HOME/Articles/I measured the time it took to complete a TLS handshake using Rustls and OpenSSL with nginx and it was more than twice as fast.

I measured the time it took to complete a TLS handshake using Rustls and OpenSSL with nginx and it was more than twice as fast.

2024/8/26 19:542024/9/20 8:53

Mr. Hasegawa of the Service Reliability Group (SRG) of the Media Headquarters@rarirureluis is.

#SRG(Service Reliability Group) mainly provides cross-sectional support for the infrastructure of our media services, improving existing services, launching new ones, contributing to OSS, etc.

This article is about measuring whether Rustls is faster than OpenSSL, now that Rustls is compatible with nginx.

Rustls It seems that Let's Encrypt certificate authority is also planning to migrate install Comparing Rustls + nginx with OpenSSL nginx + OpenSSL nginx + Rustls Conclusion

Rustls

Rustls is a modern Transport Layer Security (TLS) library written in Rust. It is primarily designed with an emphasis on safety and performance, aiming to replace memory-unsafe alternatives like OpenSSL. Rustls implements TLS 1.2 and TLS 1.3 for both clients and servers.

GitHub - rustls/rustls: A modern TLS library in Rust

A modern TLS library in Rust. Contribute to rustls/rustls development by creating an account on GitHub.

https://github.com/rustls/rustls

It seems that Let's Encrypt certificate authority is also planning to migrate

ISRG's Let's Encrypt certificate authority will begin replacing OpenSSL with Rustls later this year.

Rustls Gains OpenSSL and Nginx Compatibility

The Rustls TLS library can now be used with Nginx via an OpenSSL compatibility layer. This means that Nginx users can switch from OpenSSL to Rustls with minimal effort - users can simply swap in a new TLS library without needing to modify or recompile Nginx. We have targeted Nginx versions greater than 1.18 on Ubuntu 22.04 or newer for initial support. Here's how easy it is to get going on x86_64 Ubuntu Linux 22.

https://www.memorysafety.org/blog/rustls-nginx-compatibility-layer/

So, is Rustls better than OpenSSL?

install

Comparing Rustls + nginx with OpenSSL

Integrate Rustls into Nginx and run the following script.

100 requests

Get p50, p95, p99

nginx + OpenSSL

nginx + Rustls

Conclusion

I incorporated Rustls into nginx and investigated its advantages over OpenSSL.

As the benchmark results show, Rustls outperforms in every metric, with p99 being more than twice as fast.

SRG is looking for people to work with us. If you are interested, please contact us here.

Recruitment Information - CyberAgent SRG #ca_srg

About SRG SRG (Service Reliability Group) is working to improve reliability by promoting the introduction of SREs to the media business as a cross-sectional SRE under the vision of "improving reliability across the media business." The work is centered around the following three pillars: Consolidating and deploying the technical know-how of each business

https://ca-srg.dev/careers