TLS 1.0 Support Actix

I need to implement a actix_web TLS 1.0 webserver. I'm currently using rustls and just discovered it doesn't support this.

My code is as follows:

fn load_rustls_config() -> rustls::ServerConfig {
    // init server config builder with safe defaults
    let config = ServerConfig::builder().with_safe_defaults().with_no_client_auth();

    // load TLS key/cert files
    let cert_file = &mut BufReader::new(File::open("./certs/root.crt").expect("Certificate not found!"));
    let key_file = &mut BufReader::new(File::open("./certs/root.key").expect("Key not found!"));

    // convert files to key/cert objects
    let cert_chain = certs(cert_file).unwrap().into_iter().map(Certificate).collect();
    let mut keys: Vec<PrivateKey> = pkcs8_private_keys(key_file).unwrap().into_iter().map(PrivateKey).collect();

    // exit if no keys could be parsed
    if keys.is_empty() {
        eprintln!("Could not locate PKCS 8 private keys.");

    config.with_single_cert(cert_chain, keys.remove(0)).unwrap()

async fn main() -> std::io::Result<()> {
    let config = load_rustls_config();
    info!("Certificates loaded.");
    HttpServer::new(|| {
            .route("{path:.*}", web::get().to(index))
    .bind_rustls("", config)?

I don't know how to go about converting this or using a different library. Is it even possible to do this? Just thought I'd ask to make sure I won't go down a rabbit hole that leads nowhere.

You may be able to use bind_openssl rather than bind_rustls (with a configuration to enable TLS 1.0). rustls intentionally doesn't support TLS 1.0 because it's insecure and obsolete. Alternatively you may be able to set up a reverse proxy like nginx in front.

Note that if your website needs to comply with PCI, supporting TLS 1.0 is a PCI violation. Additionally, at this point there are pretty much no web browsers that only support TLS 1.0, it's mostly malicious bots, so unless you have a very specific need I would discourage configuring TLS 1.0 support.


This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.