tlsimple

Simple and tiny TLS support for Rust, using Mbed-TLS.

Features

• With async and blocking support, server and client mode. Also provide HttpsConnector for Hyper client.

• Lightweight, as a thin layer (< 2K Lines). Few dependencies.

• Easy to build, only a C compiler is required. Unlike OpenSSL (require perl + autoconf + automake + many more).

Roadmap

• Run Mbed-TLS demo.
• Use Mbed-TLS BIO (I/O abstraction).
• Try to figure out if Mbed-TLS is easy to strip.
• Build Mbed-TLS with AddressSanitizer.
• Build Rust executable with AddressSanitizer.
• Rust binding prototype worked.
• Fully control the build progress, use only gcc / ar command.
• Fix LeakSanitizer.
• Compile with the Rust cc crate.
• Bind to Rust.
• Bind to Rust with async.
• Miri, Loom, ThreadSanitizer and more.
• Set ALPN to use HTTP 2.
• Client mode.
• Implement Client mode cert vetify.
• Test client mode cert vetify works.
• Client with Hyper 0.14.
• Client with Hyper 1.0 rc.
• Deploy on Tokio current-thread runtime.
• Fix crach on Tokio multi-thread runtime.
• Bench OpenSSL and Mbed-TLS.
• Strip more.
• Test if works in Windows.
• TLS 1.3.
• Use mbedtls_ssl_cache_context to speed up.
• Use context pool to improve performance.
• Improve multi-thread performance.
• Bench and compare with OpenSSL / Rustls.
• Better error code to name convert.
• CI by GitHub Actions.
• Handle underlying io errors.
• More about close notify?
• Port init script to build.rs.
• Kernel TLS offload.
• Deploy on ksite.
• Publish & Announce.

Build

Thanks

• https://github.com/Mbed-TLS/mbedtls

• https://github.com/tokio-rs/tokio-openssl

• https://github.com/fortanix/rust-mbedtls

• https://curl.se/docs/ssl-compared.html