Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rustls optional dependency #40

Open
hirrolot opened this issue Aug 16, 2019 · 13 comments
Open

Rustls optional dependency #40

hirrolot opened this issue Aug 16, 2019 · 13 comments
Labels
enhancement New feature or request

Comments

@hirrolot
Copy link

Rustls is an SSL/TLS library, written completely in Rust. It seems to be more safe and fast than OpenSSL (which is used by native-tls on Linux).

Surf uses native-tls if I'm not mistaken, which uses a native implementation on each supported platform. Would Rustls be more preferred to use in Surf?
@hirrolot
Copy link
Author

Oops, just examined that this is a bad idea. Nevermind.

@CryZe
Copy link

CryZe commented Aug 17, 2019

Why is it a bad idea?

@hirrolot
Copy link
Author

  1. TLS/SSL is a critical security module. OpenSSL is used by everyone, Rustls is much less popular and might contain some serious bugs that aren't discovered yet.
  2. OpenSSL, obviously, will have support from the large community in the future, Rustls might not.

@hirrolot
Copy link
Author

If I'm mistaken I can reopen this issue.

@CryZe
Copy link

CryZe commented Aug 17, 2019

I'd say it would still make sense to have it as an optional feature so people can choose.

@hirrolot hirrolot reopened this Aug 17, 2019
@hirrolot hirrolot changed the title Switch to Rustls? Rustls optionable dependency Aug 17, 2019
@hirrolot hirrolot changed the title Rustls optionable dependency Rustls optional dependency Aug 17, 2019
@wezm wezm mentioned this issue Aug 18, 2019
Closed
8 tasks
@yoshuawuyts yoshuawuyts added the enhancement New feature or request label Aug 26, 2019
@danieleades
Copy link

This would be pretty nice

@flopacero
Copy link

I agree, rustls as an optional SSL/TLS behind a feature flag library is supported by a number of other libraries, including reqwest and actix-web. So it would be nice to have the same option here

@ghost
Copy link

ghost commented May 4, 2020

Besides, with rustls support we can build surf to musl target.

@danieleades
Copy link

I'm going to be slightly controversial and say that rustls should be opt out. I'm all for a bleeding edge library like Surf going for pure Rust by default.
But yeah, it should at the very least be an option

@MCOfficer MCOfficer mentioned this issue Jun 3, 2020
Closed
@DavidBM
Copy link

DavidBM commented Oct 26, 2020

Having rustls would allow to compile into amazon lambdas via musl.

@Fishrock123
Copy link
Member

This depends on which surf backend is in use. Ideally we'd have configuration options for Async-h1 which is where this would sit, along with a cargo feature for it specifying the tls backend.

@imuni4fun
Copy link

I am using surf and tide at the moment and would love to be able to target musl for a slim "FROM scratch" image (been working at this most of today). I see this is an old issue and rustls has had some impressive recent benchmarks. @yoshuawuyts , any idea if this is on a roadmap or if it's tabled?

@JEnoch JEnoch mentioned this issue Dec 4, 2020
Merged
@yoshuawuyts
Copy link
Member

@imuni4fun thanks for pointing that out; in terms of roadmap that would be a question for @Fishrock123 to answer who's recently taken lead of the surf part of http-rs.

What I can tell is that we've definitely discussed this in the past, most regularly when discussing #217 (async-h1 as the default surf backend).

@JEnoch JEnoch mentioned this issue Dec 7, 2020
Closed
Fishrock123 added a commit to Fishrock123/surf that referenced this issue Mar 1, 2021
@Fishrock123 @JEnoch
Add 'h1-client-rustls' feature relying on rustls
c29606b 
This PR is a follow-up of http-rs/http-client#53 and addresses http-rs#40.
It adds a `h1-client-rustls` feature using `http-client/rustls` feature introduced by http-rs/http-client#53.

Co-Authored-By: Julien Enoch <julien.enoch@adlinktech.com>
@Fishrock123 Fishrock123 mentioned this issue Mar 1, 2021
Merged
Fishrock123 added a commit to Fishrock123/surf that referenced this issue Mar 1, 2021
@Fishrock123 @JEnoch
Add 'h1-client-rustls' feature relying on rustls
0141f9c 
This PR is a follow-up of http-rs/http-client#53 and addresses http-rs#40.
It adds a `h1-client-rustls` feature using `http-client/rustls` feature introduced by http-rs/http-client#53.

Co-Authored-By: Julien Enoch <julien.enoch@adlinktech.com>
Fishrock123 added a commit to Fishrock123/surf that referenced this issue Mar 1, 2021
@Fishrock123 @JEnoch
Add 'h1-client-rustls' feature relying on rustls
1adb821 
This PR is a follow-up of http-rs/http-client#53 and addresses http-rs#40.
It adds a `h1-client-rustls` feature using `http-client/rustls` feature introduced by http-rs/http-client#53.

Co-Authored-By: Julien Enoch <julien.enoch@adlinktech.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support for hyper-rustls wezm/surf
8 participants
@Fishrock123 @CryZe @yoshuawuyts @DavidBM @imuni4fun @flopacero @danieleades @hirrolot