Skip to content

Fix serving TLS by setting rustls default crypto provider

Olivia Lee requested to merge benjamin/fix-tls into main

The rustls version bump in c24f79b7 introduced a panic when serving listeners with tls = true:

thread 'main' panicked at /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-vendor-cargo-deps/c19b7c6f923b580ac259164a89f2577984ad5ab09ee9d583b888f934adbbe8d0/rustls-0.23.13/src/crypto/mod.rs:265:14:
no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point

This MR fixes this by setting the default provider to ring. I chose ring (the old rustls default) over aws-lc-rs (the new default) for a few reasons:

  • Judging by github issues, aws-lc-rs seems to have a lot of build problems. We don't need more of that.
  • The "motivation" section in the aws-lc-rs docs only talks about FIPS, which we do not care about.
  • My past experience with things that start with "aws-" has been very negative.

Merge request reports