SSL Support using rustls
#63
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added SSL basic tests Base infra for SSL tests with timeout
Fix SSL client tests and have a working SSL server tests with asyncio. RLoop SSL server still broken
Use log, not print
Handle SSL handshake & shutdowns differently between client and server: Client initiates handshake immediately Server waits the client to connect.
Somehow working TLS server SSl suites listing
Fixed the requests test, and the SSL context for server
SSL closing handshake almost good, with new debug and waiting more before closing
Tests refactor & trying a larger TLS close window
TLS 1.3 _sometimes_ hangs on closing
- Better comments - Simplify the TCP TLS creating call - Update crates - Compressing comments
Name test variables correctly
Open
Also SKIP the TLS 1.2+ tests with Asyncio standard, as the 1st test _is_ 1.2+ for this reactor
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds SSL support for server and client modes, using
rustlsas backend.I got it to work flawlessly with TLS v1.2 only. When TLS v1.3 is selected, it almost always works correctly but sometimes it hangs when running as Server and the non-rustls client closes the connection.
To investigate this behaviour I wrote cross-implementation tests with standard Asyncio and seems that the disconnection is often not detected, but only when Asyncio is the client. When RLoop is the server (on another process) and RLoop is the client, it always works with TLS 1.3.
Also wrote tests with
requests,openssland raw sockets as clients. They all sometimes fails for TLS 1.3 and never fails for TLS 1.2, butopensslseems specially picky and fails a lot more than the others.Because that, the
RLOOP_TLS_VERSIONenvvar is1.2by default. The possible values are1.2,1.2+and1.3. The TLS 1.2+ and 1.3 flaky tests are marked as XFAIL on pytest.