I measured the TLS handshake time using Rustls and OpenSSL with nginx and found it to be more than twice as fast.

Hasegawa from the Service Reliability Group (SRG) of the Media Management Division@rarirureluis is.
#SRGThe Service Reliability Group primarily provides comprehensive support for the infrastructure surrounding our media services, focusing on improving existing services, launching new ones, and contributing to open-source software (OSS).
This article compares Rustls and OpenSSL in terms of speed, now that Rustls is compatible with nginx.
 

Rustls


Rustls is a modern Transport Layer Security (TLS) library written in Rust. It is primarily designed with security and performance in mind, aiming to replace memory-insecure alternatives like OpenSSL. Rustls implements TLS 1.2 and TLS 1.3 and supports both client and server configurations.
 

It seems that the Let's Encrypt Certificate Authority is also planning to migrate.


ISRG's Let's Encrypt certificate authority will begin replacing OpenSSL with Rustls later this year.
 
Does that mean Rustls is that much better than OpenSSL?
 

install


 

Let's compare Rustls + nginx with OpenSSL.


Integrate Rustls into Nginx and run the following script.
  • 100 requests
  • Get p50, p95, p99
 

nginx + OpenSSL

 

nginx + Rustls

In conclusion


I integrated Rustls into nginx and investigated its advantages over OpenSSL.
As the benchmark results showed, Rustls performed better in every metric, and we were able to achieve more than a 2x speedup on p99.
 
SRG is looking for new team members. If you are interested, please contact us here.