GitHub - rustls/rustls: A modern TLS library in Rust

: New LTS is here, with more tooling for GPGPU and AI workloads

Patela: A basement full of amnesic servers

Last December, I completed a half-year project to develop a continuous benchmarking system for the popular rustls library. My work was financed by ISRG, the makers of Let’s Encrypt, who are interested in rustls as a memory safe alternative to OpenSSL. The thing is, replacing OpenSSL is only realistic if you offer at least on-par performance. But how do you achieve that? What do you measure to ensure performance keeps improving and to avoid regressions?

Since starting out as an independent contractor, I’ve always felt a tension between being a generalist software engineer, yet having to market myself as a specialist. I’ve been wanting to write about it for years and even have kept some notes for that purpose. Recently I came across an article by Ben Collins-Sussman, which gave me the last bit of inspiration I needed, even though his article only indirectly touches on the topic.

Consulting Interested in working together or just having an informal chat? Hit me up at adolfo@ochagavia.nl any time. I’m currently offering the following services: Systems programming. Building from first principles is my bread and butter. Past consulting engagements include researching interplanetary IP communication, developing a dependency solver for the Conda ecosystem and creating a continuous benchmarking setup for rustls. I also led the design and implementation of a container image builder, registry and runtime in collaboration with Outerbounds (see their article for details, or my own related write-ups).

Asynchronous TLS/SSL streams for Tokio using Rustls.

This post provides an update on the Canonical-supported upki project, which brings browser-grade Public Key Infrastructure to Linux through the efficient CRLite data format, with the core revocation engine now functional and available to test. Beyond current progress, this post explores broader integration, performance, and future capabilities like Certificate Transparency enforcement and Merkle Tree Certificates.

When we look at the general security posture of Let’s Encrypt, one of the things that worries us most is how much of the operating system and network infrastructure is written in unsafe languages like C and C++. The CA software itself is written in memory safe Golang, but from our server operating systems to our network equipment, lack of memory safety routinely leads to vulnerabilities that need patching. Partially for the sake of Let’s Encrypt, and partially for the sake of the wider Internet, we started a new project called Prossimo in 2020. Prossimo’s goal is to make some of the most critical software infrastructure for the Internet memory safe. Since then we’ve invested in a range of software components including the Rustls TLS library, Hickory DNS, River reverse proxy, sudo-rs, Rust support for the Linux kernel, and ntpd-rs.

I'll be attending the Real World Crypto Symposium in Tokyo next week, and after that, I'm co-organizing and speaking at the Open Source Cryptography Workshop.

At this point I'm supposed to be in Tokyo, attending the Real World Crypto Symposium in Tokyo next week, and after that, I'm co-organizing and speaking at the Open Source Cryptography Workshop. But I'…

You know the drill by now. It’s time for another recap! Sit back, get a warm beverage and look back at the highlights of Season 3 with us. We’ve been at this for a while now (three seasons, one year, and 24 episodes to be exact). We had guests from a wide range of industries: from automotive to CAD software, and from developer tooling to systems programming. Our focus this time around was on the technical details of Rust in production, especially integration of Rust into existing codebases and ecosystem deep dives. Thanks to everyone who participated in the survey last season, which helped us dial in our content. Let us know if we hit the mark or missed it!

In the season premier we talk to none other than Daniel Stenberg! We focus on integrating Rust modules in curl, their benefits, ways in which Rust and Rust crates helped improve curl, but also how curl helped those crates, and where curl is used in the official Rust toolchain. Along the way we also learn about the early history of curl and Rust, which section of your car’s owner’s-manual you should “re”-read, some weird HTTP edge-cases, and Daniel’s experience in open-source maintainership.

ISRG has been investing heavily in the Rustls TLS library over the past few years. Our goal is to create a library that is both memory safe and a leader in performance. Back in January of this year we published a post about the start of our performance journey. We've come a long way since then and we're excited to share an update on Rustls performance today. What is Rustls? Rustls is a memory safe TLS implementation with a focus on performance. It is production ready and used in a wide range of applications. You can read more about its history on Wikipedia.

Website of witcher

DNP3 SAv6 and AMP reinvent what TLS already provides. The threat model changed, the hardware caught up, and major operators already run DNP3 over TLS in production.

Benchmarks & Tips for Big Data, Hadoop, AWS, Google Cloud, PostgreSQL, Spark, Python & More...

Announcing work on upki, a universal tool for Linux and other Unix-like operating systems for handling X.509 certificate revocation lists in system utilities.

As I mentioned in my post about attending Real World Crypto 2023 and the Open Source Cryptography Workshop, I've given a talk discussing Rustls-FFI and the work to allow curl and libcurl to use the Ru…

How do you build a system that handles 90 million request…

Weak Opinions, Strongly Held

a blog about software development, technology and other stuff

Since the announcement of the Rust Innovation Lab at RustConf last September, we’ve been working hard to onboard rustls as our inaugural project (as well as celebrating rustls being shortlisted for two OpenUK awards!) and thinking about what kinds of projects we’d like to support next. As a reminder, the…

The GitHub Secure Open Source Fund helped 67 critical AI‑stack projects accelerate fixes, strengthen ecosystems, and advance open source resilience.