Module _04_features 

本节说明 rustls 本身：哪些协议功能已实现、哪些未实现

此 below list reflects the support provided with 默认 crate features. Items marked with an asterisk * can be extended 或 altered via public APIs (CryptoProvider 用于 example)。

Current features

• TLS1.2 and TLS1.3
• ECDSA, Ed25519 or RSA server authentication by clients *
• ECDSA, Ed25519¹ or RSA server authentication by servers *
• Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves *
• Post-quantum hybrid key exchange with X25519MLKEM768 ² *
• AES128-GCM and AES256-GCM bulk encryption, with safe nonces *
• ChaCha20-Poly1305 bulk encryption (RFC7905) *
• ALPN support
• SNI support
• Tunable fragment size to make TLS messages match size of underlying transport
• Optional use of vectored IO to minimise system calls
• TLS1.2 session resumption
• TLS1.2 resumption via tickets (RFC5077)
• TLS1.3 resumption via tickets or session storage
• TLS1.3 0-RTT data
• Server and optional client authentication
• Extended master secret support (RFC7627)
• Exporters (RFC5705)
• OCSP stapling by servers
• RFC7250 raw public keys for TLS1.3
• RFC8879 certificate compression by clients and servers *
• Client-side Encrypted client hello (ECH) (draft-ietf-tls-esni).

Non-features

For reasons explained in the other sections of this manual, rustls does not 并 will not support:

• SSL1, SSL2, SSL3, TLS1 or TLS1.1
• RC4
• DES or triple DES
• EXPORT ciphersuites
• MAC-then-encrypt ciphersuites
• Ciphersuites without forward secrecy
• Renegotiation
• Kerberos
• TLS 1.2 protocol compression
• Discrete-log Diffie-Hellman *
• Automatic protocol version downgrade
• Using CA certificates directly to authenticate a server/client (often called “self-signed certificates”). Rustls’ default certificate verifier does not support using a trust anchor as both a CA certificate and an end-entity certificate in order to limit complexity and risk in path building. While dangerous, all authentication can be turned off if required – see the example code *

About “custom extensions”

OpenSSL allows an application 到 add arbitrary TLS extensions (via the SSL_CTX_add_custom_ext function 并 associated APIs)。 We don’t support this, with the following rationale:

Such an API is limited 到 extensions that are quite narrow in scope: they cannot change the meaning of 标准 messages, 或 introduce new messages, 或 make any changes 到 the connection’s cryptography.

However, there is no reasonable way 到 technically limit that API 到 that set of extensions. That makes the API pretty unsafe (in the TLS 并 cryptography sense, not memory safety sense)。 This could cause security 或 interop failures.

我们建议该 API 的潜在使用者考虑：

• whether their use can fit in standard extensions such as ALPN, or ALPS³.
• if not, whether they can fit in a more general extension, and define and standardize that in the IETF TLSWG.

Note the above is not 一个 guarantee 或 offer that rustls will implement any specific extensions that are standardized by the IETF TLSWG. It 是 non-goal of this project 到 implement absolutely everything.

For experimentation 并 pre-standardization testing, we suggest forking rustls.

参见：Go 对这种 API 的立场。

---

1. Note that, at the time of writing, Ed25519 does not have wide support in browsers. It 也 not supported by the WebPKI, because the CA/Browser Forum Baseline Requirements do not support it 用于 publicly trusted 证书 ↩

2. ，请参见the documentation ↩

3. rustls does not currently implement ALPS, but it is something we would consider once standardised 并 deployed. ↩