Closed carllerche closed 4 years ago
The main argument against seeking to support obsolete functionality is that it presents a false sense of security.
Another concern with rustls is gracefully interoperating with OS certificate stores, which native-tls already does by default. This is probably achievable with some glue code, that could live in rustls or a helper crate:
Cribbing some notes from a conversation that happened in the tokio-rs/dev Gitter channel (May 13th, with some follow-up from the tokio-rustls maintainer on May 21st):
Also, rustls is substantially faster.
My takeaway is that we can't reason ourselves out of the trade-offs here, and the best way forward might be to rename tokio-tls to tokio-native-tls to be more obvious about what it actually is and document the trade-offs so users can decide for themselves.
cc @ctz
I think ideally people would want to have single crate that could be switched to different backend using features.
@DoumanAsh we could do that... the main question would be whether or not we could expose modern TLS functionality that only rustls supports.
Thank you to everyone who maintains tokio and its SSL support!
I maintain https://github.com/emk/rust-musl-builder, which is one of the semi-popular ways to build statically-linked Rust applications on Linux.
The OpenSSL C library is a source of constant misery: It doesn't follow semver, it breaks compatibility in subtle ways between 1.1.0 and 1.1.1 releases, it requires a bunch of extra work to link statically, and so on.
I would absolutely love to see a pure-Rust option on Linux/Unix systems, as long as it has something like openssl-probe
to find the OS cert store, and it can a reasonable fraction of real-world web servers.
Ideally all this would go through a layer similar to native-tls, so that we could still use OS SSL on Mac and Linux.
Note that @ctz recently started sketching out rustls-native-certs.
@carllerche any thoughts on which direction you want to go in?
Another concern with rustls is gracefully interoperating with OS certificate stores, which native-tls already does by default. This is probably achievable with some glue code, that could live in rustls or a helper crate
Note that I recently released the first release of a crate which fulfils this goal.
@ctz awesome!
@djc @ctz I think the strategy we should explore for tokio-tls
is to be an "api shim" layer and have feature flags for the various implementations. So, you would do:
tokio-tls = { version = "*", features = ["rustls"] }
And just not pick a default. What does everyone think?
@DoumanAsh this is what tls-api crate is doing (Disclaimer: code quality is bad, but the idea is right, I think)
@carllerche
tokio-tls = { version = "*", features = ["rustls"] }
What does everyone think?
Specifying TLS implementation in each crate is OK, but it would be better to just have an API (tls-api
crate), and implementations in separate crates (tls-api-openssl
, tls-api-rustls
, ...). No feature flags needed, implementations API for different TLS implementations live in different crates, all libraries which require TLS are implementation neutral, and final apps decide which implementation to use with a dependency on implementation crate and a reference to a type in the main function.
[dependencies]
tls_api_openssl = "*"
fn my_app<C: tls_api::TlcConnector>() { ... }
fn main() {
run_my_app::<tls_api_openssl::TlsConnector>();
}
(This is what my tls-api* crates do)
tokio-tls is no longer in this repository
rustls
is an implementation of TLS in Rust, backed by ring. It supports many of the newest features provided by TLS, but does not support old functionality that ~10% of websites require.The question is, should
tokio-tls
switch torustls
or shouldtokio-tls
stick tonative-tls
.This issue is to track the discussion (instead of ad-hoc convos in gitter). I will attempt to maintain a summary of the pros / cons discussed in this description.
/cc @sfackler @ctz