SYSTEM Cited by 1 source
Rustls¶
Rustls is the de facto Rust TLS library — a pure-Rust implementation of TLS 1.2 / 1.3 with no OpenSSL dependency, widely depended on across the Rust async ecosystem. GitHub.
From the 2025-02-26 Fly.io post: "TlsStream is an ultra-important, load-bearing function in the Rust ecosystem. Everybody uses it." That's the canonical wiki framing — rustls is an ecosystem primitive in the sense of patterns/upstream-the-fix: a bug there is a bug for everybody running TLS in Rust, so the fix goes upstream.
Async integration is provided by systems/tokio-rustls, which
wraps rustls's synchronous TLS engine in
AsyncRead/AsyncWrite impls
that plug into Tokio's executor.
Seen in¶
- sources/2025-02-26-flyio-taming-a-voracious-rust-proxy —
production-incident-triggering bug + upstream fix.
A TLS state-machine bug on orderly
close_notifyshutdown with still-buffered bytes on the underlying socket causedTlsStream'sWakerto mis-fire, putting the containing Future into a busy-polling loop. Fixed in rustls PR #1950; pre-existing issue tracker is tokio-rustls#72. Post describes the fix as "pretty straightforward" once the flamegraph pointed atTlsStream. Canonical wiki patterns/upstream-the-fix instance on the Rust ecosystem (sibling to Cloudflare's V8/Node.js/OpenNext contributions and Datadog's containerd/kubernetes/go-cmp contributions).
Related¶
- systems/tokio-rustls — async adapter on top of rustls.
- systems/tokio — the async runtime rustls's adapter integrates with.
- systems/fly-proxy — downstream consumer; rustls is in
the
fly-proxyedge-router's TLS path. - concepts/tls-close-notify — the TLS protocol primitive the 2025-02 bug mishandled.
- concepts/asyncread-contract — the async-IO interface tokio-rustls exposes.
- patterns/upstream-the-fix — the canonical frame for Fly.io → rustls PR #1950.
- patterns/flamegraph-to-upstream-fix — the full arc from symptom (profile) to upstream PR.
- companies/flyio