Rustls

Prossimo Initiative
Rustls logo

The Story

The story of our work with Rustls begins with another piece of software, OpenSSL. OpenSSL is a ubiquitous TLS library, used in a large percentage of all devices connected to the Internet. Unfortunately, it's written in C and has a long history of memory safety vulnerabilities.

It's important for the security of the Internet that we move away from TLS libraries that aren't memory safe. It's highly unlikely that we can get the OpenSSL project to move away from C so we need to work on a memory safe alternative and get the Internet's critical software infrastructure to make the switch.

Fortunately, there is an excellent alternative to OpenSSL for many use cases. Rustls is a high-quality and high performance TLS implementation written in Rust, a memory safe language.

What We've Done

  • Dirkjan Ochtman via contract with Prossimo, March 2021 through October 2021.
  • ISRG engineer Jacob Hoffman-Andrews developed a C API for Rustls that existing C-based projects can use to make their TLS implementation memory safe.
  • Joe Birr-Pixton via contract with Prossimo, December 2022 through January 2023.
  • Ferrous Systems worked on a no-allocation API, no_std compatibility, and async APIs via contract with Prossimo, June 2023 through December 2023.
  • Adolfo Ochogavía improved performance benchmarking via contract with Prossimo, August 2023 through December 2023.
  • Daniel McCarney worked full time on Rustls via a contract with Prossimo, March 2023 through December 2024.
  • Joe Birr-Pixton worked full time on Rustls via a contract with Prossimo, June 2023 through December 2024.
  • Joe Birr-Pixton worked part time on Rustls via a contract with Prossimo, January 2025 through March 2025.

With this investment, Rustls is now full featured and likely the most high performance TLS library out there. In addition to Rust and C APIs, Rustls has an OpenSSL compatibility layer that is improving rapidly.

The Rustls community has also grown quite a bit over the past few years and it's great to see the work happening outside of our investments!

What's Next

  • Joe Birr-Pixton is currently working on Rustls via a contract with Prossimo, March 2025 through December 2025. Additional performance improvements and better OpenSSL compatibility are priorities.

Links

More from the Prossimo blog

May 13, 2025

Rustls Server-Side Performance

Current versions of Rustls show competitive performance when processing many connections at the same time on a server.

October 22, 2024

Rustls Outperforms OpenSSL and BoringSSL

Memory Safe Rustls Outperforms OpenSSL and BoringSSL.

June 13, 2024

Encrypted Client Hello (ECH) Support for Rustls

Adding a TLS extension that allows clients to encrypt their Client Hello

May 8, 2024

Rustls Gains OpenSSL and Nginx Compatibility

Nginx users can easily switch from OpenSSL to Rustls for better security.

March 26, 2024

The Rustls TLS Library Adds Post-Quantum Key Exchange Support

Protecting TLS encryption keys in a post-quantum world.

February 29, 2024

Rustls Now Using AWS Libcrypto for Rust, Gains FIPS Support

The Rustls TLS library is using aws-lc-rs for cryptography by default, with the option to enable FIPS support.

January 4, 2024

Securing the Web: Rustls on track to outperform OpenSSL

A focus on performance with a strong benchmarking system makes Rustls an attractive and memory safe option for TLS.

March 29, 2023

Rustls 0.21.0 Released With Exciting New Features

We’re incredibly excited about the latest release of Rustls, a memory safe TLS implementation

April 20, 2021

Preparing Rustls for Wider Adoption

It’s time for the Internet to move on to more secure software, and that’s why our Memory Safety Initiative is coordinating work to make further improvements to the Rustls TLS library.

Funders

Google
Flyio
AWS
Sovereign-Tech-Fund
Alpha-Omega