Module crypto 

Crypto provider selection.

• crypto-ring (default): pure Rust via ring.
• crypto-aws-lc-rs: post-quantum-capable aws-lc-rs. Requires cmake.
• crypto-openssl: system OpenSSL via rustls-openssl. Requires cmake + OpenSSL headers.
• fips: implies crypto-aws-lc-rs plus rustls/fips (FIPS 140-3 build).

At least one provider feature must be enabled. When several are enabled together (e.g. cargo build --all-features in CI, or --features fips on top of the default crypto-ring), a deterministic precedence chain selects one: fips > ring > aws-lc-rs > openssl. fips always wins, so a binary built with --features fips runs aws-lc-rs in FIPS mode even when crypto-ring is also enabled. Downstream packaging (Dockerfile, RPM, PKGBUILD) selects exactly one provider explicitly.

Statics

TLS13_AES_128_GCM_SHA256

The TLS1.3 ciphersuite TLS_AES_128_GCM_SHA256

TLS13_AES_256_GCM_SHA384

The TLS1.3 ciphersuite TLS_AES_256_GCM_SHA384

TLS13_CHACHA20_POLY1305_SHA256

The TLS1.3 ciphersuite TLS_CHACHA20_POLY1305_SHA256

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

The TLS1.2 ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256.

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

The TLS1.2 ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

Functions

any_supported_type

Parse der as any supported key encoding/type, returning the first which works.

cipher_suite_by_name

Look up a cipher suite by its string name, filtered through the active crypto provider’s supported set.

default_provider

A CryptoProvider backed by the ring crate.

kx_group_by_name

Look up a key exchange group by its string name.