The story of our work with Rustls begins with another piece of software, OpenSSL. OpenSSL is a ubiquitous TLS library, used in a large percentage of all devices connected to the Internet. Unfortunately, it's written in C and has a long history of memory safety vulnerabilities.
It's important for the security of the Internet that we move away from TLS libraries that aren't memory safe. In our view, however, it's highly unlikely that we can get the OpenSSL project to move away from C. As such, we need to work on a memory safe alternative and get the Internet's critical software infrastructure to make the switch.
Fortunately, there is an excellent alternative to OpenSSL for many use cases. Rustls is a high-quality TLS implementation written in Rust, a memory safe language. We believe Rustls represents the future of TLS implementation on the Internet.
We're investing in Rustls in two ways:
- We've contracted with Dirkjan Ochtman to make a number of improvements to the Rustls library.
- ISRG engineer Jacob Hoffman-Andrews has developed a C API for Rustls that existing C-based projects can use to make their TLS implementation memory safe.
From our Blog
Preparing Rustls for Wider Adoption
It’s time for the Internet to move on to more secure software, and that’s why our Memory Safety Initiative is coordinating work to make further improvements to the Rustls TLS library.Read more