History

0x676e67 13eb268616 feat: replace once_cell with LazyLock (#38 ) * RTG-3333 Support X25519MLKEM768 by default, but don't sent it as client X25519MLKEM768 is the standardised successor of the preliminary X25519Kyber768Draft00. Latest browsers have switched to X25519MLKEM768. Cloudflare supports both on the edge. We've had support for X25519MLKEM768 in this crate for a while, but didn't enable by default. We're now enabling serverside support by default. We also let clients advertise support when set to kx-client-pq-supported. We don't enable support by default yet for clients set to kx-client-pq-preferred, as that would cause an extra round-trip due to HelloRetryRequest if the server doesn't support X25519MLKEM768 yet. BoringSSL against which we build must support X25519MLKEM768, otherwise this will fail. * replace once_cell with LazyLock We can drop the once_cell dependency since the same functionality is implemented in std now. Requires bumping MSRV to 1.80. * fix manual_c_str_literals clippy warning --------- Co-authored-by: Bas Westerbaan <bas@cloudflare.com> Co-authored-by: Alessandro Ghedini <alessandro@cloudflare.com>		2025-01-23 10:08:15 +08:00
..
examples	rename tokio-rboring to tokio-boring2	2024-11-15 10:42:55 +08:00
src	Introduce and use read_uninit and write_uninit duplicated from openssl-0.10.61 and tokio-openssl-0.6.4	2024-02-21 09:07:39 +01:00
tests	rename tokio-rboring to tokio-boring2	2024-11-15 10:42:55 +08:00
CHANGELOG.md	Add/update changelogs	2021-12-16 13:52:38 -06:00
Cargo.toml	feat: replace once_cell with LazyLock (#38 )	2025-01-23 10:08:15 +08:00
LICENSE-APACHE	Add tokio-boring	2020-11-11 19:26:22 +00:00
LICENSE-MIT	Add hyper-boring	2020-11-11 20:29:54 +00:00
README.md	Update documentation for tokio-boring	2021-07-29 11:28:43 -04:00

README.md

tokio-boring

An implementation of SSL streams for Tokio built on top of the BoringSSL.

Documentation

Usage

First, add this to your Cargo.toml:

[dependencies]
tokio-boring = "1.0.0"

Then, use either accept or connect as appropriate.

use boring::ssl;
use tokio::net::TcpListener;

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    let listener = TcpListener::bind("127.0.0.1:8080").await?;
    let (tcp_stream, _addr) = listener.accept().await?;

    let server = ssl::SslMethod::tls_server();
    let mut ssl_builder = boring::ssl::SslAcceptor::mozilla_modern(server)?;
    ssl_builder.set_default_verify_paths()?;
    ssl_builder.set_verify(ssl::SslVerifyMode::PEER);
    let acceptor = ssl_builder.build();
    let _ssl_stream = tokio_boring::accept(&acceptor, tcp_stream).await?;
    Ok(())
}

This library is an implementation of TLS streams using BoringSSL for negotiating the connection. Each TLS stream implements the Read and Write traits to interact and interoperate with the rest of the futures I/O ecosystem. Client connections initiated from this crate verify hostnames automatically and by default.

tokio-boring exports this ability through [accept] and [connect]. accept should be used by servers, and connect by clients. These augment the functionality provided by the [boring] crate, on which this crate is built. Configuration of TLS parameters is still primarily done through the [boring] crate.

License

This project is licensed under either of

Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in Serde by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Accolades

The project is based on a fork of tokio-openssl.