TLS¶

Enabling feature¶

NOTE: openssl is not a pure Rust library, so you need to both enable a feature and install the proper package.

To enable use of TLS using openssl, add in Cargo.toml:

scylla = { version = "0.4", features = ["openssl-010"] }
openssl = "0.10.70"

Then install the package with openssl:

• Debian/Ubuntu:

  apt install libssl-dev pkg-config
  

• Fedora:

  dnf install openssl-devel
  

• Arch:

  pacman -S openssl pkg-config
  

Using TLS¶

To use TLS you will have to a TlsContext. For convenience, both an openssl SslContext and a rustls ClientConfig can be automatically converted to a TlsContext when passing to SessionBuilder.

NOTE: Recommended API in openssl crate is SslConnector, because it has safer defaults. Please use it, and then call into_context() to get SslContext instance you can pass to the driver.

For example, if database certificate is in the file ca.crt:

use scylla::client::session::Session;
use scylla::client::session_builder::SessionBuilder;
use openssl::ssl::{SslContextBuilder, SslMethod, SslVerifyMode};
use std::path::PathBuf;

let mut context_builder = SslContextBuilder::new(SslMethod::tls())?;
context_builder.set_ca_file("ca.crt")?;
context_builder.set_verify(SslVerifyMode::PEER);

let session: Session = SessionBuilder::new()
    .known_node("127.0.0.1:9142") // The the port is now 9142
    .tls_context(Some(context_builder.build()))
    .build()
    .await?;

See the full openssl example and rustls example for more details.