Scylla Rust Driver Connecting to the cluster TLS

TLS¶

Driver uses the openssl crate for TLS functionality.It was chosen because rustls doesn’t support certificates for ip addresses (see issue), which is a common use case for Scylla.

Enabling feature¶

openssl is not a pure Rust library so you need enable a feature and install the proper package.

To enable the tls feature add in Cargo.toml:

scylla = { version = "0.4.0", features = ["ssl"] }
openssl = "0.10.32"

Then install the package with openssl:

Debian/Ubuntu:
```
apt install libssl-dev pkg-config
```
Fedora:
```
dnf install openssl-devel
```

Arch:
```
pacman -S openssl pkg-config
```

Using TLS¶

To use tls you will have to create an openssl SslContext and pass it to SessionBuilder

For example, if database certificate is in the file ca.crt:

use scylla::{Session, SessionBuilder};
use openssl::ssl::{SslContextBuilder, SslMethod, SslVerifyMode};
use std::path::PathBuf;

let mut context_builder = SslContextBuilder::new(SslMethod::tls())?;
context_builder.set_ca_file("ca.crt")?;
context_builder.set_verify(SslVerifyMode::PEER);

let session: Session = SessionBuilder::new()
    .known_node("127.0.0.1:9142") // The the port is now 9142
    .ssl_context(Some(context_builder.build()))
    .build()
    .await?;

See the full example for more details