Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for native tls #1158

Open
jirutka opened this issue Apr 23, 2023 · 1 comment
Open

Add support for native tls #1158

jirutka opened this issue Apr 23, 2023 · 1 comment
Labels
dependencies enhancement

Comments

@jirutka
Copy link

jirutka commented Apr 23, 2023

Can you please add support for native tls, i.e. allow linking against system-provided TLS library?

Rustls can't be built as a shared library, so it's always statically linked (bundled) into the application binary. So instead of having one system TLS library that can be independently patched for a vulnerability, you end up with who-knows-how-many binaries with different versions of the TLS library bundled inside. It doesn't matter if the library is written in C or Rust, it is still prone to various types of bugs, and in the case of a crypto library, they can lead to critical vulnerabilities. Also, rustls is not written purely in Rust, it is built on top of ring, which is written in assembly and C. Another problem is that ring only supports a limited set of CPU architectures (e.g. ppc64le is not supported).
@roderickvd
Copy link
Member

Feel free to submit a PR. As with other project, let’s make it feature-gated to give users the choice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@roderickvd @jirutka