Expand description
An implementation of the IETF QUIC protocol, featuring:
- a simple, easy-to-use API. See an example of an s2n-quic echo server built with just a few API calls
- high configurability using providers for granular control of functionality
- extensive automated testing, including fuzz testing, integration testing, unit testing, snapshot testing, efficiency testing, performance benchmarking, interoperability testing and more
- integration with s2n-tls, AWS’s simple, small, fast and secure TLS implementation, as well as rustls
- thorough compliance coverage tracking of normative language in relevant standards
- and much more, including CUBIC congestion controller support, packet pacing, Generic Segmentation Offload support, Path MTU discovery, and unique connection identifiers detached from the address
See the installation instructions and examples to get started with s2n-quic
.
§Feature flags
§provider-address-token-default
Enabled by default
Enables the default address token provider, which
will securely generate address tokens for a single QUIC server. If your deployment requires
that multiple servers handle address tokens, this provider should not be used. Instead, a custom
implementation of provider::address_token::Format
should be specified.
§provider-event-tracing
Enables event integration with tracing
. The
default event provider will be set to [provider::event::tracing::Provider
] and will emit
endpoint and connection events to the application’s configured
tracing::Subscriber
.
§provider-tls-default
Enabled by default
Enables platform detection for the recommended implementation of TLS. Currently, this uses
s2n-tls
on unix-like platforms and rustls
on everything else.
§provider-tls-rustls
Enables the rustls
TLS provider. The provider will be available at
[provider::tls::rustls
].
NOTE: this will override the platform detection and always use rustls
by default.
§provider-tls-s2n
Enables the s2n-tls
TLS provider. The provider will be available at
[provider::tls::s2n_tls
].
NOTE: this will override the platform detection and always use s2n-tls
by default.
§provider-tls-fips
FIPS mode with provider-tls-s2n
FIPS mode can be enabled with the s2n-tls
TLS provider on
non-windows platforms.
Applications wanting to use FIPS-approved cryptography with provider-tls-s2n
should:
- Enable the following features:
s2n-quic = { version = "1", features = ["provider-tls-fips", "provider-tls-s2n"] }
- Build a custom s2n-tls TLS provider configured with a FIPS approved security policy:
use s2n_quic::provider::tls::s2n_tls;
use s2n_quic::provider::tls::s2n_tls::security::Policy;
let mut tls = s2n_tls::Server::builder();
let policy = Policy::from_version("20230317")?;
tls.config_mut().set_security_policy(&policy)?;
let tls = tls
.with_certificate(..)?
...
.build()?;
let mut server = s2n_quic::Server::builder()
.with_tls(tls)?
...
.start()?;
FIPS mode with provider-tls-rustls
FIPS mode can be enabled with the rustls
TLS provider. Applications are
responsible for meeting guidelines for using rustls with
FIPS-approved cryptography.
Applications wanting to use FIPS-approved cryptography with provider-tls-rustls
should:
- Enable the following features:
s2n-quic = { version = "1", features = ["provider-tls-fips", "provider-tls-rustls"] }
Re-exports§
pub use client::Client;
pub use connection::Connection;
pub use server::Server;