feat(runner): add TLS 1.3 client with X25519

- Configure rustls client with aws_lc_rs, X25519-only key exchange - Skip certificate verification for benchmarking (NoVerifier) - Measure TLS handshake latency (TCP + TLS combined) - TLS 1.3 protocol enforced
2026-03-22 00:36:21 +00:00 · 2026-01-28 18:27:08 +02:00
parent e7c97070ca
commit b03cc2a386
6 changed files with 131 additions and 17 deletions
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@@ -5,12 +5,12 @@ authors.workspace = true
 edition.workspace = true

 [dependencies]
-common.workspace = true
 clap.workspace = true
+common.workspace = true
 miette.workspace = true
 rustls.workspace = true
-tokio.workspace = true
 tokio-rustls.workspace = true
+tokio.workspace = true

 [lints]
 workspace = true
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -13,7 +13,7 @@ use common::{
 use miette::miette;
 use rustls::{
    ServerConfig,
-    crypto::aws_lc_rs::{self, kx_group},
+    crypto::aws_lc_rs::{self, kx_group::X25519},
    pki_types::{CertificateDer, PrivateKeyDer},
    server::Acceptor,
    version::TLS13,
@@ -46,7 +46,7 @@ fn build_tls_config(
    // Select crypto provider with appropriate key exchange groups
    let mut provider = aws_lc_rs::default_provider();
    provider.kx_groups = match mode {
-        KeyExchangeMode::X25519 => vec![kx_group::X25519],
+        KeyExchangeMode::X25519 => vec![X25519],
        KeyExchangeMode::X25519Mlkem768 => {
            todo!("Configure hybrid PQ key exchange")
        }