Joseph Birr Pixton, developer of the TLS Rustls library performed a series of tests on its development y noticed that the latter's performance outperformed that of OpenSSL on various levels. Rustls is an open source library, TLS, written in Rust and available under the Apache 2.0, MIT, and ISC licenses, but OpenSSL is a well-known library and the industry standard in almost every major category.
According to its documentation, Rustls is a modern TLS library that aims to provide a good level of cryptographic security. It does not require any configuration to achieve this security and does not provide any insecure functionality or outdated cryptography.
It has many features, such as ECDSA or RSA server client authentication and ECDSA or RSA server server authentication, while supporting server certificate verification.
This means that you do not need to provide anything other than a set of root certificates. Certificate verification cannot be disabled in the main API.
On the other hand, OpenSSL is a robust, commercial-grade, full-featured toolkit for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a versatile crypto library.
About Rustls tests
In his series of performance tests, Joseph Birr Pixton says that he has considered several points to assess how performance it can vary between TLS libraries, i.e. interchange performance and overall performance.
Handshake performance covers the speed with which new TLS sessions can be configured. In terms of overall performance, they cover the speed with which application data can be transferred to an already configured session.
The results of the various tests showed that Rustls was 10% faster when setting up and making a new connection with the server and 20-40% faster when setting up a client connection.
But if the speeds for new TLS connections are high, most of the TLS traffic relies on the resumption of already established connections.
Here too, Rustls outperformed the OpenSSL library, taking a server-side connection 10-20%, and 30-70% faster to resume a client connection.
Additionally, Rustls performed better in terms of overall performance or data transfer speed over the TLS connection.
Birr Pixton said Rustls could send data 15% faster than OpenSSL and receive 5% faster. Finally, he says, the Rustls library used only half the memory required to run OpenSSL, which is a huge plus. He recalled that on this side, OpenSSL has been criticized very often for its large memory footprint and the large number of security problems found in its code.
To summarize the results, we can roughly say:
- Rustls is 15% faster to send data
- Rustls is 5% faster to receive data
- Rustls is 20 to 40% faster to set up a client connection
- Rustls is 10% faster to set up a server connection
- Rustls is 30 to 70% faster to resume a client connection
- Rustls is 10-20% faster to resume connection to server
- Rustls uses less than half the OpenSSL memory
Birr Pixton explained that because Rustls is encoded in Rust, the security flaw problems are solved largely with the Rust language design. The language has been designed from the ground up to avoid memory-related security bugs.
The way that programs written in the Rust programming language interact with memory is one of the most prominent linguistic interpretations. If large companies recognize the usefulness of the language created by Mozilla Research, their growth could explode in the coming years.
Browsers such as Firefox and Brave are also believed to currently use Rust components, but large companies such as Cloudflare, Dropbox, and Yelp have also adopted for production systems.
Source: https://jbp.io
Great numbers for Rustls. I wonder why they didn't compare it to LibreSSL.
It remains to be seen if Rust's performance is superior enough to oust C ++, and more so C / Asm, as far as I know the complexity of switching languages was superior to the syntactic sugar added by Rust.