|
|
|
|
|
|
by sim7c00
239 days ago
|
|
|
still doesnt have anything to do with the webservers that used openSSL. If ferror was sanely coded and super secure but used openssl (or another vulnerable library for similar purposes --- does ferron roll its own crypto??) then it would be similarly impacted. it's memory safety features not useful since its using FFI to go into openssl. not sure if there is already a true rust TLS implementation - that might be useful for such a case but would also make the point a moot-point since its just evading the risk by not using it, not by solving the issue of memory issues being present in third-party libraries. |
|
|
You can read how Rustls compares to other TLS implementations, when it comes to implementation vulnerabilities, from the Rustls manual: https://docs.rs/rustls/latest/rustls/manual/_01_impl_vulnera...