Document changeable TLS 'CryptoProvider's.

This commit is contained in:
Sergio Benitez 2024-03-30 20:55:58 -07:00 committed by Sergio Benitez
parent edce8bd656
commit 0edbb6dad5
1 changed files with 34 additions and 0 deletions

View File

@ -395,6 +395,40 @@ proxy_proto_header = "X-Forwarded-Proto"
[`CookieJar`]: @api/master/rocket/http/struct.CookieJar.html [`CookieJar`]: @api/master/rocket/http/struct.CookieJar.html
[`Request::context_is_likely_secure()`]: @api/master/rocket/request/struct.Request.html#method.context_is_likely_secure [`Request::context_is_likely_secure()`]: @api/master/rocket/request/struct.Request.html#method.context_is_likely_secure
### Crypto Providers
Rocket's TLS support, provided by [`rustls`], allows replacing the underlying
[`CryptoProvider`] for cryptographic operations. By default, Rocket uses
[`ring`] as its `CryptoProvider`, but applications can change the default by
[installing] a different `CryptoProvider` before Rocket launches.
For example, to use `aws-lc-rs` instead of `ring`, first depend on `rustls`
directly with the `aws_lc_rs` feature enabled:
```toml
[dependencies]
rustls = { version = "0.23", features = ["aws_lc_rs"] }
```
Then, before the application starts, install the provider as the default:
```rust,ignore
# #[macro_use] extern crate rocket;
#[launch]
fn rocket() -> _ {
let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();
rocket::build()
}
```
Rocket will use the installed default whenever TLS is operational.
[`rustls`]: @rustls
[`CryptoProvider`]: @rustls/crypto/struct.CryptoProvider.html
[`ring`]: @rustls/crypto/ring/index.html
[installing]: @rustls/crypto/struct.CryptoProvider.html#method.install_default
### Workers ### Workers
The `workers` parameter sets the number of threads used for parallel task The `workers` parameter sets the number of threads used for parallel task