tlsimple

Simple and tiny TLS support for Rust, using Mbed-TLS.

Features

• With async and blocking support, server and client mode. Also provide HttpsConnector for Hyper client.

• Lightweight, as a thin layer (< 2K Lines). Few dependencies.

• Easy to build, only a C compiler is required. Unlike OpenSSL (require perl + autoconf + automake + many more).

Roadmap

• [x] Run Mbed-TLS demo.
• [x] Use Mbed-TLS BIO (I/O abstraction).
• [x] Try to figure out if Mbed-TLS is easy to strip.
• [x] Build Mbed-TLS with AddressSanitizer.
• [x] Build Rust executable with AddressSanitizer.
• [x] Rust binding prototype worked.
• [x] Fully control the build progress, use only gcc / ar command.
• [x] Fix LeakSanitizer.
• [x] Compile with the Rust cc crate.
• [x] Bind to Rust.
• [x] Bind to Rust with async.
• [ ] Miri, Loom, ThreadSanitizer and more.
• [x] Set ALPN to use HTTP 2.
• [x] Client mode.
• [x] Implement Client mode cert vetify.
• [ ] Test client mode cert vetify works.
• [x] Client with Hyper 0.14.
• [ ] Client with Hyper 1.0 rc.
• [x] Deploy on Tokio current-thread runtime.
• [x] Fix crach on Tokio multi-thread runtime.
• [x] Bench OpenSSL and Mbed-TLS.
• [x] Strip more.
• [ ] Test if works in Windows.
• [ ] TLS 1.3.
• [ ] ~~Use mbedtlssslcache_context to speed up.~~
• [x] Use context pool to improve performance.
• [x] Improve multi-thread performance.
• [x] Bench and compare with OpenSSL / Rustls.
• [ ] Better error code to name convert.
• [x] CI by GitHub Actions.
• [ ] ~~Kernel TLS offload~~.
• [x] Deploy on ksite.
• [ ] Publish & Announce.

Build

Thanks

• https://github.com/Mbed-TLS/mbedtls

• https://github.com/tokio-rs/tokio-openssl

• https://github.com/fortanix/rust-mbedtls

• https://curl.se/docs/ssl-compared.html