Crate rustls_openssl

Source
Expand description

§rustls-openssl

A rustls crypto provider that uses OpenSSL for crypto.

§Supported Ciphers

Supported cipher suites are listed below, in descending order of preference.

If OpenSSL is compiled with the OPENSSL_NO_CHACHA option, or the fips feature is enabled, then the suites using ChaCha20-Poly1305 will not be available. If the tls12 feature is disabled then the TLS 1.2 cipher suites will not be available.

§TLS 1.3

  • TLS13_AES_256_GCM_SHA384
  • TLS13_AES_128_GCM_SHA256
  • TLS13_CHACHA20_POLY1305_SHA256

§TLS 1.2

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

§Supported Key Exchanges

In descending order of preference:

  • X25519MLKEM768 (OpenSSL 3.5+)
  • SECP384R1
  • SECP256R1
  • X25519
  • MLKEM768 (OpenSSL 3.5+)

If the fips feature is enabled then X25519 will not be available. If the prefer-post-quantum feature is enabled, X25519MLKEM768 will be the first group offered, otherwise it will be the last. MLKEM768 is not offered by default, but can be used by specifying it in the custom_provider() function.

§Usage

Add rustls-openssl to your Cargo.toml:

[dependencies]
rustls = { version = "0.23.0", features = ["tls12", "std"], default-features = false }
rustls_openssl = "0.3.0"

§Configuration

Use default_provider() to create a provider using cipher suites and key exchange groups listed above. Use custom_provider() to specify custom cipher suites and key exchange groups.

§Features

  • tls12: Enables TLS 1.2 cipher suites. Enabled by default.
  • prefer-post-quantum: Enables X25519MLKEM768 as the first key exchange group. Enabled by default.
  • fips: Enabling this feature removes non-FIPS-approved cipher suites and key exchanges. Disabled by default. See fips.
  • vendored: Enables vendored OpenSSL. Disabled by default.

Modules§

cipher_suite
Supported cipher suites.
fips
FIPS support
kx_group
Key exchange groups using OpenSSL

Structs§

KeyProvider
A struct that implements rustls::crypto::KeyProvider.
SecureRandom
A struct that implements rustls::crypto::SecureRandom.

Statics§

ALL_CIPHER_SUITES
All supported cipher suites in descending order of preference:
SUPPORTED_SIG_ALGS
A WebPkiSupportedAlgorithms value defining the supported signature algorithms.

Functions§

custom_provider
Create a CryptoProvider with specific cipher suites and key exchange groups
default_provider
Returns an OpenSSL-based CryptoProvider using default available cipher suites (ALL_CIPHER_SUITES) and key exchange groups ([ALL_KX_GROUPS]).