Skip to content

frewsxcv/rustls

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
src
src
 
 
test
test
 
 
.travis.yml
.travis.yml
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 
test-client.sh
test-client.sh
 
 
test-server.sh
test-server.sh
 
 

Repository files navigation

Rustls

Rustls is a new, modern TLS library written in Rust. It's pronounced 'rustles'. It uses ring for cryptography and libwebpki for certificate verification.

Status

Rustls is currently in development and hence unstable.

Build Status

Approach

Rustls is built to a few rules:

  • Modern, strong cryptography only:
    • No RC4, no DES.
    • No discrete-log DH or DSA.
  • No discredited, little-used or legacy SSL/TLS features:
    • No CBC-mode EtM ciphersuites.
    • No unneccessary 'national pride' block ciphers like Camellia or ARIA.
    • No renegotiation.
    • No client authentication.
    • No discrete-log DH. It's misdesigned in TLS.
  • TLS1.2 or later only.

Currently implemented

Client connections work to assorted internet servers. The following ciphersuites are supported:

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

For ECDHE, the nistp256 and nistp384 curves are supported, as well as curve25519.

The client test program is named s_client. It expects to find root certificates in /etc/ssl/certs/ca-certificates.crt and be given a hostname as its single argument. It connects to that host and issues a basic HTTP request, eg:

$ ./target/debug/s_client mozilla-modern.badssl.com
got HTTP/1.1 200 OK
Server: nginx/1.6.2 (Ubuntu)
Date: Mon, 30 May 2016 20:13:22 GMT
Content-Type: text/html
Content-Length: 644
Last-Modified: Tue, 12 Apr 2016 01:21:49 GMT
Connection: close
ETag: "570c4dad-284"
Strict-Transport-Security: max-age=15768000
Cache-Control: no-store
Accept-Ranges: bytes

<!DOCTYPE html>
<html>
<head>
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="shortcut icon" href="/icons/favicon-green.ico"/>
  <link rel="apple-touch-icon" href="/icons/icon-green.png"/>
  <title>mozilla-modern.badssl.com</title>
  <link rel="stylesheet" href="/style.css">
  <style>body { background: green; }</style>
</head>
<body>
<div id="content">
  <h1>
    mozilla-modern.<br>badssl.com
  </h1>
</div>

<div id="footer">
  This site uses the Mozilla &ldquo;<a href="https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility">Modern</a>&rdquo; TLS configuration.
</div>

</body>
</html>

plaintext read error Error { repr: Custom(Custom { kind: ConnectionAborted, error: StringError("CloseNotify alert received") }) }
closing connection

or

$ ./target/debug/s_client expired.badssl.com
write rc=Ok(())
cannot process packet: Err(WebPKIError(CertExpired))
closing connection

TODO list

  • ALPN
  • chacha20poly1305 bulk encryption support.
  • Signing support in ring to unblock server work.
  • Server support.
  • Write some more sample programs.
  • Stabalise and document public API.

About

Embryonic Rust TLS library

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 99.5%
  • Shell 0.5%