ISRG (Internet Security Research Group), yomwe ndi amene anayambitsa pulojekiti ya Let Encrypt ndipo imalimbikitsa chitukuko cha matekinoloje kuti apititse patsogolo chitetezo cha intaneti, adalengeza kusindikizidwa kwa rustls-openssl-compat layer, yomwe imalola kugwiritsa ntchito zipangizo zamakono. Rustls library ngati chosinthira chowonekera cha OpenSSL. Ntchitoyi pakadali pano imapereka kukhazikitsidwa kwa rustls-libssl komwe kumapereka kuyanjana ndi libssl, komanso kukhazikitsa libcrypto kukukula.
Magwiridwe omwe akupezeka pamndandandawo ndiwokwanira kuwonetsetsa kuti nginx ikugwira ntchito motengera Rustls. Kuti musamuke nginx kupita ku Rustls, mumangofunika kusintha malaibulale, osafunikira kumanganso kapena kusintha nginx. Zolinga zachitukuko zaposachedwa za Rustls zikuphatikiza kukhathamiritsa kwa magwiridwe antchito m'malo omwe Rustls akadali kumbuyo kwa OpenSSL, ndikuthandizira RFC 8879 pakuponderezedwa kwa satifiketi. Kuphatikiza apo, chilengezochi chikutchulanso dongosolo losamutsa zinthu za Let's Encrypt certification center infrastructure kuchokera ku OpenSSL kupita ku Rustls.
Pulojekiti ya Rustls imapanga makonzedwe a kasitomala ndi ma seva a TLS1.2 ndi TLS1.3 protocol kuti agwiritsidwe ntchito mu Rust application. Rustls sapereka kukhazikitsidwa kwake kwa cryptographic primitives, koma amagwiritsa ntchito ma pluggable cryptographic function providers (ECDSA, Ed25519, RSA, ChaCha20-Poly1305, AES128-GCM ndi AES256-GCM ma algorithms amathandizidwa). Mwachikhazikitso, Rustls amagwiritsa ntchito crypto provider kutengera laibulale ya aws-lc-rs, yomwe imapangidwa ndi Amazon ndipo imachokera ku C ++ code ya BoringSSL, yotsatiridwa ndi Google fork ya OpenSSL. Laibulale ya mphete, yokhazikitsidwa pang'ono ndi BoringSSL ndikuphatikiza nambala ya msonkhano, C ++ ndi Rust, ingagwiritsidwenso ntchito ngati wopereka crypto.
Ndizofunikira kudziwa kuti nginx ili ndi chithandizo chomanga ndi BoringSSL, chomwe chimakulolani kugwiritsa ntchito laibulale iyi molunjika popanda zigawo zosafunikira. Kuphatikiza apo, kuwonjezera pa chithandizo cha Rustls chopangidwa ndi ma aws-lc-rs ndi malaibulale a mphete, kutengera kachidindo ka BoringSSL, opereka ma crypto angapo akupangidwanso kwa Rustls, kulola kugwiritsa ntchito mbedtls (C code). ), malaibulale a BoringSSL (C ++) ndi RustCrypto (Rust).
Source: opennet.ru
