Rustls: The ISRG-Backed TLS Library Redefining Online Security

The ISRG has published a post regarding the development of the Rustls library, which focuses on memory safety and high performance. The project aims to create a TLS solution that surpasses existing options in both speed and security.

Rustls is a secure TLS implementation, ready for deployment in various production environments. Its support for a C API and FIPS compliance ensures compatibility with existing systems. This is crucial, as widespread solutions based on OpenSSL continue to encounter memory safety vulnerabilities, driving the shift toward alternative TLS implementations that are independent of the C language.

Performance testing of the library revealed record-breaking connection establishment speeds. The number of completed TLS handshakes per second was evaluated on identical hardware, excluding network latency. Rustls consistently outperformed other solutions. Additionally, throughput testing demonstrated the library’s ability to deliver high data transfer speeds, ensuring faster processing on the same resources.

The trials were conducted on a server equipped with an Intel Xeon E-2386G processor, with hyper-threading and dynamic frequency scaling disabled. Performance mode was activated on all cores to enhance the accuracy of the analysis.

Rustls is already available for deployment in production systems. The library also supports:

• API for both C and Rust;
• FIPS compliance;
• Post-quantum key exchange (new algorithms forthcoming);
• Encrypted Client Hello on the client side;
• Trusted OS certificates.

The project is advancing with support from AWS, which provided the aws-lc-rs cryptographic library and contributed to its optimization through Intel AVX-512 technologies. Support from Sovereign Tech Fund, Alpha-Omega, Google, Fly.io, and Amazon Web Services has also played a pivotal role in the project’s success.