Embedded-TLS is a Rust-native TLS 1.3 implementation that works in a no-std environment. The Rust crate was formerly known as drogue-tls. The
implementation is work in progress, but the example clients should work against the rustls echo server.
The client supports both async and blocking modes. By default, the async and std features are enabled. The async feature requires Rust nightly, while the blocking feature works on Rust stable.
To use the async mode, import embedded_tls::*. To use the blocking mode, import embedded_tls::blocking::*.
Some features and extensions are not yet implemented, have a look at open issues.
Only supports writing/receiving one frame at a time, hence using a frame buffer larger than 16k is not currently needed. You may use a lower frame buffer size, but there is no guarantee that it will be able to parse any TLS 1.3 frame.
Usage of this crate should fit in 21 kB of RAM assuming a frame buffer of 17 kB (max TLS record size + EC server certificate size). This is not including the space used to hold the CA and any client certificates.
Some memory usage statistics for async operation:
- TlsConnection: frame_buffer size + 2kB for the rest. This can probably be reduced with some additional tuning.
- Handshake stack usage: currently at 2 kB
- Write stack usage: currently at 560 B
- Read stack usage: currently at 232 B
- Drogue IoT Matrix Chat Room
- We have bi-weekly calls at 9:00 AM (GMT). Check the calendar to see which week we are having the next call, and feel free to join!
- Drogue IoT Forum
- Drogue IoT YouTube channel
- Follow us on Twitter!