Securing raw *socket* (not HTTPs) with certificates

Hi there, googling has let me down.

What is the state of art of securing raw sockets with a public/private certificate (e.g. password protected PFX)?

I know there are a bunch of crates (rustls, tokio-native-tls, openssl bindings., pkcs12, p12 etc.) but I can't quite get a read on which is most likely to be both:

  • rich enough to handle the myriad of configuration our clients like to test me with
  • future proof

I've only ever done this in Tomcat and am somewhat spoiled by the JVM eco-system. It's also hard finding the nonHTTPs implementations.

Are any of you doing this and what ingredients did you use (preferably tokio based).


1 Like

and of course, after asking, I've just found tls/tokio-native-tls/examples/ at master · tokio-rs/tls · GitHub which seems on point...