TLS
Recipe | Crates | Categories |
---|---|---|
rustls | ||
native-tls |
Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication over a computer network. It is widely used in applications such as web browsing, email, and instant messaging to ensure that data transmitted between the client and server remains private and integral. TLS is the successor to the Secure Sockets Layer (SSL) protocol.
rustls
rustls
⮳ is a portable pure-rust high-level implementation of TLS. It implements TLS 1.2 and higher. Being written entirely in Rust, it avoids any dependencies on system-level TLS libraries. It is portable and works consistently across different platforms without needing to manage system-specific TLS libraries. It can be used in web servers, clients, and other network-dependent applications.
Choose rustls
⮳ for portability and consistent behavior across platforms, and when you need fine-grained control over TLS settings, and when performance is critical.
// use std::io; // use std::sync::Arc; // // Common configuration for (typically) all connections made by a program: // use rustls::ClientConfig; // use rustls::pki_types::ServerName; // // Extension trait, adding utility methods to all AsyncRead types // use tokio::io::AsyncReadExt; // // Extension trait, adding utility methods to all AsyncWrite types // use tokio::io::AsyncWriteExt; // // Rustls is a TLS library that aims to provide a good level of cryptographic // // security, requires no configuration to achieve that security, // // and provides no unsafe features or obsolete cryptography by default. // // Rustls implements TLS1.2 and TLS1.3 for both clients and servers // // If you're already using Tokio for an async runtime you may prefer to use // // `tokio-rustls` instead of interacting with `rustls` directly. // #[tokio::main] // async fn main() -> anyhow::Result<()> { // // Load the root certificate store, // // a container for root certificates able to provide // // a root-of-trust for connection authentication: // let root_store = rustls::RootCertStore::from_iter( // // Mozilla's root certificates for use with the webpki or rustls // // crates: https://github.com/rustls/webpki-roots // webpki_roots::TLS_SERVER_ROOTS.iter().cloned(), // ); // // Create a `ClientConfig` with the root certificate store // // - Create a builder for a client configuration with the process-default // // CryptoProvider and safe protocol version defaults. // let config = ClientConfig::builder() // .with_root_certificates(root_store) // // Disable client authentication (most common) // .with_no_client_auth(); // // Create a wrapper around a `rustls::ClientConfig`, // // providing an async `connect` method // let connector = tokio_rustls::TlsConnector::from(Arc::new(config)); // // Define the domain and server address // let domain = "example.com"; // let addr = "23.215.0.136:443"; // // Connect to the server // let stream = tokio::net::TcpStream::connect(addr).await?; // // // let domain = ServerName::try_from(domain).map_err(|_| { // io::Error::new(io::ErrorKind::InvalidInput, "Invalid domain") // })?; // // // let mut stream = connector.connect(domain, stream).await?; // // Send a HTTP GET request // stream // .write_all( // b"GET / HTTP/1.1\r\nHost:example.com\r\nConnection:close\r\n\r\n") // .await?; // // Read the response // let mut response = Vec::new(); // stream.read_to_end(&mut response).await?; // // Print the response // println!("{}", String::from_utf8_lossy(&response)); // Ok(()) // }
native-tls
native-tls
⮳ is a wrapper over a platform's native TLS implementation and provides a cross-platform API for TLS/SSL communication.It abstracts over platform-specific TLS implementations, using SChannel on Windows, Secure Transport on macOS, and OpenSSL on other platforms
Choose native-tls
⮳ when ease of use and automatic certificate management are preferred and when integration with the system's existing TLS infrastructure is important.
// use hyper::Uri; // use hyper::client; // use hyper_tls::HttpsConnector; // use tokio::runtime::Runtime; // fn main() -> anyhow::Result<()> { // // Create a new runtime // let rt = Runtime::new().unwrap(); // rt.block_on(async { // // Create an HTTPS connector // let https = HttpsConnector::new(); // let client = Client::builder().build::<_, hyper::body::Body>(https); // // Create a request to fetch data from an HTTPS endpoint // let uri: Uri = "https://www.example.com".parse()?; // match client.get(uri).await { // Ok(response) => { // println!("Response status: {}", response.status()); // } // Err(e) => { // eprintln!("Error: {}", e); // } // } // }); // Ok(()) // }