Rustls (and its dependencies) have been audited:

that's actually what's going to replace the TLS in Apache. mod_ssl is C (presumably), but mod_tls uses rustls instead of openssl.

Yes, ring does have C code in it (looks like it's from the BoringSSL project). Unfortunate, but pure rust crypto does exist. The point is to keep unsafe to a minimum, so instead of needing to audit 100% of a codebase for memory safety bugs, you need to audit 5%.

Sign in to participate in the conversation
☠️ librepunk ☠️

A friendly mastodon instance primarily for shitposting, gays, and the glory of the free and open source software movement.