Rustls

The Story

The story of our work with Rustls begins with another piece of software, OpenSSL. OpenSSL is a ubiquitous TLS library, used in a large percentage of all devices connected to the Internet. Unfortunately, it's written in C and has a long history of memory safety vulnerabilities.

It's important for the security of the Internet that we move away from TLS libraries that aren't memory safe. It's highly unlikely that we can get the OpenSSL project to move away from C so we need to work on a memory safe alternative and get the Internet's critical software infrastructure to make the switch.

Fortunately, there is an excellent alternative to OpenSSL for many use cases. Rustls is a high-quality TLS implementation written in Rust, a memory safe language. We believe Rustls represents the future of TLS implementation on the Internet.

What We've Done

Current Engagements

• Daniel McCarney is currently working full time on Rustls via a contract with Prossimo that started on March 1, 2023.
• Joe Birr-Pixton is currently working full time on Rustls via a contract with Prossimo that started on June 12, 2023.

Past Engagements

• Dirkjan Ochtman via contract with Prossimo, March 2021 through October 2021.
• ISRG engineer Jacob Hoffman-Andrews developed a C API for Rustls that existing C-based projects can use to make their TLS implementation memory safe.
• Joe Birr-Pixton via contract with Prossimo, December 2022 through January 2023.
• Ferrous Systems worked on a no-allocation API, no_std compatibility, and async APIs via contract with Prossimo, June 2023 through December 2023.
• Adolfo Ochogavía improved performance benchmarking via contract with Prossimo, August 2023 through December 2023.

What's Next

We are currently raising funds to make further improvements to Rustls.

Links

• Development Priorities
• Rustls on GitHub
• C API for Rustls on GitHub