There are many forks of OpenSSL available, this doc will show you how to build with them.
You can use --features vendored-openssl cargo build option to always use the latest stable OpenSSL version.
It is also recommended to set the following C compile options:
-
x86-64
-march=x86-64-v2 -
aarch64
-march=armv8-a+aes
See Tongsuo for more introduction.
If you want to support the following protocols:
- GB/T 38636-2020, TLCP
- RFC 8998, TLS1.3 + SM2
then you need to use Tongsuo.
Use --features vendored-tongsuo cargo build option.
See BoringSSL for more introduction.
OpenSSL below 3.0 is not supported anymore, but the 3.0 - 3.2 versions all have significant performance degradation. As an alternative, you can switch to use BoringSSl as a solution.
-
Make sure you have
cmake,pkg-configinstalled -
Build with
--features vendored-boringsslcargo option
See AWS-LC for more introduction.
OpenSSL below 3.0 is not supported anymore, but the 3.0 - 3.2 versions all have significant performance degradation. As an alternative, you can switch to use AWS-LC as a solution on AWS EC2 hosts.
-
Make sure you have
cmake,pkg-configinstalled -
Install a recent version of go if you want to do AWS-LC code generation.
-
Build with
--no-default-features --features vendored-aws-lc,rustls-aws-lc,<other features>cargo build option.