#tls #rust

tabbyssl

之前为MesaLink,TabbySSL是Rust TLS堆栈的OpenSSL兼容层

1个不稳定版本

0.10.0 2019年11月25日

#38 in #ssl

BSD-3-Clause

285KB
6K SLoC

包含 (模糊的autoconf代码,7KB) configure.ac

Rust SSL/TLS堆栈的OpenSSL兼容层

Build Status Build Status Coverage Status Release License

之前为MesaLinkTabbySSL是Rust SSL/TLS堆栈的OpenSSL兼容层。

发布历史

  • 0.10.0 (11/24/2019)
    • 从MesaLink的master分支分叉而来

支持的加密套件

与rustls相同

  • TLS13-CHACHA20-POLY1305-SHA256
  • TLS13-AES-256-GCM-SHA384
  • TLS13-AES-128-GCM_SHA256
  • TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
  • TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256

Autotools的构建说明

$ sudo apt-get install m4 autoconf automake libtool make gcc curl
$ curl https://sh.rustup.rs -sSf | sh

$ git clone https://github.com/ymjing/tabbyssl.git
$ ./autogen.sh --enable-examples
$ make

CMake的构建说明

$ sudo apt-get install cmake make gcc curl
$ curl https://sh.rustup.rs -sSf | sh

$ git clone https://github.com/ymjing/tabbyssl.git
$ mkdir build && cd build
$ cmake ..
$ cmake --build .

示例

要启用示例,请使用 configure --enable-examplescmake -DHAVE_EXAMPLES=on.

$ ./examples/client/client api.ipify.org
[+] Negotiated ciphersuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, enc_length=16, version=TLS1.2
[+] Subject name: /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.ipify.org
[+] Subject alternative names:*.ipify.org ipify.org
[+] Sent 85 bytes

GET / HTTP/1.0
Host: api.ipify.org
Connection: close
Accept-Encoding: identity


HTTP/1.1 200 OK
Server: Cowboy
Connection: close
Content-Type: text/plain
Vary: Origin
Date: Thu, 09 Aug 2018 21:44:35 GMT
Content-Length: 10
Via: 1.1 vegur

1.2.3.4
[+] TLS protocol version: TLS1.2

[+] Received 177 bytes
$ ./examples/server/server
Usage: ./examples/server/server <portnum> <cert_file> <private_key_file>
$ cd examples/server/server
$ ./server 8443 certificates private_key
[+] Listening at 0.0.0.0:8443
[+] Negotiated ciphersuite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, enc_length=16, version=TLS1.2
[+] Received:
GET / HTTP/1.1
Host: 127.0.0.1:8443
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

致谢

没有以下Rust社区中的高质量开源项目,TabbySSL/MesaLink将不可能实现。感谢代码和灵感!

  • rustls: 由Joseph Birr-Pixton @ctz维护的现代Rust TLS库
  • sct.rs: rust中证书透明度SCT验证库,由Joseph Birr-Pixton @ctz维护
  • ring: 由Brian Smith @briansmith编写的安全、快速、小巧的加密,使用Rust
  • webpki: Rust中的WebPKI X.509证书验证,由Brian Smith @briansmith维护

维护者

  • 2019.11 - 现在:Yiming Jing <yjing@apache.org> @ymjing

许可证

TabbySSL在3-Clause BSD许可证下提供。副本请参阅LICENSE文件。

依赖关系

~13–23MB
~425K SLoC