Rustls Server-Side Performance
a year ago
- #Rustls
- #Performance
- #TLS
- Rustls is a memory-safe TLS implementation focused on performance and production readiness.
- The project has received investments from ISRG and aims to improve performance without compromising safety.
- Rustls offers a C API and FIPS support to replace C-based TLS implementations like OpenSSL, which have memory safety vulnerabilities.
- Server performance optimizations include minimizing slowdowns from shared resumption stores and improving handshake latency.
- Rustls supports two TLS resumption strategies: stateful (server-side storage) and stateless (client-side storage with tickets).
- Changes in Rustls 0.23.17 include using RwLock for ticket encryption keys and reducing default tickets from 4 to 2 to align with OpenSSL/BoringSSL.
- Benchmarks show Rustls scales linearly with core count and has ~2x lower handshake latency than OpenSSL.