this post was submitted on 28 Feb 2024
31 points (100.0% liked)

Rust

6011 readers
3 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

[email protected]

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS
top 3 comments
sorted by: hot top controversial new old
[–] snaggen 9 points 8 months ago (2 children)

This is very interesting. I hope someone write an indepth review regarding features and performance, compared to the competition. I wonder why they went with openssl instead of rustls, it is not like OpenSSL have the best security reputation.

[–] onlinepersona 7 points 8 months ago

The article on how they built Pingora is a good read too.

NGINX is purely in C, which is not memory safe by design. It is very error-prone to work with such a 3rd party code base. It is quite easy to get into memory safety issues, even for experienced engineers, and we wanted to avoid these as much as possible.

[...]

Since Pingora's inception we’ve served a few hundred trillion requests and have yet to crash due to our service code. In fact, Pingora crashes are so rare we usually find unrelated issues when we do encounter one. Recently we discovered a kernel bug soon after our service started crashing.

I didn't develop Rust nor the service, but I can't help but feel smug when reading that. RIR is quite valuable

CC BY-NC-SA 4.0

[–] Vorpal 5 points 8 months ago

My guess is that the relevant keyword for the choice of OpenSSL is FIPS. Rusttls doesn't (or at least didn't) have that certification, which matters if you are dealing with US government (directly or indirectly). I believe there is an alternative backend (instead of ring) these days that does have FIPS though.