites and key exchange groups.