Skip to content

Added Feature: CryptoProvider-independent code #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Added Feature: CryptoProvider-independent code #103

wants to merge 2 commits into from
+18 −16

Conversation

@kraemv
Copy link

@kraemv kraemv commented Nov 4, 2025
edited
Loading

Hello everyone,
I want to extend rustls-compat to work with variable CryptoProviders.

The main changes are:

  • Untied the CryptoProvider from the SSLCiphers, as the provider is not static. Now I use the rustls ciphersuite to get the protocol id of an SSLCipher, as rustls ciphersuites are static.
  • Use the awl_lc_rs Ticketer explicitly, as this is not covered in the CryptoProvider API.

The main problem for switching the CryptoProvider in the old code was, that APIs outside the CryptoProvider API of rustls were used.

I am happy to discuss the changes!

kraemv added 2 commits October 29, 2025 13:54
@kraemv
Added: TLSGroupInfo
d3e0e76 
Added: New Entrypoint to build
Added: New NIDs
Added: Provider can be changed
@kraemv
Refactored: Moved TLSGroups to new branch feature/named_group
7e7dede
@kraemv kraemv force-pushed the feature/variable_provider branch from 9201a4f to 7e7dede Compare November 4, 2025 10:26
@kraemv kraemv marked this pull request as ready for review November 4, 2025 11:43
@cpu cpu changed the title Added Feature: CrpytoProvider-independent code Added Feature: CryptoProvider-independent code Nov 5, 2025
@cpu
Copy link
Member

cpu commented Nov 5, 2025
edited
Loading

Use the awl_lc_rs Ticketer explicitly, as this is not covered in the CryptoProvider API.

Some related discussions on this in rustls/rustls#1876

I wonder if given this crate's position in the ecosystem of rustls crates it might be better to avoid the crypto provider independence complexity until after the upstream rustls crate has finished more of the refactoring in-progress in that area. Especially if it could help avoid having aws-lc-rs dragged in just for the ticketer? 🤔

@kraemv
Copy link
Author

kraemv commented Nov 6, 2025

I think covering the Ticketer with the CryptoProvider API would be helpful. As we can see from the discussion in rustls, there is a need for that, if we want to wrap the crypto in one provider.
Also, the API will change in future (CipherSuite fields...), so we can make the changes after rustls integrated the new API.
Still, I am wondering, if the ciphersuites must use the provider. If we only need the ID, that is already provided in rustls. I think the implementation of a variable provider in future will be easier, if we do not have the dependency between ciphersuite(information) and the provider.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kraemv @cpu