OpenSSL compatibility layer for the Rust SSL/TLS stack

Previously MesaLink, TabbySSL is an OpenSSL compatibility layer for the Rust SSL/TLS stack.

Release history

• 0.10.0 (11/24/2019)
  • Forked from the master branch of MesaLink

Supported ciphersuites

Same as rustls

• TLS13-CHACHA20-POLY1305-SHA256
• TLS13-AES-256-GCM-SHA384
• TLS13-AES-128-GCM_SHA256
• TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
• TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
• TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
• TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
• TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
• TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256

Building instructions for Autotools

``` $ sudo apt-get install m4 autoconf automake libtool make gcc curl $ curl https://sh.rustup.rs -sSf | sh

$ git clone https://github.com/ymjing/tabbyssl.git $ ./autogen.sh --enable-examples $ make ```

Building instructions for CMake

``` $ sudo apt-get install cmake make gcc curl $ curl https://sh.rustup.rs -sSf | sh

$ git clone https://github.com/ymjing/tabbyssl.git $ mkdir build && cd build $ cmake .. $ cmake --build . ```

Examples

To enable examples, use configure --enable-examples or cmake -DHAVE_EXAMPLES=on.

``` $ ./examples/client/client api.ipify.org [+] Negotiated ciphersuite: TLSECDHERSAWITHAES128GCMSHA256, enclength=16, version=TLS1.2 [+] Subject name: /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=.ipify.org [+] Subject alternative names:.ipify.org ipify.org [+] Sent 85 bytes

GET / HTTP/1.0 Host: api.ipify.org Connection: close Accept-Encoding: identity

HTTP/1.1 200 OK Server: Cowboy Connection: close Content-Type: text/plain Vary: Origin Date: Thu, 09 Aug 2018 21:44:35 GMT Content-Length: 10 Via: 1.1 vegur

1.2.3.4 [+] TLS protocol version: TLS1.2

[+] Received 177 bytes ```

$ ./examples/server/server Usage: ./examples/server/server <portnum> <cert_file> <private_key_file> $ cd examples/server/server $ ./server 8443 certificates private_key [+] Listening at 0.0.0.0:8443 [+] Negotiated ciphersuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, enc_length=16, version=TLS1.2 [+] Received: GET / HTTP/1.1 Host: 127.0.0.1:8443 Connection: keep-alive User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Acknowledgments

TabbySSL/MesaLink would not have been possible without the following high-quality open source projects in the Rust community. Thanks for code and inspiration!

• rustls: A modern TLS library in Rust, maintained by Joseph Birr-Pixton @ctz
• sct.rs: Certificate transparency SCT verification library in rust, maintained by Joseph Birr-Pixton @ctz
• ring: Safe, fast, small crypto using Rust, by Brian Smith @briansmith
• webpki: WebPKI X.509 Certificate Validation in Rust, maintained by Brian Smith @briansmith

Maintainer

• 2019.11 - Present: Yiming Jing <yjing@apache.org> @ymjing

License

TabbySSL is provided under the 3-Clause BSD license. For a copy, see the LICENSE file.