Update manual::features and refer to it

README.md

@@ -37,52 +37,8 @@ Rustls is a TLS library that aims to provide a good level of cryptographic secur
 requires no configuration to achieve that security, and provides no unsafe features or
 obsolete cryptography by default.
 
-## Current functionality (with default crate features)
-
-* TLS1.2 and TLS1.3.
-* ECDSA, Ed25519 or RSA server authentication by clients.
-* ECDSA, Ed25519 or RSA server authentication by servers.
-* Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves.
-* AES128-GCM and AES256-GCM bulk encryption, with safe nonces.
-* ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)).
-* ALPN support.
-* SNI support.
-* Tunable fragment size to make TLS messages match size of underlying transport.
-* Optional use of vectored IO to minimise system calls.
-* TLS1.2 session resumption.
-* TLS1.2 resumption via tickets ([RFC5077](https://tools.ietf.org/html/rfc5077)).
-* TLS1.3 resumption via tickets or session storage.
-* TLS1.3 0-RTT data for clients.
-* TLS1.3 0-RTT data for servers.
-* Server and optional client authentication.
-* Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)).
-* Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)).
-* OCSP stapling by servers.
-
-## Non-features
-
-For reasons [explained in the manual](https://docs.rs/rustls/latest/rustls/manual/_02_tls_vulnerabilities/index.html),
-rustls does not and will not support:
-
-* SSL1, SSL2, SSL3, TLS1 or TLS1.1.
-* RC4.
-* DES or triple DES.
-* EXPORT ciphersuites.
-* MAC-then-encrypt ciphersuites.
-* Ciphersuites without forward secrecy.
-* Renegotiation.
-* Kerberos.
-* TLS 1.2 protocol compression.
-* Discrete-log Diffie-Hellman.
-* Automatic protocol version downgrade.
-* Using CA certificates directly to authenticate a server/client (often called "self-signed
-certificates"). _Rustls' default certificate verifier does not support using a trust anchor as
-both a CA certificate and an end-entity certificate in order to limit complexity and risk in
-path building. While dangerous, all authentication can be turned off if required --
-see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_.
-
-There are plenty of other libraries that provide these features should you
-need them.
+Rustls implements TLS1.2 and TLS1.3 for both clients and servers. See [the full
+list of protocol features](https://docs.rs/rustls/latest/rustls/manual/_04_features/index.html).
 
 ### Platform support
 

admin/pull-readme

@@ -6,7 +6,7 @@ set -e
 awk 'BEGIN { take=1 }/# Approach/{take=0;print}take' < README.md > README.md.new
 grep '^//!' rustls/src/lib.rs | \
        sed -e 's@^\/\/\! *@@g' | \
-       sed -e 's@manual](manual)@manual](https://docs.rs/rustls/latest/rustls/manual/_02_tls_vulnerabilities/index.html)@' | \
+       sed -e 's@](manual::_04_features)@](https://docs.rs/rustls/latest/rustls/manual/_04_features/index.html)@' | \
        awk '/# Rustls - a modern TLS library/{take=1;next}/## Design overview/{take=0}take' >> README.md.new
 awk '/# Example code/{take=1}take' < README.md >> README.md.new
 mv README.md.new README.md

rustls/src/lib.rs

@@ -4,52 +4,8 @@
 //! requires no configuration to achieve that security, and provides no unsafe features or
 //! obsolete cryptography by default.
 //!
-//! ## Current functionality (with default crate features)
-//!
-//! * TLS1.2 and TLS1.3.
-//! * ECDSA, Ed25519 or RSA server authentication by clients.
-//! * ECDSA, Ed25519 or RSA server authentication by servers.
-//! * Forward secrecy using ECDHE; with curve25519, nistp256 or nistp384 curves.
-//! * AES128-GCM and AES256-GCM bulk encryption, with safe nonces.
-//! * ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)).
-//! * ALPN support.
-//! * SNI support.
-//! * Tunable fragment size to make TLS messages match size of underlying transport.
-//! * Optional use of vectored IO to minimise system calls.
-//! * TLS1.2 session resumption.
-//! * TLS1.2 resumption via tickets ([RFC5077](https://tools.ietf.org/html/rfc5077)).
-//! * TLS1.3 resumption via tickets or session storage.
-//! * TLS1.3 0-RTT data for clients.
-//! * TLS1.3 0-RTT data for servers.
-//! * Server and optional client authentication.
-//! * Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)).
-//! * Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)).
-//! * OCSP stapling by servers.
-//!
-//! ## Non-features
-//!
-//! For reasons [explained in the manual](manual),
-//! rustls does not and will not support:
-//!
-//! * SSL1, SSL2, SSL3, TLS1 or TLS1.1.
-//! * RC4.
-//! * DES or triple DES.
-//! * EXPORT ciphersuites.
-//! * MAC-then-encrypt ciphersuites.
-//! * Ciphersuites without forward secrecy.
-//! * Renegotiation.
-//! * Kerberos.
-//! * TLS 1.2 protocol compression.
-//! * Discrete-log Diffie-Hellman.
-//! * Automatic protocol version downgrade.
-//! * Using CA certificates directly to authenticate a server/client (often called "self-signed
-//!   certificates"). _Rustls' default certificate verifier does not support using a trust anchor as
-//!   both a CA certificate and an end-entity certificate in order to limit complexity and risk in
-//!   path building. While dangerous, all authentication can be turned off if required --
-//!   see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_.
-//!
-//! There are plenty of other libraries that provide these features should you
-//! need them.
+//! Rustls implements TLS1.2 and TLS1.3 for both clients and servers. See [the full
+//! list of protocol features](manual::_04_features).
 //!
 //! ### Platform support
 //!

rustls/src/manual/features.rs

@@ -10,25 +10,17 @@
 * ChaCha20-Poly1305 bulk encryption ([RFC7905](https://tools.ietf.org/html/rfc7905)).
 * ALPN support.
 * SNI support.
-* Tunable MTU to make TLS messages match size of underlying transport.
+* Tunable fragment size to make TLS messages match size of underlying transport.
 * Optional use of vectored IO to minimise system calls.
 * TLS1.2 session resumption.
-* TLS1.2 resumption via tickets (RFC5077).
+* TLS1.2 resumption via tickets ([RFC5077](https://tools.ietf.org/html/rfc5077)).
 * TLS1.3 resumption via tickets or session storage.
 * TLS1.3 0-RTT data for clients.
-* Client authentication by clients.
-* Client authentication by servers.
-* Extended master secret support (RFC7627).
-* Exporters (RFC5705).
+* TLS1.3 0-RTT data for servers.
+* Server and optional client authentication.
+* Extended master secret support ([RFC7627](https://tools.ietf.org/html/rfc7627)).
+* Exporters ([RFC5705](https://tools.ietf.org/html/rfc5705)).
 * OCSP stapling by servers.
-* SCT stapling by servers.
-* SCT verification by clients.
-
-## Possible future features
-
-* PSK support.
-* OCSP verification by clients.
-* Certificate pinning.
 
 ## Non-features
 
@@ -43,8 +35,13 @@ and will not support:
 * Ciphersuites without forward secrecy.
 * Renegotiation.
 * Kerberos.
-* Compression.
+* TLS 1.2 protocol compression.
 * Discrete-log Diffie-Hellman.
 * Automatic protocol version downgrade.
+* Using CA certificates directly to authenticate a server/client (often called "self-signed
+  certificates"). _Rustls' default certificate verifier does not support using a trust anchor as
+  both a CA certificate and an end-entity certificate in order to limit complexity and risk in
+  path building. While dangerous, all authentication can be turned off if required --
+  see the [example code](https://github.com/rustls/rustls/blob/992e2364a006b2e84a8cf6a7c3eaf0bdb773c9de/examples/src/bin/tlsclient-mio.rs#L318)_.
 
 */