s2n_quic - Rust (original) (raw)

Expand description

An implementation of the IETF QUIC protocol, featuring:

a simple, easy-to-use API. See an example of an s2n-quic echo server built with just a few API calls
high configurability using providers for granular control of functionality
extensive automated testing, including fuzz testing, integration testing, unit testing, snapshot testing, efficiency testing, performance benchmarking, interoperability testing and more
integration with s2n-tls, AWS’s simple, small, fast and secure TLS implementation, as well as rustls
thorough compliance coverage tracking of normative language in relevant standards
and much more, including CUBIC congestion controller support, packet pacing, Generic Segmentation Offload support, Path MTU discovery, and unique connection identifiers detached from the address

See the installation instructions and examples to get started with s2n-quic.

§Feature flags

§`provider-address-token-default`

Enabled by default

Enables the default address token provider, which will securely generate address tokens for a single QUIC server. If your deployment requires that multiple servers handle address tokens, this provider should not be used. Instead, a custom implementation of provider::address_token::Format should be specified.

§`provider-event-tracing`

Enables event integration with tracing. The default event provider will be set to [provider::event::tracing::Provider] and will emit endpoint and connection events to the application’s configuredtracing::Subscriber.

§`provider-tls-default`

Enabled by default

Enables platform detection for the recommended implementation of TLS. Currently, this usess2n-tls on unix-like platforms and rustls on everything else.

§`provider-tls-rustls`

Enables the rustls TLS provider. The provider will be available at [provider::tls::rustls].

NOTE: this will override the platform detection and always use rustls by default.

§`provider-tls-s2n`

Enables the s2n-tls TLS provider. The provider will be available at [provider::tls::s2n_tls].

NOTE: this will override the platform detection and always use s2n-tls by default.

§`provider-tls-fips`

FIPS mode with provider-tls-s2n

FIPS mode can be enabled with the s2n-tls TLS provider on non-windows platforms.

Applications wanting to use FIPS-approved cryptography with provider-tls-s2n should:

Enable the following features:

ⓘ

 s2n-quic = { version = "1", features = ["provider-tls-fips", "provider-tls-s2n"] }

Build a custom s2n-tls TLS provider configured with a FIPS approvedsecurity policy:

ⓘ

 use s2n_quic::provider::tls::s2n_tls;
 use s2n_quic::provider::tls::s2n_tls:🪪:Policy;

 let mut tls = s2n_tls::Server::builder();
 let policy = Policy::from_version("20230317")?;
 tls.config_mut().set_security_policy(&policy)?;
 let tls = tls
     .with_certificate(..)?
     ...
     .build()?;

 let mut server = s2n_quic::Server::builder()
     .with_tls(tls)?
     ...
     .start()?;

FIPS mode with provider-tls-rustls

FIPS mode can be enabled with the rustls TLS provider. Applications are responsible for meeting guidelines for using rustls withFIPS-approved cryptography.

Applications wanting to use FIPS-approved cryptography with provider-tls-rustls should:

Enable the following features:

ⓘ

 s2n-quic = { version = "1", features = ["provider-tls-fips", "provider-tls-rustls"] }

s2n_quic - Rust (original) (raw)

§Feature flags

§provider-address-token-default

§provider-event-tracing

§provider-tls-default

§provider-tls-rustls