Asked and answered
What is the difference between MesaLink® and TabbySSL?
MesaLink™ and its trademarks are owned by Baidu. TabbySSL is a fork of MesaLink that I started after I resigned from Baidu in Nov 2019. As my personal project, TabbySSL can avoid branding/CLA issues and will keep engaging the Rust community. It’s sort of like MySQL and MariaDB.
What SSL/TLS versions are supported in TabbySSL?
TabbySSL only supports TLS 1.2 and 1.3.
SSLv3, TLS 1.0, and TLS 1.1 all have known security issues.
What ciphersuites are supported in TabbySSL?
MeasLink supports 6 ciphersuites for TLS 1.2:
MeasLink supports 3 ciphersuites for TLS 1.3:
Is TabbySSL slower/faster than OpenSSL?
TabbySSL uses *ring* for crypto operations; and *ring*’s crypto primitives come from BoringSSL, a fork of OpenSSL. Therefore, TabbySSL is not slower than OpenSSL.
On the contrary, TabbySSL 1.0 is even slightly faster than OpenSSL 1.1.1b. The following result was obtained using brpc’s SSL unit tests on a workstation (Intel Core i7-8086K) running Ubuntu 16.04.5.
|TabbySSL 1.0.0||21 MB/s||82 MB/s||307 MB/s||982 MB/s||2091 MB/s|
|OpenSSL 1.1.1b||20 MB/s||49 MB/s||229 MB/s||754 MB/s||1901 MB/s|
Why is TabbySSL memory safe?
TabbySSL and its dependencies are written in the Rust programming language. Rust’s rich type system and ownership model guarantee memory-safety and thread-safety; many classes of bugs can be eliminated at just compile-time!
Why is TabbySSL compatible with OpenSSL, even if it is written in Rust?
TabbySSL implements OpenSSL C APIs with Rust FFI. If you call an exported C FFI function from Rust, it’s no different to calling that same exported C function from a different C or C++ library. Unlike Java/Go, there is zero overhead.
What crates does TabbySSL depdend on?
TabbySSL depends on the following high-quality open source projects in the Rust community. Thanks for code and inspiration!
rustls: A modern TLS library in Rust, maintained by Joseph Birr-Pixton @ctz
sct.rs: Certificate transparency SCT verification library in rust, maintained by Joseph Birr-Pixton @ctz
ring: Safe, fast, small crypto using Rust, by Brian Smith @briansmith
webpki: WebPKI X.509 Certificate Validation in Rust, maintained by Brian Smith @briansmith
What license does TabbySSL use?
TabbySSL is distributed under the 3-clause BSD license. A copy can be obtained here.
How do I build TabbySSL?
TabbySSL supports two build systems: Autotools and CMake. You’ll also need a working Rust toolchain which can be obtained here.
$ ./autogen.sh --enable-examples $ make $ make install
$ mkdir build && cd build $ cmake .. $ cmake --build .
Who is maintaining the TabbySSL project?
Yiming Jing at Baidu X-Lab maintains and contributes most of the code to the TabbySSL project since 04/2018. You are more than welcome to participate by submitting issues/pull requests.