Did you read to the end of the paragraph where they say that they're going to implement crypto?
They're not insecure about being able to make a workable crypto api. They are aware that it's not a good idea to implement crypto in a high level language that's not been engineered for security yet.
Their solution is to wrap a proven C crypto library, which is probably what good Go and JVM languages do also (I wouldn't trust one that doesn't) and it's probably going to be ready within a month or two.
edit: just an aside, why would you terminate your SSL in Go/Java, it's good practice to have a proxy like nginx or haproxy do that for you.
> Did you read to the end of the paragraph where they say that they're going to implement crypto?
I did, they said it would take a very long time.
> Their solution is to wrap a proven C crypto library
This is good. I don't have a problem with that, because that's what you'd have to do yourself right now if you wanted to do any kind of basic crypto with rust, include a C library and wrap it with boiler plate just to get it working.
> which is probably what good Go and JVM languages do
They're not insecure about being able to make a workable crypto api. They are aware that it's not a good idea to implement crypto in a high level language that's not been engineered for security yet.
Their solution is to wrap a proven C crypto library, which is probably what good Go and JVM languages do also (I wouldn't trust one that doesn't) and it's probably going to be ready within a month or two.
edit: just an aside, why would you terminate your SSL in Go/Java, it's good practice to have a proxy like nginx or haproxy do that for you.