A tiny and relatively unknown TLS library written in Rust, an up-and-coming programming language, outperformed the industry-standard OpenSSL in almost every major category.
The findings showed that Rustls was 10% faster when setting up and negotiating a new server connection, and between 20 and 40% faster when setting up a client connection.
But while handshake speeds for new TLS connections are important, most TLS traffic relies on resuming previously negotiated handshakes. Here, too, Rustls outperformed the aging OpenSSL, being between 10 and 20% in resuming a connection on the server-side, and being between 30 and 70% quicker to resume a client connection.
Furthermore, Rustls also fared better in sheer bulk performance -- or the speed at which data is transferred over the TLS connection. Birr-Pixton said Rustls could send data 15% faster than OpenSSL, and receive it 5% faster as well.
Last, but not least, the Rustls creator also said his library only used half of the memory required to run OpenSSL, a major advantage.
In the past, OpenSSL has been often criticized for its large memory footprint and the large number of security bugs found in its code. Because Rustls was coded in Rust, the issues with security flaws are largely addressed by the design of the Rust language itself, which was designed from the ground-up to avoid memory-related security bugs.
Based on the results of these benchmarks, Rustls appears to have also addressed the issue of performance, making it an ideal replacement for web services that still rely on the old OpenSSL.
Rust adoption growing
Birr-Pixton's Rustls-OpenSSL performance tests come to support a rising notion that Rust, overall, is now generally faster than C++.
The fact that a Rust-based library beat the C and C++-based OpenSSL is not a surprise anymore. After years under development, Rust is now a very mature programming language.
Created by Mozilla, Rust was developed from the ground up to prevent memory management-related bugs, which are usually at the heart of most security flaws in C and C++ applications.
While the Rust project was ridiculed in the beginning, it is now being adopted at a rapid pace, and the decisions behind its safety-first design have proven a success.
Furthermore, this week, Microsoft also announced plans to explore using Rust as a replacement for C and C++.
Besides big tech, the language is also popular with everyday developers. Rust has come out on top as the most popular programming language in StackOverflow's developer survey for the past five years, in 2016, 2017, 2018, and 2019.
Related cybersecurity coverage:
- Gigabyte and Lenovo servers impacted by common BMC firmware flaws
- 93% of porn sites leak data to a third-party
- Kazakhstan government is now intercepting all HTTPS traffic
- Malicious Python libraries targeting Linux servers removed from PyPI
- Microsoft to explore using Rust
- Permission-greedy apps delay Android upgrade so they could harvest more user data
- iOS developers still failing to build end-to-end encryption into apps TechRepublic
- The best identity theft monitoring services for 2019 CNET