Rustls Versions Save

A modern TLS library in Rust

v/0.21.12

3 weeks ago
  • The server name indication (SNI) client extension is now ignored when it contains an out-of-specification IP address value.
  • MSRV is now 1.63.

What's Changed

Full Changelog: https://github.com/rustls/rustls/compare/v/0.21.11...v/0.21.12

v/0.21.11

4 weeks ago

This release corrects a denial-of-service condition in rustls::ConnectionCommon::complete_io, reachable via network input. If a close_notify alert is received during a handshake, complete_io did not terminate. Callers which do not call complete_io are not affected.

What's Changed

Full Changelog: https://github.com/rustls/rustls/compare/v/0.21.10...v/0.21.11

v/0.22.4

4 weeks ago

This release corrects a denial-of-service condition in rustls::ConnectionCommon::complete_io, reachable via network input. If a close_notify alert is received during a handshake, complete_io did not terminate. Callers which do not call complete_io are not affected.

What's Changed

Full Changelog: https://github.com/rustls/rustls/compare/v/0.22.3...v/0.22.4

v/0.23.5

4 weeks ago
  • This release corrects a denial-of-service condition in rustls::ConnectionCommon::complete_io(), reachable via network input. If a close_notify alert is received during a handshake, complete_io() did not terminate. Callers which do not call complete_io() are not affected.
  • Add an API (handshake_kind()) for learning whether a handshake was resumed or not.
  • no-std support has been extended, allowing use of LimitedCache, ResolvesServerCertUsingSni, ServerSessionMemoryCache, ClientSessionStore, TicketSwitcher and the aws-lc-rs/ring Ticketer when the hashbrown feature is enabled and a compatible no-std Mutex implementation provided.
  • The server name indication (SNI) client extension is now ignored when it contains an out-of-specification IP address value.

What's Changed

Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.4...v/0.23.5

v/0.23.4

1 month ago
  • Bug fix: correct cipher suite filtering if a custom certificate verifier offers support for SignatureScheme::ECDSA_SHA1_Legacy.
  • Improve documentation and example code around AcceptedAlert::write

What's Changed

Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.3...v/0.23.4

v/0.22.3

1 month ago
  • Bug fix: return correct ConnectionTrafficSecrets variant from dangerous_extract_secrets() when AES-256-GCM is negotiated. See #1833
  • Bug fix: correct cipher suite filtering if a custom certificate verifier offers support for SignatureScheme::ECDSA_SHA1_Legacy. See https://github.com/seanmonstar/reqwest/issues/2191

What's Changed

Full Changelog: https://github.com/rustls/rustls/compare/v/0.22.2...v/0.22.3

v/0.23.3

1 month ago

Release notes

  • Bug fix: correct cipher suite selection when ECDHE and FFDHE suites are both offered.

What's Changed

New Contributors

Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.2...v/0.23.3

rustls-post-quantum-v/0.1.0

2 months ago

This crate provides experimental support for X25519Kyber768Draft00 post-quantum key exchange. See the documentation for more details.

This crate is release under the same licenses as the main rustls crate.

v/0.23.2

2 months ago
  • Bug fix: return correct ConnectionTrafficSecrets variant from dangerous_extract_secrets() when AES-256-GCM is negotiated.
  • New feature: groundwork for supporting post-quantum key exchange. Experimental support for X25519Kyber768Draft00 will be released as a separate crate: rustls-post-quantum.
  • Add aws-lc-rs crate feature as alias for aws_lc_rs crate feature.

What's Changed

New Contributors

Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.1...v/0.23.2

v/0.23.1

2 months ago
  • Fix build with aws_lc_rs feature enabled but std feature disabled.
  • Fix build for docs.rs.

What's Changed

Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.0...v/0.23.1