A modern TLS library in Rust
Full Changelog: https://github.com/rustls/rustls/compare/v/0.21.11...v/0.21.12
This release corrects a denial-of-service condition in rustls::ConnectionCommon::complete_io
, reachable via network input. If a close_notify
alert is received during a handshake, complete_io
did not terminate. Callers which do not call complete_io
are not affected.
complete_io
behaviour when close_notify
alert is received (0.21 edition) by @ctz in https://github.com/rustls/rustls/pull/1907
Full Changelog: https://github.com/rustls/rustls/compare/v/0.21.10...v/0.21.11
This release corrects a denial-of-service condition in rustls::ConnectionCommon::complete_io
, reachable via network input. If a close_notify
alert is received during a handshake, complete_io
did not terminate. Callers which do not call complete_io
are not affected.
complete_io
behaviour when close_notify
alert is received (0.22 edition) by @ctz in https://github.com/rustls/rustls/pull/1906
Full Changelog: https://github.com/rustls/rustls/compare/v/0.22.3...v/0.22.4
rustls::ConnectionCommon::complete_io()
, reachable via network input. If a close_notify
alert is received during a handshake, complete_io()
did not terminate. Callers which do not call complete_io()
are not affected.handshake_kind()
) for learning whether a handshake was resumed or not.no-std
support has been extended, allowing use of LimitedCache
, ResolvesServerCertUsingSni
, ServerSessionMemoryCache
, ClientSessionStore
, TicketSwitcher
and the aws-lc-rs/ring Ticketer
when the hashbrown
feature is enabled and a compatible no-std
Mutex
implementation provided.server_name
extension validation by @ctz in https://github.com/rustls/rustls/pull/1881
VerifierBuilderError
by @ctz in https://github.com/rustls/rustls/pull/1884
Option
from handshake_kind()
by @ctz in https://github.com/rustls/rustls/pull/1900
complete_io
behaviour when close_notify
alert is received by @ctz in https://github.com/rustls/rustls/pull/1905
Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.4...v/0.23.5
SignatureScheme::ECDSA_SHA1_Legacy
.AcceptedAlert::write
Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.3...v/0.23.4
ConnectionTrafficSecrets
variant from dangerous_extract_secrets()
when AES-256-GCM is negotiated. See #1833SignatureScheme::ECDSA_SHA1_Legacy
. See https://github.com/seanmonstar/reqwest/issues/2191
Full Changelog: https://github.com/rustls/rustls/compare/v/0.22.2...v/0.22.3
Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.2...v/0.23.3
This crate provides experimental support for X25519Kyber768Draft00 post-quantum key exchange. See the documentation for more details.
This crate is release under the same licenses as the main rustls crate.
ConnectionTrafficSecrets
variant from dangerous_extract_secrets()
when AES-256-GCM is negotiated.aws-lc-rs
crate feature as alias for aws_lc_rs
crate feature.ConnectionTrafficSecrets
variant when AES-256-GCM is negotiated. by @Arnavion in https://github.com/rustls/rustls/pull/1834
unused_qualifications
warnings by @ctz in https://github.com/rustls/rustls/pull/1839
merge_group
job performance by @ctz in https://github.com/rustls/rustls/pull/1840
aws-lc-rs
feature as an alias for aws_lc_rs
by @joshtriplett in https://github.com/rustls/rustls/pull/1843
Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.1...v/0.23.2
aws_lc_rs
feature enabled but std
feature disabled.Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.0...v/0.23.1