Rustls Provider

The leancrypto Rustls provider allows the use of a TLS stack with cryptographic primitives that are solely implemented by leancrypto.

TLS Protocol Support

The leancrypto Rustls provider offer the following TLS protocol support:

• TLS v1.3

• QUIC

The following cryptographic algorithms are supported:

• Cipher suites

  • TLS13_AES_256_GCM_SHA384

  • TLS13_AES_128_GCM_SHA256

  • TLS13_CHACHA20_POLY1305_SHA256

• Supported key establishment in the following order of precedence

  • X25519MLKEM768

  • MLKEM1024

  • MLKEM768

  • X25519 (only provided to ease transition to PQC)

• Supported signature algorithms

  • ED25519 (only provided to ease transition to PQC)

  • (Support for ML-DSA[87|65|44] is prepared and activated once rustls provides support)

  • (Support for SLH-DSA[128|192|256][f|s] will be added once rustls provides support)

Compile example code

The following steps apply to the rustls directory in the leancrypto source directory.

1. Install leancrypto by either building it from the source code tree or install it via the distribution. The installation must include the development header files.

2. Build test code: cargo build --release

3. Execute test code: cargo test --release

Develop your own code

An example code for using the provider is given in rustls/src/lib.rs.