The programming language Rust is becoming more and more popular and is increasingly used for cryptography. In Rust’s favour is the fact that the language promises very secure memory management, making errors such as buffer overflows and use-after-free less likely. Considering one of the best-known TLS vulnerabilities, the OpenSSL Heartbleed bug , which violates memory security, this development is not surprising.
For example, a new TLS backend with Rustls
was recently announced for the curl library . Hyper , an HTTP library written in Rust, is also to be made available as a backend for curl .
The Internet Security Research Group (ISRG) also announced that they will support a Rust-based TLS module for the Apache web server .
This is funded as part of Google’s and the ISRG’s efforts to move ports of critical open source software into memory-safe languages .
The move of the cryptography package from Python, however, led to heated discussions in the community, as especially some older platforms would no longer be supported without the Rust compiler . The cryptography [#]_project has already started to reimplement parts of its ASN1 parsing code in Rust, as ASN1 parsers often had memory security vulnerabilities in the past.
