hyper icon indicating copy to clipboard operation
hyper copied to clipboard

Published 20 hours ago verified publisher icon hyperium

More clearly document how to get working HTTPS

Open alex opened this issue 7 years ago • 8 comments

If you're coming from a pre-0.10 hyper, you had working HTTPS out of the box; with 0.10 "some assembly required". It'd be great of the hyper website, and documentation included a pointer to hyper-native-tls (or some other option), and appropriate snippets for integration.

alex avatar Jan 21 '17 16:01 alex

It seems like for most people, they'll want to migrate their crates to use reqwest instead of Hyper's HTTP client. Maybe this should be mentioned in the CHANGELOG and possibly temporarily the README.

frewsxcv avatar Jan 22 '17 21:01 frewsxcv

I've added some links to the release page: https://github.com/hyperium/hyper/releases/v0.10.0

Would likely also be useful in the docs somewhere, and a guide dedicated to it.

seanmonstar avatar Jan 24 '17 00:01 seanmonstar

What is the state of HTTPs clients based on tokio? I looked into reqwest and it does not seem to be based on tokio. What do I need to do to create an HTTPS request based on tokio? Thanks.

antoyo avatar Mar 04 '17 22:03 antoyo

@antoyo the easiest way right now is to make use of hyper-tls. However, the Client in hyper is generic over any kind of connector, so others can be created, with hyper-tls as a example.

seanmonstar avatar Mar 04 '17 22:03 seanmonstar

I think the easiest right now is to use tokio-proto to layer tokio-tls under hyper, here's working sample: https://github.com/nayato/hyper-test/blob/90add9d2db27503a204294177f4552e0bb11dca2/src/main.rs#L43

nayato avatar Mar 22 '17 19:03 nayato

tokio-tls uses native-tls which isn't "as much in Rust as possible". tokio-rusttls (started as a fork of tokio-tls) sounds promising to me. rustls is built on top of ring and webpki. ring is a fork of Google's Boringssl, which aims to rewrite as much as possible (and meaningful) in Rust. Both projects (ring and boringssl) are working together! For earlier hyper versions, there was hyper-rustls. rustls is probably going to get included in Mozilla Servo, a webbrowser written in Rust. With using the system's native TLS implemenation we would not profit from Rust's advantages to have a secure TLS implementation.

Darkspirit avatar Apr 11 '17 21:04 Darkspirit

@TerraX-net at the moment, native TLS is a more secure solution than Rust ring/rustls due to rustls not having any security audits performed on it. When it reaches more maturity, it will definitely be a better default, but for now it's better to use native-tls.

daboross avatar Jun 01 '17 05:06 daboross

I would echo the comments on lack of TLS documentation in the examples. I would say that lots of people would be discouraged by that given how important TLS is in today's world.

Having said that it seems that latest release of "tonic" project has a good and working example of how to use TLS with hyper. So in my app I copied some of the code from "tonic".

I was wondering if that logic could be pulled into "hyper" library?

dawid-nowak avatar Nov 27 '19 09:11 dawid-nowak

I subscribe to this too.

Setting up a Hyper server with TLS, is quite unclear. Some dedicated Hyper TLS documentation is necessary in my opinion. Some documentation exists in third party crates, but it is not always working and it is not "official" in the sense that Hyper itself should have a recommended way (or 2 (e.g Native and/or Rustls)) of doing TLS. TLS is a sine qua non, and there is a glaring lack of documentation of the feature/setup/config.

Happy to help if guidance is provided.

Vagelis-Prokopiou avatar Dec 09 '23 11:12 Vagelis-Prokopiou

I've added a stub guide about connectors (https://hyper.rs/guides/1/client/connectors/), and a list of crates that provide TLS for hyper. Adding more to the guides is always appreciated! (#3411)

seanmonstar avatar Dec 09 '23 14:12 seanmonstar