Change crate default features to use aws-lc-rs

[ctz]

The goal here is to provide the optimum performance by default. Naturally the ring feature remains available.

[rustls-benchmarking]

Benchmark results

Instruction counts

Significant differences

There are no significant instruction count differences

Other differences

Click to expand

Scenario	Baseline	Candidate	Diff	Threshold
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server	4523153	4610595	87442 (1.93%)	2.53%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server	4061266	4102047	40781 (1.00%)	3.98%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client	8679326	8651840	-27486 (-0.32%)	1.43%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client	8659414	8678792	19378 (0.22%)	0.79%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client	30457354	30521489	64135 (0.21%)	0.30%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server	12689407	12716034	26627 (0.21%)	0.90%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server	32656808	32604607	-52201 (-0.16%)	0.41%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server	12299369	12285006	-14363 (-0.12%)	1.09%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client	4552182	4557277	5095 (0.11%)	0.90%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server	32850449	32886329	35880 (0.11%)	0.57%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client	30523499	30493511	-29988 (-0.10%)	0.50%
handshake_tickets_ring_1.3_ecdsap256_chacha_server	43853276	43811996	-41280 (-0.09%)	0.23%
handshake_no_resume_ring_1.3_ecdsap256_aes_server	2126733	2128718	1985 (0.09%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server	32799336	32827810	28474 (0.09%)	0.25%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client	4235711	4238934	3223 (0.08%)	0.95%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client	30305820	30327907	22087 (0.07%)	0.41%
handshake_tickets_ring_1.3_ecdsap384_chacha_server	43824660	43856237	31577 (0.07%)	0.26%
handshake_tickets_ring_1.2_rsa_aes_server	4828672	4825373	-3299 (-0.07%)	0.57%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server	32597449	32619653	22204 (0.07%)	0.21%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client	57976210	57939649	-36561 (-0.06%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_client	3894460	3896816	2356 (0.06%)	0.20%
handshake_session_id_ring_1.2_rsa_aes_server	4370806	4368244	-2562 (-0.06%)	0.64%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client	30492337	30509036	16699 (0.05%)	0.25%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server	57110673	57141430	30757 (0.05%)	0.46%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server	57179491	57151065	-28426 (-0.05%)	0.31%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server	32628735	32643253	14518 (0.04%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server	32826352	32812345	-14007 (-0.04%)	0.32%
handshake_tickets_ring_1.2_rsa_aes_client	4734441	4736447	2006 (0.04%)	0.63%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client	30320733	30333081	12348 (0.04%)	0.24%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server	32838068	32850757	12689 (0.04%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server	91292199	91257264	-34935 (-0.04%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client	30699537	30688475	-11062 (-0.04%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server	12690509	12686116	-4393 (-0.03%)	0.69%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client	30325882	30315881	-10001 (-0.03%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client	30499633	30489810	-9823 (-0.03%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server	43868712	43882404	13692 (0.03%)	0.21%
handshake_tickets_ring_1.3_rsa_aes_client	42381815	42368588	-13227 (-0.03%)	0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server	32660224	32670146	9922 (0.03%)	0.44%
handshake_tickets_ring_1.3_rsa_chacha_client	42347358	42334782	-12576 (-0.03%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server	43849860	43862742	12882 (0.03%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client	30306043	30297997	-8046 (-0.03%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server	32849960	32841804	-8156 (-0.02%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client	92446372	9246884	22477 (0.02%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server	91367919	91348082	-19837 (-0.02%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client	42140945	42132853	-8092 (-0.02%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server	32632615	32626372	-6243 (-0.02%)	0.26%
handshake_session_id_ring_1.3_rsa_aes_server	43658993	43667248	8255 (0.02%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client	30712384	30706701	-5683 (-0.02%)	0.23%
handshake_session_id_ring_1.3_ecdsap256_chacha_server	43601941	43594633	-7308 (-0.02%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server	43586504	43593771	7267 (0.02%)	0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server	32869781	32875250	5469 (0.02%)	0.63%
handshake_tickets_ring_1.3_rsa_chacha_server	43902797	43895955	-6842 (-0.02%)	0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server	32613948	32608921	-5027 (-0.02%)	0.30%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client	3342848	3342361	-487 (-0.01%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server	2131068	2131354	286 (0.01%)	0.21%
handshake_session_id_ring_1.3_rsa_chacha_server	43582744	43588487	5743 (0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server	4264789	4265232	443 (0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_server	43651346	43655715	4369 (0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server	1882234	1882416	182 (0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client	41955459	41959073	3614 (0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server	4260568	4260934	366 (0.01%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client	42137838	42141399	3561 (0.01%)	0.20%
handshake_no_resume_ring_1.2_rsa_aes_client	4441573	4441237	-336 (-0.01%)	0.20%
handshake_session_id_ring_1.3_rsa_chacha_client	42144653	42147617	2964 (0.01%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client	41998647	42001469	2822 (0.01%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server	1886308	1886182	-126 (-0.01%)	0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client	3899021	3898774	-247 (-0.01%)	0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client	4547562	4547828	266 (0.01%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server	13736362	13737120	758 (0.01%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client	92443208	92448243	5035 (0.01%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server	91320131	91324855	4724 (0.01%)	0.20%
handshake_session_id_ring_1.2_rsa_aes_client	4472597	4472826	229 (0.01%)	0.46%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server	91247770	91252215	4445 (0.00%)	0.20%
handshake_session_id_ring_1.3_rsa_aes_client	42186705	42184679	-2026 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client	92390021	92394390	4369 (0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client	30506667	30508004	1337 (0.00%)	0.24%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client	92381483	92385310	3827 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_client	57952668	57950629	-2039 (-0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client	3153353	3153462	109 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server	57131702	57129893	-1809 (-0.00%)	0.26%
handshake_no_resume_ring_1.3_rsa_aes_client	4537825	4537966	141 (0.00%)	0.20%
handshake_tickets_ring_1.3_rsa_aes_server	43926652	43927904	1252 (0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client	3346460	3346365	-95 (-0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server	43655105	43653892	-1213 (-0.00%)	0.20%
handshake_no_resume_ring_1.2_rsa_aes_server	12046098	12045785	-313 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client	92383208	92385217	2009 (0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_client	41956052	41956888	836 (0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_chacha_server	12249794	12250026	232 (0.00%)	0.20%
handshake_no_resume_ring_1.3_rsa_aes_server	12239948	12240169	221 (0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_server	57092910	57091986	-924 (-0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_client	42173558	42174220	662 (0.00%)	0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client	42176834	42176193	-641 (-0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client	3367430	3367385	-45 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client	35450941	35451409	468 (0.00%)	0.20%
transfer_no_resume_ring_1.2_rsa_aes_server	56972041	56972613	572 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client	57967072	57967581	509 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server	91348551	91347839	-712 (-0.00%)	0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_client	57950375	57949928	-447 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server	13740547	13740456	-91 (-0.00%)	0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client	35454239	35454454	215 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server	57178669	57178326	-343 (-0.00%)	0.20%
transfer_no_resume_ring_1.2_rsa_aes_client	57810968	57811295	327 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_aes_server	57088051	57087741	-310 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server	57137773	57138033	260 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server	91252393	91251992	-401 (-0.00%)	0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client	3356485	3356473	-12 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client	57989511	57989306	-205 (-0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client	68432239	68432016	-223 (-0.00%)	0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client	41992901	41993015	114 (0.00%)	0.20%
transfer_no_resume_ring_1.3_rsa_aes_client	57949983	57950057	74 (0.00%)	0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client	92437503	92437388	-115 (-0.00%)	0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client	30497672	30497681	9 (0.00%)	0.20%

Wall-time

Significant differences

There are no significant wall-time differences

Other differences

Click to expand

Scenario	Baseline	Candidate	Diff	Threshold
handshake_session_id_ring_1.2_rsa_aes	1.76 ms	1.75 ms	-0.01 ms (-0.57%)	1.93%
handshake_tickets_aws_lc_rs_1.2_rsa_aes	2.36 ms	2.35 ms	-0.01 ms (-0.45%)	1.90%
handshake_session_id_aws_lc_rs_1.2_rsa_aes	2.20 ms	2.19 ms	-0.01 ms (-0.44%)	1.45%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes	1.41 ms	1.42 ms	0.00 ms (0.21%)	1.02%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha	1.41 ms	1.41 ms	0.00 ms (0.17%)	1.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha	478.35 µs	479.15 µs	0.80 µs (0.17%)	3.91%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes	5.87 ms	5.86 ms	-0.01 ms (-0.16%)	3.26%
handshake_tickets_ring_1.2_rsa_aes	1.84 ms	1.84 ms	-0.00 ms (-0.16%)	1.57%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes	5.86 ms	5.87 ms	0.01 ms (0.15%)	4.55%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes	6.12 ms	6.11 ms	-0.01 ms (-0.15%)	2.00%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes	5.40 ms	5.40 ms	-0.01 ms (-0.12%)	2.56%
transfer_no_resume_ring_1.2_rsa_aes	7.21 ms	7.20 ms	-0.01 ms (-0.12%)	2.60%
handshake_session_id_ring_1.3_rsa_chacha	7.46 ms	7.47 ms	0.01 ms (0.12%)	1.47%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes	6.10 ms	6.09 ms	-0.01 ms (-0.12%)	2.30%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes	4.91 ms	4.92 ms	0.00 ms (0.10%)	7.19%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha	6.12 ms	6.11 ms	-0.01 ms (-0.10%)	1.83%
transfer_no_resume_ring_1.3_ecdsap256_aes	6.70 ms	6.71 ms	0.01 ms (0.09%)	4.16%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes	5.63 ms	5.63 ms	0.01 ms (0.09%)	6.90%
handshake_no_resume_ring_1.3_rsa_aes	1.08 ms	1.08 ms	0.00 ms (0.08%)	1.11%
transfer_no_resume_ring_1.3_ecdsap384_aes	9.81 ms	9.81 ms	0.01 ms (0.08%)	2.11%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes	5.39 ms	5.38 ms	-0.00 ms (-0.08%)	2.55%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha	6.40 ms	6.41 ms	0.00 ms (0.08%)	2.19%
handshake_no_resume_ring_1.2_rsa_aes	1.07 ms	1.07 ms	0.00 ms (0.07%)	1.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes	478.36 µs	478.69 µs	0.34 µs (0.07%)	3.95%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha	14.34 ms	14.35 ms	0.01 ms (0.07%)	1.73%
handshake_session_id_ring_1.3_ecdsap256_chacha	6.83 ms	6.84 ms	0.00 ms (0.07%)	1.49%
handshake_tickets_ring_1.3_ecdsap384_aes	9.99 ms	10.00 ms	0.01 ms (0.06%)	1.00%
handshake_no_resume_ring_1.3_ecdsap256_aes	507.40 µs	507.10 µs	-0.30 µs (-0.06%)	2.32%
transfer_no_resume_ring_1.3_ecdsap384_chacha	16.51 ms	16.51 ms	0.01 ms (0.06%)	1.70%
handshake_session_id_ring_1.3_rsa_aes	7.51 ms	7.51 ms	0.00 ms (0.05%)	1.17%
transfer_no_resume_ring_1.3_rsa_aes	7.29 ms	7.29 ms	-0.00 ms (-0.05%)	3.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha	506.87 µs	507.12 µs	0.25 µs (0.05%)	2.69%
transfer_no_resume_ring_1.3_rsa_chacha	13.99 ms	13.99 ms	0.01 ms (0.05%)	1.87%
handshake_session_id_aws_lc_rs_1.3_rsa_aes	6.39 ms	6.39 ms	0.00 ms (0.05%)	2.28%
handshake_session_id_ring_1.3_ecdsap256_aes	6.87 ms	6.87 ms	0.00 ms (0.05%)	1.19%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha	6.08 ms	6.08 ms	-0.00 ms (-0.04%)	1.48%
transfer_no_resume_ring_1.3_ecdsap256_chacha	13.40 ms	13.41 ms	0.01 ms (0.04%)	2.26%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha	1.18 ms	1.18 ms	-0.00 ms (-0.04%)	1.54%
handshake_no_resume_ring_1.3_rsa_chacha	1.09 ms	1.09 ms	0.00 ms (0.04%)	1.00%
handshake_no_resume_ring_1.3_ecdsap384_aes	3.61 ms	3.61 ms	-0.00 ms (-0.03%)	1.00%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha	14.11 ms	14.12 ms	0.00 ms (0.03%)	2.52%
handshake_session_id_ring_1.3_ecdsap384_chacha	9.93 ms	9.93 ms	0.00 ms (0.02%)	1.21%
handshake_session_id_ring_1.3_ecdsap384_aes	9.96 ms	9.97 ms	0.00 ms (0.02%)	1.00%
handshake_tickets_ring_1.3_ecdsap384_chacha	9.95 ms	9.95 ms	-0.00 ms (-0.02%)	1.00%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha	5.38 ms	5.38 ms	0.00 ms (0.02%)	1.72%
handshake_tickets_aws_lc_rs_1.3_rsa_aes	6.40 ms	6.40 ms	0.00 ms (0.02%)	2.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha	5.41 ms	5.41 ms	-0.00 ms (-0.01%)	2.17%
handshake_tickets_ring_1.3_ecdsap256_aes	6.89 ms	6.89 ms	0.00 ms (0.01%)	1.30%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha	13.41 ms	13.41 ms	0.00 ms (0.01%)	2.50%
handshake_tickets_ring_1.3_rsa_chacha	7.48 ms	7.48 ms	0.00 ms (0.01%)	1.08%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes	1.19 ms	1.19 ms	-0.00 ms (-0.01%)	1.00%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes	1.37 ms	1.37 ms	-0.00 ms (-0.00%)	1.57%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha	6.38 ms	6.38 ms	0.00 ms (0.00%)	1.28%
handshake_tickets_ring_1.3_ecdsap256_chacha	6.85 ms	6.85 ms	0.00 ms (0.00%)	1.49%
handshake_no_resume_ring_1.3_ecdsap384_chacha	3.61 ms	3.61 ms	0.00 ms (0.00%)	1.00%
handshake_tickets_ring_1.3_rsa_aes	7.52 ms	7.52 ms	-0.00 ms (-0.00%)	1.13%

Additional information

Historical results

Checkout details:

• Base repo: https://github.com/rustls/rustls.git
• Base branch: main (07747f6)
• Candidate repo: https://github.com/rustls/rustls.git
• Candidate branch: jbp-change-default-provider (2085e79)

[cpu]

The code changes LGTM.

I think there's some documentation to update in lib.rs. For e.g. it still describes ring as being used by default in a couple places:

rustls/rustls/src/lib.rs

Lines 54 to 70 in 07747f6

	//! ### Platform support
	//!
	//! While Rustls itself is platform independent, by default it uses [`ring`] for implementing
	//! the cryptography in TLS. As a result, rustls only runs on platforms
	//! supported by `ring`. At the time of writing, this means 32-bit ARM, Aarch64 (64-bit ARM),
	//! x86, x86-64, LoongArch64, 32-bit & 64-bit Little Endian MIPS, 32-bit PowerPC (Big Endian),
	//! 64-bit PowerPC (Big and Little Endian), 64-bit RISC-V, and s390x. We do not presently
	//! support WebAssembly.
	//! For more information, see [the supported `ring` target platforms][ring-target-platforms].
	//!
	//! By providing a custom instance of the [`crypto::CryptoProvider`] struct, you
	//! can replace all cryptography dependencies of rustls. This is a route to being portable
	//! to a wider set of architectures and environments, or compliance requirements. See the
	//! [`crypto::CryptoProvider`] documentation for more details.
	//!
	//! Specifying `default-features = false` when depending on rustls will remove the
	//! dependency on *ring*.

rustls/rustls/src/lib.rs

Lines 81 to 82 in 07747f6

	//! that Rustls uses. This may be appealing if you have specific platform, compliance or feature
	//! requirements that aren't met by the default provider, [`ring`].

rustls/rustls/src/lib.rs

Lines 92 to 93 in 07747f6

	//! * [`ring`] - enabled by default, available with the `ring` feature flag enabled. This
	//! provider is used by default when an explicit provider is not specified.

rustls/rustls/src/lib.rs

Lines 307 to 309 in 07747f6

	//! - `ring` (enabled by default): makes the rustls crate depend on the *ring* crate, which is
	//! used for cryptography by default. Without this feature, these items must be provided
	//! externally to the core rustls crate: see [`CryptoProvider`].

[ctz]

Erm, yes, I've missed quite a bit of the meat of this.

[cpu]

Spotted two more stale doc refs (really wish GitHub allowed leaving review feedback on arbitrary lines/files!):

rustls/rustls/src/builder.rs

Lines 143 to 144 in 07747f6

	/// [`ServerConfig::builder_with_provider()`]. This determines which cryptographic backend
	/// is used. The default is [`ring::provider`].

rustls/rustls/src/crypto/mod.rs

Lines 69 to 74 in 07747f6

	/// - [`crypto::ring::default_provider`]: (behind the `ring` crate feature, which
	/// is enabled by default). This provider uses the [*ring*](https://github.com/briansmith/ring)
	/// crate.
	/// - [`crypto::aws_lc_rs::default_provider`]: (behind the `aws_lc_rs` feature,
	/// which is optional). This provider uses the [aws-lc-rs](https://github.com/aws/aws-lc-rs)
	/// crate. The `fips` crate feature makes this option use FIPS140-3-approved cryptography.

[ctz]

Spotted two more stale doc refs

Thanks -- addressed these in the latest push.

[djc]

We should probably do a documentation/example pass to advertise using the process default everywhere?

[joshtriplett]

aws-lc-rs also introduces a new build-time dependency on cmake; you may want to document that requirement as well so that it doesn't surprise people.

[sehz]

This will introduce quite bit of friction in my opinion. Many rust developer wants to use rustls because it is purely rust (meaning it doesn't need any additional outside build dep). That should be higher priority than optimal performance

[joshtriplett]

@sehz Neither ring nor aws-lc-rs are pure Rust, they both have components that require a native toolchain to compile.

[ctz]

aws-lc-rs also introduces a new build-time dependency on cmake; you may want to document that requirement as well so that it doesn't surprise people.

We have

rustls/rustls/src/lib.rs

Lines 316 to 317 in 95067cb

	//! Note that aws-lc-rs has additional build-time dependencies like cmake.
	//! See [the documentation](https://aws.github.io/aws-lc-rs/requirements/index.html) for details.

currently -- please shout if you think that is not visible enough.

I think we'll also reiterate this in release notes, and give advice on how to stick with ring if people so desire.

[joshtriplett]

I think we'll also reiterate this in release notes

That was the part I was suggesting, yes. You may also want to mention in the README that a default build requires cmake.

[martinetd]

@sehz Neither ring nor aws-lc-rs are pure Rust, they both have components that require a native toolchain to compile.

This is probably just a matter of adding cmake to whatever container the "cross" project is using, but aws-lc-rs doesn't build with cross while ring does, so it did introduce a bit of friction at least here :)

With that said, it's not overly complicated to keep using ring, but an alternative to default with ring might be appreciated so one doesn't have to keep track of "rustls default features, minus aws_lc_rs, plus ring" (e.g. being able to do default-features = false, features = ["default_ring"])
It probably doesn't change all that much, but std also changed with the latest release so I'm not sure how stable I should expect this to be.

Thanks!