John LeonardA lot of things don’t add up in the world of software. The skills gap remains stubbornly wide, with IT and data skills the hardest to recruit for five consecutive years. Yet, at the same time, entry level roles are declining as employers redeploy existing employees rather than hiring new ones.
Thomas ZahnerJust woke up to 5 vulnerability alerts (4 high severity) of the openSSL Rust crate. Now I'm even more thankful we've made the switch to rustls in lychee. I've only seen advantages so far. The transition was totally smooth, and now we have faster, more stable and apparently more secure TLS.
Thank you @djc, @ctz et al. for this amazing piece of software!
the eevee the eevee the eevee
Coroot#eBPF collects telemetry directly from applications and infrastructure, simplifying observability instrumentation. Here’s how to get it working with #Rustls: https://coroot.com/blog/instrumenting-rust-tls-with-ebpf/
#rust #openssl #golang #go #linux #ebpf #observability #monitoring #sysadmin #devops #sre #opensource #FOSS #freesoftware #kubernetes #tech #otel #opentelemetry #tech #AI
Big Rust News:
Rustls has decided to move ring and aws-lc crypto providers into their own crates going forward
Josh BressersThis week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety
https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/
Rustls with Dirkjan and Joe
Josh talk to Dirkjan and Joe about Rustls (pronounced rustles), a Rust-based TLS library. Dirkjan and Joe are developers on Rustls. We talk about the history that got us to this point. The many many challenges in writing a TLS library (Rust or not). We also chat about some of what’s to come. Rustls has an OpenSSL compatibility layer which makes is a really interesting project. Episode Links Dirkjan Joe Rustls This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player.
kpcyrd 🏴In other news, very happy to see the most popular #Rust http client library is switching their default TLS implementation from OpenSSL to #rustls.
https://github.com/seanmonstar/reqwest/releases/tag/v0.13.0-rc.1
MynacolI finally tried to replace #openssl with #aws-lc on some of my services. Unfortunately, #nginx and #mosquitto lack support for it. Instead, I successfully switched #BIND to use aws-lc.
I later also noticed that the #rustls compatibility shim is in nixpkgs 25.05, but here BIND is missing some variables. And despite the wrapper being explicitly made for nginx, it also fails here with
/nix/store/mkvc0lnnpmi604rqsjdlv1pmhr638nbd-binutils-2.44/bin/ld: objs/src/stream/ngx_stream_ssl_module.o: in function `ngx_stream_ssl_servername':
/build/nginx-1.28.0/src/stream/ngx_stream_ssl_module.c:606:(.text+0xd59): undefined reference to `SSL_SESSION_get0_hostname'
A shame. I wanted to change to more modern libraries.
Untested: #dovecot and #postfix (they lack a services.(dovecot2|postfix).package variable to easily change the used package. A PR for dovecot is already open to add support for it.
GoliverI'm thrilled to announce the first release of Quark, my new reverse proxy written in #Rust 🦀
Quark v0.1.0 is out and fully functional, built on top of the robust #Hyper and #Rustls libraries. It's designed to offer high performance and security for your web applications.
Quark is open source and available under the MIT license.
irohHow does 0-RTT work in #iroh (and #QUIC, and a little bit of #TLS), a fun exploration: https://www.iroh.computer/blog/0rtt-api
What's even better is that @Frando already landed a PR in #rustls to improve the UX of this (https://github.com/rustls/rustls/pull/2476). Should also land in #Quinn and #iroh soon!
