TLS

Driver uses the openssl crate for TLS functionality.It was chosen because rustls doesn’t support certificates for ip addresses (see issue), which is a common use case for Scylla.

Enabling feature

openssl is not a pure Rust library so you need enable a feature and install the proper package.

To enable the tls feature add in Cargo.toml:

scylla = { version = "0.2.0", features = ["ssl"] }
openssl = "0.10.32"

Then install the package with openssl:

  • Debian/Ubuntu:

    apt install libssl-dev pkg-config
    
  • Fedora:

    dnf install openssl-devel
    
  • Arch:

    pacman -S openssl pkg-config
    

Using TLS

To use tls you will have to create an openssl SslContext and pass it to SessionBuilder

For example, if database certificate is in the file ca.crt:


use scylla::{Session, SessionBuilder};
use openssl::ssl::{SslContextBuilder, SslMethod, SslVerifyMode};
use std::path::PathBuf;

let mut context_builder = SslContextBuilder::new(SslMethod::tls())?;
context_builder.set_ca_file("ca.crt")?;
context_builder.set_verify(SslVerifyMode::PEER);

let session: Session = SessionBuilder::new()
    .known_node("127.0.0.1:9142") // The the port is now 9142
    .ssl_context(Some(context_builder.build()))
    .build()
    .await?;

See the full example for more details