Asked and answered

MesaLink™ and its trademarks are owned by Baidu. TabbySSL is a fork of MesaLink that I started after I resigned from Baidu in Nov 2019. As my personal project, TabbySSL can avoid branding/CLA issues and will keep engaging the Rust community. It’s sort of like MySQL and MariaDB.

What SSL/TLS versions are supported in TabbySSL?

TabbySSL only supports TLS 1.2 and 1.3.

SSLv3, TLS 1.0, and TLS 1.1 all have known security issues.

What ciphersuites are supported in TabbySSL?

MeasLink supports 6 ciphersuites for TLS 1.2:

MeasLink supports 3 ciphersuites for TLS 1.3:

Is TabbySSL slower/faster than OpenSSL?

TabbySSL uses *ring* for crypto operations; and *ring*’s crypto primitives come from BoringSSL, a fork of OpenSSL. Therefore, TabbySSL is not slower than OpenSSL.

On the contrary, TabbySSL 1.0 is even slightly faster than OpenSSL 1.1.1b. The following result was obtained using brpc’s SSL unit tests on a workstation (Intel Core i7-8086K) running Ubuntu 16.04.5.

Block size16B64B256B1KB4KB
TabbySSL 1.0.021 MB/s82 MB/s307 MB/s982 MB/s2091 MB/s
OpenSSL 1.1.1b20 MB/s49 MB/s229 MB/s754 MB/s1901 MB/s

Why is TabbySSL memory safe?

TabbySSL and its dependencies are written in the Rust programming language. Rust’s rich type system and ownership model guarantee memory-safety and thread-safety; many classes of bugs can be eliminated at just compile-time!

Why is TabbySSL compatible with OpenSSL, even if it is written in Rust?

TabbySSL implements OpenSSL C APIs with Rust FFI. If you call an exported C FFI function from Rust, it’s no different to calling that same exported C function from a different C or C++ library. Unlike Java/Go, there is zero overhead.

What crates does TabbySSL depdend on?

TabbySSL depends on the following high-quality open source projects in the Rust community. Thanks for code and inspiration!

What license does TabbySSL use?

TabbySSL is distributed under the 3-clause BSD license. A copy can be obtained here.

How do I build TabbySSL?

TabbySSL supports two build systems: Autotools and CMake. You’ll also need a working Rust toolchain which can be obtained here.

$ ./autogen.sh --enable-examples
$ make
$ make install
$ mkdir build && cd build
$ cmake ..
$ cmake --build .

Who is maintaining the TabbySSL project?

Yiming Jing at Baidu X-Lab maintains and contributes most of the code to the TabbySSL project since 04/2018. You are more than welcome to participate by submitting issues/pull requests.