#eBPF collects telemetry directly from applications and infrastructure, simplifying observability instrumentation. Here’s how to get it working with #Rustls: https://coroot.com/blog/instrumenting-rust-tls-with-ebpf/
#rust #openssl #golang #go #linux #ebpf #observability #monitoring #sysadmin #devops #sre #opensource #FOSS #freesoftware #kubernetes #tech #otel #opentelemetry #tech #AI
Big Rust News:
Rustls has decided to move ring and aws-lc crypto providers into their own crates going forward
This week on #OpenSourceSecurity I chat with @djc and @ctz about #Rustls. A lot has happened with Rustls in the last few years (and there's a lot more to come). Writing a TLS implementation is incredibly complicated, even when you don't have to worry about memory safety
https://opensourcesecurity.io/2025/2025-12-rustls-dirkjan-joe/
Josh talk to Dirkjan and Joe about Rustls (pronounced rustles), a Rust-based TLS library. Dirkjan and Joe are developers on Rustls. We talk about the history that got us to this point. The many many challenges in writing a TLS library (Rust or not). We also chat about some of what’s to come. Rustls has an OpenSSL compatibility layer which makes is a really interesting project. Episode Links Dirkjan Joe Rustls This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player.
In other news, very happy to see the most popular #Rust http client library is switching their default TLS implementation from OpenSSL to #rustls.
https://github.com/seanmonstar/reqwest/releases/tag/v0.13.0-rc.1
I finally tried to replace #openssl with #aws-lc on some of my services. Unfortunately, #nginx and #mosquitto lack support for it. Instead, I successfully switched #BIND to use aws-lc.
I later also noticed that the #rustls compatibility shim is in nixpkgs 25.05, but here BIND is missing some variables. And despite the wrapper being explicitly made for nginx, it also fails here with
TFF eevee
Coroot
Josh Bressers
kpcyrd 🏴
Mynacol/nix/store/mkvc0lnnpmi604rqsjdlv1pmhr638nbd-binutils-2.44/bin/ld: objs/src/stream/ngx_stream_ssl_module.o: in function `ngx_stream_ssl_servername':
/build/nginx-1.28.0/src/stream/ngx_stream_ssl_module.c:606:(.text+0xd59): undefined reference to `SSL_SESSION_get0_hostname'
A shame. I wanted to change to more modern libraries.
Untested: #dovecot and #postfix (they lack a services.(dovecot2|postfix).package variable to easily change the used package. A PR for dovecot is already open to add support for it.
I'm thrilled to announce the first release of Quark, my new reverse proxy written in #Rust 🦀
Quark v0.1.0 is out and fully functional, built on top of the robust #Hyper and #Rustls libraries. It's designed to offer high performance and security for your web applications.
Quark is open source and available under the MIT license.
How does 0-RTT work in #iroh (and #QUIC, and a little bit of #TLS), a fun exploration: https://www.iroh.computer/blog/0rtt-api
What's even better is that @Frando already landed a PR in #rustls to improve the UX of this (https://github.com/rustls/rustls/pull/2476). Should also land in #Quinn and #iroh soon!
In past years, the Rustls project has been happy to receive substantial investments from the ISRG. One of our goals has been to improve performance without compromising on safety. We last posted about our performance improvements in October of 2024, and we're back to talk about another round of improvements. What is Rustls? Rustls is a memory safe TLS implementation with a focus on performance. It is production ready and used in a wide range of applications.
In past years, the Rustls project has been happy to receive substantial investments from the ISRG. One of our goals has been to improve performance without compromising on safety. We last posted about our performance improvements in October of 2024, and we're back to talk about another round of improvements. What is Rustls? Rustls is a memory safe TLS implementation with a focus on performance. It is production ready and used in a wide range of applications.
Goliver
iroh
GripNews
N-gated Hacker News