Crate rustls_openssl

Source
Expand description

§rustls-openssl

A rustls crypto provider that uses OpenSSL for crypto.

§Supported Ciphers

Supported cipher suites are listed below, in descending order of preference.

If OpenSSL is compiled with the OPENSSL_NO_CHACHA option, or the fips feature is enabled, then the suites using ChaCha20-Poly1305 will not be available. If the tls12 feature is disabled then the TLS 1.2 cipher suites will not be available.

§TLS 1.3

  • TLS13_AES_256_GCM_SHA384
  • TLS13_AES_128_GCM_SHA256
  • TLS13_CHACHA20_POLY1305_SHA256

§TLS 1.2

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

§Supported Key Exchanges

In descending order of preference:

  • SECP384R1
  • SECP256R1
  • X25519

If the fips feature is enabled then X25519 will not be available.

§Usage

Add rustls-openssl to your Cargo.toml:

[dependencies]
rustls = { version = "0.23.0", features = ["tls12", "std"], default-features = false }
rustls_openssl = "0.1.0"

§Configuration

Use default_provider() to create a provider using cipher suites and key exchange groups listed above. Use custom_provider() to specify custom cipher suites and key exchange groups.

§Features

  • tls12: Enables TLS 1.2 cipher suites. Enabled by default.
  • fips: Enabling this feature removes non-FIPS-approved cipher suites and key exchanges. Disabled by default. See fips.

Modules§

cipher_suite
Supported cipher suites.
fips
FIPS support
kx_group
Supported key exchange groups.

Structs§

KeyProvider
A struct that implements rustls::crypto::KeyProvider.
SecureRandom
A struct that implements rustls::crypto::SecureRandom.

Constants§

ALL_KX_GROUPS
Supported KeyExchange groups.

Statics§

ALL_CIPHER_SUITES
All supported cipher suites in descending order of preference:
SUPPORTED_SIG_ALGS
A WebPkiSupportedAlgorithms value defining the supported signature algorithms.

Functions§

custom_provider
Create a CryptoProvider with specific cipher suites and key exchange groups
default_provider
Returns an OpenSSL-based CryptoProvider using all available cipher suites (ALL_CIPHER_SUITES) and key exchange groups (ALL_KX_GROUPS).