Crate s2n_quic

source ·
Expand description

An implementation of the IETF QUIC protocol, featuring:

See the installation instructions and examples to get started with s2n-quic.

§Feature flags

§provider-address-token-default

Enabled by default

Enables the default address token provider, which will securely generate address tokens for a single QUIC server. If your deployment requires that multiple servers handle address tokens, this provider should not be used. Instead, a custom implementation of provider::address_token::Format should be specified.

§provider-event-tracing

Enables event integration with tracing. The default event provider will be set to [provider::event::tracing::Provider] and will emit endpoint and connection events to the application’s configured tracing::Subscriber.

§provider-tls-default

Enabled by default

Enables platform detection for the recommended implementation of TLS. Currently, this uses s2n-tls on unix-like platforms and rustls on everything else.

§provider-tls-rustls

Enables the rustls TLS provider. The provider will be available at [provider::tls::rustls].

NOTE: this will override the platform detection and always use rustls by default.

§provider-tls-s2n

Enables the s2n-tls TLS provider. The provider will be available at [provider::tls::s2n_tls].

NOTE: this will override the platform detection and always use s2n-tls by default.

§provider-tls-fips

FIPS mode with provider-tls-s2n

FIPS mode can be enabled with the s2n-tls TLS provider on non-windows platforms.

Applications wanting to use FIPS-approved cryptography with provider-tls-s2n should:

  1. Enable the following features:
 s2n-quic = { version = "1", features = ["provider-tls-fips", "provider-tls-s2n"] }
  1. Build a custom s2n-tls TLS provider configured with a FIPS approved security policy:
 use s2n_quic::provider::tls::s2n_tls;
 use s2n_quic::provider::tls::s2n_tls::security::Policy;

 let mut tls = s2n_tls::Server::builder();
 let policy = Policy::from_version("20230317")?;
 tls.config_mut().set_security_policy(&policy)?;
 let tls = tls
     .with_certificate(..)?
     ...
     .build()?;

 let mut server = s2n_quic::Server::builder()
     .with_tls(tls)?
     ...
     .start()?;

FIPS mode with provider-tls-rustls

FIPS mode can be enabled with the rustls TLS provider. Applications are responsible for meeting guidelines for using rustls with FIPS-approved cryptography.

Applications wanting to use FIPS-approved cryptography with provider-tls-rustls should:

  1. Enable the following features:
 s2n-quic = { version = "1", features = ["provider-tls-fips", "provider-tls-rustls"] }

Re-exports§

Modules§