cpu
@cpu.xkeyscore.club
Reposted by cpu
Maintaining #Rustls isn’t just code — it’s choices. Dirkjan shared how OSS maintainers balance safety vs. niche flexibility and why API instability or incompatibility can ripple across the ecosystem. Full story at netstack.fm/#episode-7
Netstack.FM — A Podcast About Networking and Rust
Interviews, monologues, and deep dives into Rust and modern networking systems.
netstack.fm
September 30, 2025 at 1:34 PM
Maintaining #Rustls isn’t just code — it’s choices. Dirkjan shared how OSS maintainers balance safety vs. niche flexibility and why API instability or incompatibility can ripple across the ecosystem. Full story at netstack.fm/#episode-7
I keep this post around so I can RT it every time this technique saves my butt and it's Too Often ™
hachyderm.io/@cpu/1125942...
hachyderm.io/@cpu/1125942...
cpu (@cpu@hachyderm.io)
It has been zero days (0) since the last time I figured out my own bug by logging a Shitload-of-Hex and staring at it carefully.
hachyderm.io
September 8, 2025 at 3:06 PM
I keep this post around so I can RT it every time this technique saves my butt and it's Too Often ™
hachyderm.io/@cpu/1125942...
hachyderm.io/@cpu/1125942...
Hello!
🤔 I'm biased, but github.com/letsencrypt/boulder is a good place to start (especially w.r.t code review). github.com/FiloSottile/... and the std lib tls package are also great (though you'd have to look at Gerrit for the latter since the Go project doesn't use GitHub for code review).
🤔 I'm biased, but github.com/letsencrypt/boulder is a good place to start (especially w.r.t code review). github.com/FiloSottile/... and the std lib tls package are also great (though you'd have to look at Gerrit for the latter since the Go project doesn't use GitHub for code review).
GitHub - letsencrypt/boulder: An ACME-based certificate authority, written in Go.
An ACME-based certificate authority, written in Go. - GitHub - letsencrypt/boulder: An ACME-based certificate authority, written in Go.
github.com
September 1, 2025 at 5:15 PM
Hello!
🤔 I'm biased, but github.com/letsencrypt/boulder is a good place to start (especially w.r.t code review). github.com/FiloSottile/... and the std lib tls package are also great (though you'd have to look at Gerrit for the latter since the Go project doesn't use GitHub for code review).
🤔 I'm biased, but github.com/letsencrypt/boulder is a good place to start (especially w.r.t code review). github.com/FiloSottile/... and the std lib tls package are also great (though you'd have to look at Gerrit for the latter since the Go project doesn't use GitHub for code review).
I suspect the rustls-ffi numbers would look even better using curl w/ --ca-native on MacOS/Windows/etc where we can lean on rustls-platform-verifier to avoid all the PEM parsing & trust anchor construction for the big pile of system roots needed at startup on Linux.
July 7, 2025 at 3:04 PM
I suspect the rustls-ffi numbers would look even better using curl w/ --ca-native on MacOS/Windows/etc where we can lean on rustls-platform-verifier to avoid all the PEM parsing & trust anchor construction for the big pile of system roots needed at startup on Linux.
Tested on Linux, with curl 8.14.1 and OpenSSL 3.4.1 (latest in nixpkgs) vs rustls-ffi 0.15.0
Full disclosure: bagder's measurements w/ the newer OpenSSL 3.5.1 show an improvement. It"only" performs 54,000 allocations....
Full disclosure: bagder's measurements w/ the newer OpenSSL 3.5.1 show an improvement. It"only" performs 54,000 allocations....
July 7, 2025 at 3:03 PM
Tested on Linux, with curl 8.14.1 and OpenSSL 3.4.1 (latest in nixpkgs) vs rustls-ffi 0.15.0
Full disclosure: bagder's measurements w/ the newer OpenSSL 3.5.1 show an improvement. It"only" performs 54,000 allocations....
Full disclosure: bagder's measurements w/ the newer OpenSSL 3.5.1 show an improvement. It"only" performs 54,000 allocations....
Reposted by cpu
*slaps roof of libcrypto* this bad boy can fit so much global mutable state inside it!
June 19, 2025 at 3:05 AM
*slaps roof of libcrypto* this bad boy can fit so much global mutable state inside it!
The complainers keep pointing to impending SMTP/XMPP doom, but in both cases have little evidence to support the claim! For SMTP it doesn't seem like the mTLS-with-web-pki use-case was ever required or widely deployed, and for XMPP there are options like server dial-back that have existed for years.
June 17, 2025 at 5:35 PM
The complainers keep pointing to impending SMTP/XMPP doom, but in both cases have little evidence to support the claim! For SMTP it doesn't seem like the mTLS-with-web-pki use-case was ever required or widely deployed, and for XMPP there are options like server dial-back that have existed for years.