This crate provides integration for using rust-symcrypt cryptographic functionalities with rustls, by implementing the required traits specified by rustls.

This crate depends on the symcrypt crate and requires you have the necessary symcrypt binaries for your architecture. Refer to the rust-symcrypt Quick Start Guide to download the required binaries.

Add rustls-symcrypt to your Cargo.toml: Note: If you wish to enable x25519 or chacha you may add it as a feature at this time.

[dependencies]
rustls = { version = "0.23.0", features = ["tls12", "std", "custom-provider"], default-features = false }
rustls_symcrypt = "0.2.1"
# To enable the chacha feature:
# rustls_symcrypt = {version = "0.2.1", features = ["chacha"]}

Supported cipher suites are listed below, ordered by preference. IE: The default configuration prioritizes TLS13_AES_256_GCM_SHA384 over TLS13_AES_128_GCM_SHA256.

TLS13_AES_256_GCM_SHA384
TLS13_AES_128_GCM_SHA256
TLS13_CHACHA20_POLY1305_SHA256 // Enabled with the `chacha` feature

Note: TLS13_CHACHA20_POLY1305_SHA256 is disabled by default. Enable the chacha feature in your Cargo.toml to use this cipher suite.

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 // Enabled with the `chacha` feature
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 // Enabled with the `chacha` feature

Key exchanges are listed below, ordered by preference. IE: SECP384R1 is preferred over SECP256R1.

SECP384R1
SECP256R1
X25519 // Enabled with the `x25519` feature

Note: X25519 is disabled by default. To enable, add x25519 feature in your Cargo.toml.

The examples directory showcases how to use the rustls-symcrypt provider with rustls for both a client configuration and a server configuration by taking advantage of rustls::ClientConfig::builder_with_provider().