This project has a new home

November 25, 2024 · View on GitHub

Original notes

Supports:

tls-api — TLS API without any implementation and without dependencies
tls-api-native-tls — implementation of TLS API over native-tls crate
tls-api-openssl — implementation of TLS API over openssl crate
tls-api-rustls — implementation of TLS API over rustls crate
tls-api-security-framework — implementation of TLS API over security framework crate
tls-api-schannel — missing implementation of TLS API over schannel crate
tls-api-stub — stub API implementation which returns an error on any operation
tls-api-not-tls — stub API implementation which pretends to be TLS, but returns wrapped plain socket
test-cert-gen — utility to generate certificate for unit tests

it is not decided yet which TLS implementation is better, start prototyping with one, and then switch to another
something doesn't work, no idea why, maybe try another implementation which would provide better diagnostics
provide a library over TLS (like database client) and allow user do specify preferred TLS implementation
do a performace comparison of TLS implementations on the same code base
if one implementation is buggy, it's easy to switch to another without heavy rewrite

download-rust-lang-org.rs contains the implementation of simple TLS client downloading rust-lang.org, which is invoked with four backends.

	openssl	rustls	security-framework	native-tls
Can fetch google.com:443	Yes	Yes	Yes	Yes
Server works	Yes	Yes	Yes	Yes
Client ALPN	Yes	Yes	Yes	Yes
Server ALPN	Yes	Yes	No	No
Server init from DER key	Yes	Yes	No	No
Server init from PKCS12	Yes	No	Yes	Yes