tuxmain/rust-rpxy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Graviola
Some checks failed
Unit Test / test (push) Has been cancelled
Details
ShiftLeft Scan / Scan-Build (push) Has been cancelled
Details

Browse source
This commit is contained in:
Pascal Engélibert 2026-01-20 09:31:06 +01:00
commit 73b07b52d5
4 changed files with 231 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
rpxy-lib/Cargo.toml
View file

@ -31,6 +31,7 @@ rustls-backend = ["hyper-rustls"]
rustls-backend-aws-lc-rs = ["hyper-rustls/aws-lc-rs"]
rustls-backend-aws-lc-pq = ["hyper-rustls/aws-lc-rs", "post-quantum"]
rustls-backend-boring = ["hyper-rustls/aws-lc-rs", "boring-rustls-provider"]
rustls-backend-graviola = ["hyper-rustls/aws-lc-rs", "rustls-graviola"]
rustls-backend-openssl = ["hyper-rustls/aws-lc-rs", "rustls-openssl"]
rustls-backend-ring = ["hyper-rustls/ring"]
rustls-backend-symcrypt = ["hyper-rustls/aws-lc-rs", "rustls-symcrypt"]
@ -91,6 +92,7 @@ rpxy-certs = { path = "../rpxy-certs/", default-features = false }
hot_reload = "0.2.0"
rustls = { version = "0.23.32", default-features = false, features = ["std"] }
boring-rustls-provider = { git = "https://github.com/janrueth/boring-rustls-provider.git", rev = "490340afa77e2c08fc45853124f99d49f4f9f8a0", optional = true }
rustls-graviola = { version = "0.3.2", optional = true }
rustls-openssl = { version = "0.3.0", default-features = false, features = ["tls12"], optional = true }
rustls-post-quantum = { version = "0.2.4", optional = true }
rustls-symcrypt = { version = "0.2.1", optional = true, features = ["chacha", "x25519"] }

54
rpxy-lib/src/lib.rs
View file

@ -283,6 +283,60 @@ pub async fn entrypoint(
_provider = CryptoProvider::install_default(prov);
}
#[cfg(feature = "rustls-backend-graviola")]
{
info!("Using RusTLS provider graviola");
let mut prov = rustls_graviola::default_provider();
if let Some(ciphers) = ciphers {
prov.cipher_suites.clear();
for cipher in ciphers {
match cipher.as_str() {
"AES_256_GCM_SHA384" => prov.cipher_suites.push(rustls_graviola::suites::TLS13_AES_256_GCM_SHA384),
"AES_128_GCM_SHA256" => prov.cipher_suites.push(rustls_graviola::suites::TLS13_AES_128_GCM_SHA256),
"CHACHA20_POLY1305_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS13_CHACHA20_POLY1305_SHA256),
"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),
"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256),
"ECDHE_RSA_WITH_AES_256_GCM_SHA384" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384),
"ECDHE_RSA_WITH_AES_128_GCM_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256),
"ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" => prov
.cipher_suites
.push(rustls_graviola::suites::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256),
other => {
log::error!("Unknown cipher `{other}`")
}
}
}
}
if let Some(kexes) = kexes {
prov.kx_groups.clear();
for kex in kexes {
match kex.as_str() {
"X25519" => prov.kx_groups.push(&rustls_graviola::kx::X25519),
"SECP256R1" => prov.kx_groups.push(&rustls_graviola::kx::P256),
"SECP384R1" => prov.kx_groups.push(&rustls_graviola::kx::P384),
"X25519MLKEM768" => prov.kx_groups.push(rustls_graviola::kx::X25519MLKEM768),
other => {
log::error!("Unknown kex `{other}`")
}
}
}
}
_provider = CryptoProvider::install_default(prov);
}
#[cfg(feature = "rustls-backend-openssl")]
{
info!("Using RusTLS provider openssl");