A modern TLS library in Rust
Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.2...v/0.23.3
This crate provides experimental support for X25519Kyber768Draft00 post-quantum key exchange. See the documentation for more details.
This crate is release under the same licenses as the main rustls crate.
ConnectionTrafficSecrets
variant from dangerous_extract_secrets()
when AES-256-GCM is negotiated.aws-lc-rs
crate feature as alias for aws_lc_rs
crate feature.ConnectionTrafficSecrets
variant when AES-256-GCM is negotiated. by @Arnavion in https://github.com/rustls/rustls/pull/1834
unused_qualifications
warnings by @ctz in https://github.com/rustls/rustls/pull/1839
merge_group
job performance by @ctz in https://github.com/rustls/rustls/pull/1840
aws-lc-rs
feature as an alias for aws_lc_rs
by @joshtriplett in https://github.com/rustls/rustls/pull/1843
Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.1...v/0.23.2
aws_lc_rs
feature enabled but std
feature disabled.Full Changelog: https://github.com/rustls/rustls/compare/v/0.23.0...v/0.23.1
Default cryptography provider changed to aws-lc-rs
. Note that this has some implications on platform support and build-time tool requirements such as cmake
on all platforms and nasm
on Windows.
Support for ring
continues to be available: set the ring
crate feature.
Support for FIPS validated mode with aws-lc-rs
: see the manual section and aws-lc-rs's FIPS documentation. Note that aws-lc-rs
in FIPS mode has further build-time requirements as detailed in the FIPS documentation.
Thanks to the aws-lc-rs for their assistance on this.
Support for process-wide selection of CryptoProvider
s. See the documentation. Note that callers of ClientConfig::builder()
, ServerConfig::builder()
, WebPkiServerVerifier::builder()
and WebPkiClientVerifier::builder()
must now ensure that the crate's features are unambiguous or explicitly select a process-level provider using CryptoProvider::install_default()
. Otherwise, these calls will panic with:
no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point
We recommend that libraries rely on the process-level provider by default, and that applications use this new API to select the provider they wish to use.
New unbuffered API. UnbufferedClientConnection
and UnbufferedServerConnection
offer a low-level, event-driven API which does not internally buffer data.
Thanks to the team from Ferrous Systems.
New no_std
support. A new (enabled by default) std
crate feature now gates all APIs that depend on std
. The above unbuffered APIs must be used for no_std
support. Note that alloc
continues to be required. Work is ongoing to reintroduce certain APIs for no_std
users (see #1688) -- please file issues for other no_std
use cases.
Thanks to the team from Ferrous Systems.
Performance improvement: internal copying while sending data is reduced. Thanks to the team from the Sōzu project.
Performance improvement: write_vectored
now produces less on-the-wire overhead, which will dramatically improve throughput if it is used with a large number of small messages.
Thanks to the team from the Sōzu project.
Acceptor
API error handling improvement. If a TLS alert should be sent to inform the peer of a connection failure, this is now made available in the Err()
variant returned from Acceptor::accept
and Accepted::into_connection
(which is also a breaking change). Applications should write this data to the peer. See the server_acceptor example.
Support for FFDHE key exchange: custom CryptoProviders
can now support FFDHE key exchange, in accordance with RFC7919. Note that the default providers do not do this.
Thanks to the team from Fortanix.
Support for servers requiring extended_master_secret
support from clients. See ServerConfig::require_ems
.
Thanks to the team from Fortanix.
Extension ordering in ClientHello messages are now randomised as an anti-fingerprinting measure. We do not foresee any interoperability issues as Chrome has already rolled out the same change. Thanks to @GomesGoncalo.
Breaking change: CipherSuiteCommon::integrity_limit
field removed (this was QUIC-specific, it has moved to quic::PacketKey::integrity_limit()
).
Breaking change: crypto::cipher::BorrowedPlainMessage
and crypto::cipher::OpaqueMessage
have been renamed (to OutboundPlainMessage
and OutboundOpaqueMessage
) and altered to support performance improvements. See the example code.
Breaking change: all protocol enum types (eg. CipherSuite
) have had their get_u8
/get_u16
accessor removed; use u8::from()
/ u16::from()
instead.
provider-example
library no-std compatible (almost) by @japaric in https://github.com/rustls/rustls/pull/1636
MessageDeframer
: batch discard operations by @japaric in https://github.com/rustls/rustls/pull/1595
SupportedProtocolVersion
as non-exhaustive by @pvdrz in https://github.com/rustls/rustls/pull/1673
verify_server_name
by @ctz in https://github.com/rustls/rustls/pull/1698
fragment_slice
return type by @pvdrz in https://github.com/rustls/rustls/pull/1701
ClientHello
legacy_record_version
commentary by @ctz in https://github.com/rustls/rustls/pull/1705
certificate_authorities
extension by @ctz in https://github.com/rustls/rustls/pull/1729
extended_master_secret
extension in TLS 1.2 by @Taowyoo in https://github.com/rustls/rustls/pull/1754
aws-lc-rs
with default-features = false
by @joshtriplett in https://github.com/rustls/rustls/pull/1768
require_ems
in FIPS mode by @ctz in https://github.com/rustls/rustls/pull/1772
write_vectored
by @Keksoj in https://github.com/rustls/rustls/pull/1640
BorrowedPlainMessage
by @ctz in https://github.com/rustls/rustls/pull/1794
end_entity
variable when verifying CertificateVerify by @thomwiggers in https://github.com/rustls/rustls/pull/1799
OpaqueMessage::encode
by @Wonshtrum in https://github.com/rustls/rustls/pull/1774
no process-level CryptoProvider
panic by @ctz in https://github.com/rustls/rustls/pull/1822
Full Changelog: https://github.com/rustls/rustls/compare/v/0.22.2...v/0.23.0
certificate_authorities
extension as a TLS1.3 server. This is incorrect and breaks interop with Java (#1727).aws-lc-rs
provider (#1706).Full Changelog: https://github.com/rustls/rustls/compare/v/0.22.1...v/0.22.2
rustls_pki_types
crate is now re-exported as rustls::pki_types
.rustls::pki_types
re-export.quic::PacketKey
and quic::HeaderProtectionKey
traits are now Send + Sync
.MessageDeframer
internals.Full Changelog: https://github.com/rustls/rustls/compare/v/0.22.0...v/0.22.1
TLS 1.2 servers now remove session tickets after observing a failure to decrypt, preventing future resumption with the same unusable ticket.
Full Changelog: https://github.com/rustls/rustls/compare/v/0.21.9...v/0.21.10
CryptoProvider
trait. ring is now optional, but remains the default provider.There are some related libraries in the rustls ecosystem. If you depend on these libraries, you'll need at least these versions to be compatible with rustls 0.22:
rustls-pki-types = { version = "1" }
webpki-roots = { version = "0.26" }
rustls-webpki = { version = "0.102" }
rustls-pemfile = { version = "2" }
rustls-native-certs = { version = "0.7"}
WebPkiVerifier
to WebPkiServerVerifier
and add WebPkiClientVerifier
.ServerCertVerifier
/ClientCertVerifier
so the trait doesn't depend on webpki. Instead the previous implementations are exposed as rustls::crypto::verify_tls12_signature
, rustls::crypto::verify_tls13_signature
and $PROVIDER.signature_verification_algorithms.supported_schemes()
, using the crypto provider of your choice. See tlsclient-mio for an example verifier that has been updated for 0.22.WebPkiServerVerifier::builder()
and WebPkiClientVerifier::builder()
.dangerous_configuration
, secret_extraction
and quic
. The API features those previously gated are now available without a crate feature. Types previously gated on the dangerous_configuration
feature now appear in danger
modules in the same place.rustls::Certificate
has been replaced with CertificateDer
from the new rustls-pki-types crate. Likewise, rustls::PrivateKey
has been replaced with rustls_pki_types::PrivateKeyDer
. These types come in both owned and borrowed variants, like std::borrow::Cow
, but some uses, like rustls::RootCertStore
, required the owned (<'static>
) variant.RootCertStore
is now passed around wrapped in an Arc
, to improve efficiency when creating a different verifier for different servers/clients but with the same roots.RootCertStore::add_parsable_certificates
now takes a impl IntoIterator<Item = impl AsRef<[u8]>>
.RootCertStore::add_server_trust_anchors
became RootCertStore::extend
.Debug
bound. Please exercise caution in using #[derive(Debug)]
on types that contain secret data.ConfigBuilder<ClientConfig, WantsClientCert>::with_single_cert
fn was removed in favour of with_client_auth_cert
(https://github.com/rustls/rustls/commit/42cda4658f3f5c865a9248803a8a083633525998)Old | New |
---|---|
rustls::CipherSuiteCommon |
rustls::crypto::CipherSuiteCommon |
rustls::SupportedKxGroup |
rustls::crypto::SupportedKxGroup |
rustls::cipher_suite::* |
rustls::crypto::ring::cipher_suite::* |
rustls::Ticketer |
rustls::crypto::ring::Ticketer |
rustls::ALL_KX_GROUPS |
rustls::crypto::ring::ALL_KX_GROUPS |
rustls::ALL_CIPHER_SUITES |
rustls::crypto::ring::ALL_CIPHER_SUITES |
rustls::DEFAULT_CIPHER_SUITES |
rustls::crypto::ring::DEFAULT_CIPHER_SUITES |
rustls::kx_group::* |
rustls::crypto::ring::kx_group::* |
rustls::sign::any_ecdsa_type |
rustls::crypto::ring::sign::any_ecdsa_type |
rustls::sign::any_eddsa_type |
rustls::crypto::ring::sign::any_eddsa_type |
rustls::sign::any_supported_type |
rustls::crypto::ring::sign::any_supported_type |
ALL_CIPHER_SUITES
(crypto providers)ALL_KX_GROUPS
(crypto providers)DEFAULT_CIPHER_SUITES
(crypto providers)SECP256R1
(crypto providers)SECP384R1
(crypto providers)any_ecdsa_type
(crypto providers)any_eddsa_type
(crypto providers)any_supported_type
(crypto providers)CipherSuiteCommon
(crypto
)ClientCertVerified
(server::danger
)ClientCertVerifier
(server::danger
)DangerousClientConfig
(client::danger
)HandshakeSignatureValid
(client::danger
)ServerCertVerified
(client::danger
)ServerCertVerifier
(client::danger
)SupportedKxGroup
(crypto
)Ticketer
(crypto providers)TLS13_AES_128_GCM_SHA256
(crypto providers)TLS13_AES_256_GCM_SHA384
(crypto providers)TLS13_CHACHA20_POLY1305_SHA256
(crypto providers)TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(crypto providers)TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
(crypto providers)TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
(crypto providers)TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(crypto providers)TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(crypto providers)TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
(crypto providers)X25519
(crypto providers)WebPkiVerifier
(client::WebPkiServerVerifier
)Certificate
(rustls_pki_types::CertificateDer
)PrivateKey
(rustls_pki_types::PrivateKeyDer
)SignError
(crypto::ring::sign::InvalidKeyError
)ActiveKeyExchange
(crypto
)AeadKey
(crypto::cipher
)Algorithm
(quic
)ClientCertVerifierBuilder
(server
)DangerousClientConfigBuilder
(client::danger
)expand
(crypto::tls13
)OkmBlock
(crypto::tls13
)OutputLengthError
(crypto::tls13
)ServerCertVerifierBuilder
(client
)TicketSwitcher
(ticketer
)WebPkiClientVerifier
(server
)default_provider()
(crypto::ring
)default_provider()
(crypto::aws_lc_rs
)HashAlgorithm
(crypto::hash
)Hash
(crypto::hash
)Hkdf
(crypto::tls13
)HkdfExpander
(crypto::tls13
)HkdfExpanderUsingHmac
(crypto::tls13
)HkdfUsingHmac
(crypto::tls13
)Hmac
(crypto::hmac
)Iv
(crypto::cipher
)KeyBlockShape
(crypto::cipher
)Key
(crypto::hmac
)KeyExchangeAlgorithm
(crypto
)make_tls12_aad
(crypto::cipher
)make_tls13_aad
(crypto::cipher
)MessageDecrypter
(crypto::cipher
)MessageEncrypter
(crypto::cipher
)Nonce
(crypto::cipher
)Nonce
(crypto::cipher
)OpaqueMessage
(crypto::cipher
)Output
(crypto::hash
)PlainMessage
(crypto::cipher
)Prf
(crypto::tls12
)PrfUsingHmac
(crypto::tls12
)SharedSecret
(crypto
)Tag
(crypto::hmac
)Tls12AeadAlgorithm
(crypto::cipher
)UnsupportedOperationError
(crypto::cipher
)WebPkiSupportedAlgorithms
(crypto
)GetRandomFailed
(crypto
)OtherError
(top level)UnsupportedOperationError
(crypto::cipher
)VerifierBuilderError
(client
)VerifierBuilderError
(server
)AllowAnyAnonymousOrAuthenticatedClient
AllowAnyAuthenticatedClient
BulkAlgorithm
CertificateTransparencyPolicy
supported_sign_tls13
WantsTransparencyPolicyOrClientCert
OwnedTrustAnchor
- use rustls_pki_types::TrustAnchor
instead, and replace from_subject_spki_name_constraints
with direct assignment to the struct fields.ConfigBuilder::with_safe_defaults
- calls to this can simply be deleted since safe defaults are now implicit.SystemTime
- certificate verification traits used to reference this type, but now reference rustls_pki_types::UnixTime
instead.Iterator
in add_parsable_certificates()
by @daxpedda in https://github.com/rustls/rustls/pull/1339
with_single_cert
-> with_client_auth_cert
by @cpu in https://github.com/rustls/rustls/pull/1345
session_id
in HRR by @ctz in https://github.com/rustls/rustls/pull/1374
rustls::SupportedCipherSuite
(part 1) by @ctz in https://github.com/rustls/rustls/pull/1398
RootCertStore
and remove expensiveness warnings by @djc in https://github.com/rustls/rustls/pull/1413
rustls::SupportedCipherSuite
(part deux) by @ctz in https://github.com/rustls/rustls/pull/1401
cargo doc
comments on private items by @ctz in https://github.com/rustls/rustls/pull/1419
KeyLogFile
for all examples. by @cpu in https://github.com/rustls/rustls/pull/1423
cargo test
for all feature combinations by @ctz in https://github.com/rustls/rustls/pull/1427
cargo test
by @jsha in https://github.com/rustls/rustls/pull/1438
CryptoProvider
by @ctz in https://github.com/rustls/rustls/pull/1448
DangerousClientConfigBuilder
, follow-up doc tweaks by @cpu in https://github.com/rustls/rustls/pull/1488
secret_extraction
feature. by @cpu in https://github.com/rustls/rustls/pull/1484
ConnectionTrafficSecrets
by @cpu in https://github.com/rustls/rustls/pull/1497
--locked
from cargo hack daily test by @cpu in https://github.com/rustls/rustls/pull/1500
clap
4.4.6 by @ctz in https://github.com/rustls/rustls/pull/1521
core::prelude
instead of std::prelude
by @japaric in https://github.com/rustls/rustls/pull/1524
rustls::internal
exports by @ctz in https://github.com/rustls/rustls/pull/1544
env::var
with env::var_os
by @paolobarbolini in https://github.com/rustls/rustls/pull/1572
SupportedKxGroup
& new variant in Error
by @Taowyoo in https://github.com/rustls/rustls/pull/1575
std::io::BorrowedBuf
et al. by @ctz in https://github.com/rustls/rustls/pull/1582
max_fragment_size
by @ctz in https://github.com/rustls/rustls/pull/1581
encrypted_payload_len
to MessageEncrypter
by @japaric in https://github.com/rustls/rustls/pull/1579
quic
crate feature by @ctz in https://github.com/rustls/rustls/pull/1594
-Z direct-minimal-versions
for minimal versions checks by @ctz in https://github.com/rustls/rustls/pull/1601
Full Changelog: https://github.com/rustls/rustls/compare/v/0.21.9...v/0.22.0
read_buf
feature with Rust nightly newer than nightly-2023-11-01
by opting in to the core_io_borrowed_buf
feature and updated BorrowedBuf
, BorrowedCursor
types.Full Changelog: https://github.com/rustls/rustls/compare/v/0.21.8...v/0.21.9