-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch from OpenSSL to Rustls #49
Comments
Last I checked, Rustls wasnt able to generate RSA keypairs. https://github.com/LemmyNet/activitypub-federation-rust/blob/main/src/http_signatures.rs#L53 |
I do support the idea of moving away from OpenSSL, but there are better solutions than what you've suggested. Using a dedicated RSA library like what the RustCrypto guys made would probably be better for this project's use case. |
Since signing messages takes up a significant amount of CPU time and we're signing millions of messages, there probably needs to be some benchmarking done to prevent large performance regression |
I'm not familiar with Rust benchmarking in the slightest, but I decided to try and improvise, just to get an idea of what the differences in performance might be at a very basic level. Taking from the examples for
I used
|
make sure you use cargo run --release and add lto="thin" to [profile.release] in cargo, rust is really slow in dev mode |
Good catch. I redid the tests using what you suggested, and here's what I got:
|
I'd like to raise some discussion about moving from OpenSSL to Rustls.
Moving away from OpenSSL would make the project more portable, since you don't have to fiddle with OpenSSL's installation. Additionally, Rustls makes smart use of the type state pattern and rusts move semantics to improve security.
The text was updated successfully, but these errors were encountered: