Prefer `rustls` over `native_tls`?

Hello :slight_smile:
For a public facing application using web sockets I need to choose between rustls and native_tls. I know this question has been asked before but all the resources I found in this forum and on the internet were a couple of years old.
Therefore want to ask again: Is there any reason why not to use rustls instead of native_tls?

Rustls (intentionally) only implements a small, modern, subset of TLS protocols and cipher suites. That can prevent very out of date peers from communicating with rustls. As long as you aren't worried about that it should be fine.


If you need FIPS support, you should use native_tls on a system providing that.

Also, rustls->ring doesn't support as many CPU architectures.

1 Like

Could you elaborate on this? What is "FIPS support" in that matter and when would rustls fail?

rustls has not been FIPS certified in the way that e.g. OpenSSL's fips module has: /docs/man3.0/man7/fips_module.html

I wonder if this causes compatibility/interoperability issues when communicating with a FIPS certified peer or whether this is "just" a compliance issue.

As long as the peer supports one of the protocols rustls does it shouldn't matter.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.