Module rustls::manual::_04_features
source · Expand description
This section documents rustls itself: what protocol features are and are not implemented.
The below list reflects the support provided with the default crate features.
Items marked with an asterisk *
can be extended or altered via public
APIs (CryptoProvider
for example).
§Current features
- TLS1.2 and TLS1.3
- ECDSA, Ed25519 or RSA server authentication by clients
*
- ECDSA, Ed25519 or RSA server authentication by servers
*
- Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves
*
- AES128-GCM and AES256-GCM bulk encryption, with safe nonces
*
- ChaCha20-Poly1305 bulk encryption (RFC7905)
*
- ALPN support
- SNI support
- Tunable fragment size to make TLS messages match size of underlying transport
- Optional use of vectored IO to minimise system calls
- TLS1.2 session resumption
- TLS1.2 resumption via tickets (RFC5077)
- TLS1.3 resumption via tickets or session storage
- TLS1.3 0-RTT data
- Server and optional client authentication
- Extended master secret support (RFC7627)
- Exporters (RFC5705)
- OCSP stapling by servers
- RFC8879 certificate compression by clients
and servers
*
§Non-features
For reasons explained in the other sections of this manual, rustls does not and will not support:
- SSL1, SSL2, SSL3, TLS1 or TLS1.1
- RC4
- DES or triple DES
- EXPORT ciphersuites
- MAC-then-encrypt ciphersuites
- Ciphersuites without forward secrecy
- Renegotiation
- Kerberos
- TLS 1.2 protocol compression
- Discrete-log Diffie-Hellman
*
- Automatic protocol version downgrade
- Using CA certificates directly to authenticate a server/client (often called “self-signed
certificates”). Rustls’ default certificate verifier does not support using a trust anchor as
both a CA certificate and an end-entity certificate in order to limit complexity and risk in
path building. While dangerous, all authentication can be turned off if required –
see the example code
*