Crate rustls[][src]

Rustls - a modern TLS library

Rustls is a TLS library that aims to provide a good level of cryptographic security, requires no configuration to achieve that security, and provides no unsafe features or obsolete cryptography.

Current features

Possible future features

Non-features

The following things are broken, obsolete, badly designed, underspecified, dangerous and/or insane. Rustls does not support:

There are plenty of other libraries that provide these features should you need them.

Platform support

Rustls uses ring for implementing the cryptography in TLS. As a result, rustls only runs on platforms supported by ring. At the time of writing this means x86, x86-64, armv7, and aarch64.

Design Overview

Rustls does not take care of network IO

It doesn’t make or accept TCP connections, or do DNS, or read or write files.

There’s example client and server code which uses mio to do all needed network IO.

Rustls provides encrypted pipes

These are the ServerSession and ClientSession types. You supply raw TLS traffic on the left (via the read_tls() and write_tls() methods) and then read/write the plaintext on the right:

         TLS                                   Plaintext
         ===                                   =========
    read_tls()      +-----------------------+      io::Read
                    |                       |
          +--------->     ClientSession     +--------->
                    |          or           |
          <---------+     ServerSession     <---------+
                    |                       |
    write_tls()     +-----------------------+      io::Write

Rustls takes care of server certificate verification

You do not need to provide anything other than a set of root certificates to trust. Certificate verification cannot be turned off or disabled in the main API.

Getting started

This is the minimum you need to do to make a TLS client connection.

First, we make a ClientConfig. You’re likely to make one of these per process, and use it for all connections made by that process.

let mut config = rustls::ClientConfig::new();

Next we load some root certificates. These are used to authenticate the server. The recommended way is to depend on the webpki_roots crate which contains the Mozilla set of root certificates.

config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS);

Now we can make a session. You need to provide the server’s hostname so we know what to expect to find in the server’s certificate.

let rc_config = Arc::new(config);
let example_com = webpki::DNSNameRef::try_from_ascii_str("example.com").unwrap();
let mut client = rustls::ClientSession::new(&rc_config, example_com);

Now you should do appropriate IO for the client object. If client.wants_read() yields true, you should call client.read_tls() when the underlying connection has data. Likewise, if client.wants_write() yields true, you should call client.write_tls() when the underlying connection is able to send data. You should continue doing this as long as the connection is valid.

The return types of read_tls() and write_tls() only tell you if the IO worked. No parsing or processing of the TLS messages is done. After each read_tls() you should therefore call client.process_new_packets() which parses and processes the messages. Any error returned from process_new_packets is fatal to the session, and will tell you why. For example, if the server’s certificate is expired process_new_packets will return Err(WebPKIError(CertExpired)). From this point on, process_new_packets will not do any new work and will return that error continually.

You can extract newly received data by calling client.read() (via the io::Read trait). You can send data to the peer by calling client.write() (via the io::Write trait). Note that client.write() buffers data you send if the TLS session is not yet established: this is useful for writing (say) a HTTP request, but don’t write huge amounts of data.

The following code uses a fictional socket IO API for illustration, and does not handle errors.

use std::io;

client.write(b"GET / HTTP/1.0\r\n\r\n").unwrap();
let mut socket = connect("example.com", 443);
loop {
  if client.wants_read() && socket.ready_for_read() {
    client.read_tls(&mut socket).unwrap();
    client.process_new_packets().unwrap();

    let mut plaintext = Vec::new();
    client.read_to_end(&mut plaintext).unwrap();
    io::stdout().write(&plaintext).unwrap();
  }

  if client.wants_write() && socket.ready_for_write() {
    client.write_tls(&mut socket).unwrap();
  }

  socket.wait_for_something_to_happen();
}

Examples

tlsserver and tlsclient are full worked examples. These both use mio.

Crate features

Here’s a list of what features are exposed by the rustls crate and what they mean.

Modules

ciphersuite

All defined ciphersuites appear in this module.

internal

Internal classes which may be useful outside the library. The contents of this section DO NOT form part of the stable interface.

manual

This is the rustls manual. This documentation primarily aims to explain design decisions taken in rustls.

sign

Message signing interfaces and implementations.

Structs

AllowAnyAnonymousOrAuthenticatedClient

A ClientCertVerifier that will allow both anonymous and authenticated clients, without any name checking.

AllowAnyAuthenticatedClient

A ClientCertVerifier that will ensure that every client provides a trusted certificate, without any name checking.

Certificate

This type contains a single certificate by value.

ClientCertVerified

Zero-sized marker type representing verification of a client cert chain.

ClientConfig

Common configuration for (typically) all connections made by a program.

ClientHello

A struct representing the received Client Hello

ClientSession

This represents a single TLS client session.

ClientSessionMemoryCache

An implementor of StoresClientSessions that stores everything in memory. It enforces a limit on the number of entries to bound memory usage.

DangerousClientConfig

Accessor for dangerous configuration options.

HandshakeSignatureValid

Marker types. These are used to bind the fact some verification (certificate chain or handshake signature) has taken place into protocol states. We use this to have the compiler check that there are no ‘goto fail’-style elisions of important checks before we reach the traffic stage.

KeyLogFile

KeyLog implementation that opens a file whose name is given by the SSLKEYLOGFILE environment variable, and writes keys into it.

NoClientAuth

Turns off client authentication.

NoClientSessionStorage

An implementor of StoresClientSessions which does nothing.

NoKeyLog

KeyLog that does exactly nothing.

NoServerSessionStorage

Something which never stores sessions.

PrivateKey

This type contains a private key by value.

ResolvesServerCertUsingSNI

Something that resolves do different cert chains/keys based on client-supplied server name (via SNI).

RootCertStore

A container for root certificates able to provide a root-of-trust for connection authentication.

ServerCertVerified

Zero-sized marker type representing verification of a server cert chain.

ServerConfig

Common configuration for a set of server sessions.

ServerSession

This represents a single TLS server session.

ServerSessionMemoryCache

An implementor of StoresServerSessions that stores everything in memory. If enforces a limit on the number of stored sessions to bound memory usage.

Stream

This type implements io::Read and io::Write, encapsulating a Session S and an underlying transport T, such as a socket.

StreamOwned

This type implements io::Read and io::Write, encapsulating and owning a Session S and an underlying blocking transport T, such as a socket.

SupportedCipherSuite

A cipher suite supported by rustls.

Ticketer

A concrete, safe ticket creation mechanism.

WebPKIVerifier

Default ServerCertVerifier, see the trait impl for more information.

WriteEarlyData

Stub that implements io::Write and dispatches to write_early_data.

Enums

BulkAlgorithm

Bulk symmetric encryption scheme used by a cipher suite.

CipherSuite

The CipherSuite TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.

ProtocolVersion

The ProtocolVersion TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.

SignatureScheme

The SignatureScheme TLS protocol enum. Values in this enum are taken from the various RFCs covering TLS, and are listed by IANA. The Unknown item is used when processing unrecognised ordinals.

TLSError

rustls reports protocol errors using this type.

Statics

ALL_CIPHERSUITES

A list of all the cipher suites supported by rustls.

Traits

ClientCertVerifier

Something that can verify a client certificate chain

KeyLog

This trait represents the ability to do something useful with key material, such as logging it to a file for debugging.

ProducesTickets

A trait for the ability to encrypt and decrypt tickets.

ResolvesClientCert

A trait for the ability to choose a certificate chain and private key for the purposes of client authentication.

ResolvesServerCert

How to choose a certificate chain and signing key for use in server authentication.

ServerCertVerifier

Something that can verify a server certificate chain, and verify signatures made by certificates.

Session

Generalises ClientSession and ServerSession

StoresClientSessions

A trait for the ability to store client session data. The keys and values are opaque.

StoresServerSessions

A trait for the ability to store server session data.

Type Definitions

DistinguishedNames