Adding a second TLS implementation

Kevin Burke kevin at meter.com
Thu Feb 11 01:02:54 UTC 2021


Hi,
There has been a recent push by some members of the security community to
try to make more critical code run in memory safe languages, because of the
high prevalence of security issues related to memory safety, for example,
use-after-free, double-free or heap buffer vulnerabilities.

In that light, I was wondering if you'd be open to adding a second TLS
implementation that could be used in place of OpenSSL. Ideally, the target
would be a TLS implementation in a memory safe language, for example,
rustls, available at https://github.com/ctz/rustls. Curl just merged a
patch to support the rustls backend.

This would require a lot of changes to make the TLS implementation portable
so before investigating it I figured I would see if you're open to it at
all.

Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210210/c3f422e7/attachment.htm>


More information about the nginx-devel mailing list