## Release history: * 0.20.8 (2023-01-12) - Yield an error from `ConnectionCommon::read_tls()` if buffers are full. Both a full deframer buffer and a full incoming plaintext buffer will now cause an error to be returned. Callers should call `process_new_packets()` and read out the plaintext data from `reader()` after each successful call to `read_tls()`. - The minimum supported Rust version is now 1.57.0 due to some dependencies requiring it. * 0.20.7 (2022-10-18) - Expose secret extraction API under the `secret_extraction` cargo feature. This is designed to enable switching from rustls to kTLS (kernel TLS offload) after a successful TLS 1.2/1.3 handshake, for example. - Move filtering of signature schemes after config selection, avoiding the need for linking in encryption/decryption code for all cipher suites at the cost of exposing more signature schemes in the `ClientHello` emitted by the `Acceptor`. - Expose AlertDescription, ContentType, and HandshakeType, SignatureAlgorithm, and NamedGroup as part of the stable API. Previously they were part of the unstable internals API, but were referenced by parts of the stable API. - We now have a [Discord channel](https://discord.gg/MCSB76RU96) for community discussions. - The minimum supported Rust version is now 1.56.0 due to several dependencies requiring it. * 0.20.6 (2022-05-18) - 0.20.5 included a change to track more context for the `Error::CorruptMessage` which made API-incompatible changes to the `Error` type. We yanked 0.20.5 and have reverted that change as part of 0.20.6. * 0.20.5 (2022-05-14) - Correct compatbility with servers which return no TLS extensions and take advantage of a special case encoding. - Remove spurious warn-level logging introduced in 0.20.3. - Expose cipher suites in `ClientHello` type. - Allow verification of IP addresses with `dangerous_config` enabled. - Retry I/O operations in `ConnectionCommon::complete_io()` when interrupted. - Fix server::ResolvesServerCertUsingSni case sensitivity. * 0.20.4 (2022-02-19) - Correct regression in QUIC 0-RTT support. * 0.20.3 (2022-02-13) - Support loading ECDSA keys in SEC1 format. - Support receipt of 0-RTT "early data" in TLS1.3 servers. It is not enabled by default; opt in by setting `ServerConfig::max_early_data_size` to a non-zero value. - Support sending of data with the first server flight. This is also not enabled by default either: opt in by setting `ServerConfig::send_half_rtt_data`. - Support `read_buf` interface when compiled with nightly. This means data can be safely read out of a rustls connection into a buffer without the buffer requiring initialisation first. Set the `read_buf` feature to use this. - Improve efficiency when writing vectors of TLS types. - Reduce copying and improve efficiency in TLS1.2 handshake. * 0.20.2 (2021-11-21) - Fix `CipherSuite::as_str()` value (as introduced in 0.20.1). * 0.20.1 (2021-11-14) - Allow cipher suite enum items to be stringified. - Improve documentation of configuration builder types. - Ensure unused cipher suites can be removed at link-time. - Ensure single-use error types implement `std::error::Error`, and are public. * 0.20.0 (2021-09-26) - *Breaking change*: `Connection` is now an enum instead of a trait. You can abstract over `ClientConnection` and `ServerConnection` with a bound like `where C: Deref>, SD: SideData`. - *Breaking change*: the SNI arguments to `ClientCertVerifier` methods have been removed. The `Acceptor` API now allows selecting a `ServerConfig` based on the `ClientHello` instead. - Unclean TCP closure is now tracked by the library. This means a new error is possible when reading plaintext: `ErrorKind::UnexpectedEof` will be returned in this case. - *Breaking change*: insulate the rustls public API from webpki API changes: - PKI errors are now reported using rustls-specific errors. - There is now a rustls-specific root trust anchor type. - *Breaking change*: the following types are no longer exposed in the crate root, and can instead be imported through the `client` module exposed in the crate root: `ResolvesClientCert`, `StoresClientSessions`, `WriteEarlyData`, `ClientSessionMemoryCache`, `NoClientSessionStorage`, `HandshakeSignatureValid`, `ServerCertVerified`, `ServerCertVerifier`, `WebPkiVerifier` and `DangerousClientConfig`. - *Breaking change*: the following types are no longer exposed in the crate root, and can instead be imported through the `server` module exposed in the crate root: `AllowAnonymousOrAuthenticatedClient`, `AllowAnyAuthenticatedClient`, `NoClientAuth`, `ResolvesServerCertUsingSni`, `NoServerSessionStorage`, `ServerSessionMemoryCache`, `StoresServerSessions`, `ClientHello`, `ProducesTickets`, `ResolvesServerCert`, `ClientCertVerified` and `ClientCertVerifier`. - *Breaking API change*: `QuicExt::write_hs()` now returns a `KeyChange` type that returns handshake or 1-RTT keys. In the case of 1-RTT keys, a `KeyChange` also includes a `Secrets` type that must be used to derive further key updates, independent from the rustls `Connection`. The `QuicExt::next_1rtt_keys()` method has been removed. - *Breaking API change*: QUIC header protection keys now use a new type that directly exposes a masking/unmasking operation. * 0.20.0-beta2 (2021-07-04) - *Breaking change*: internal buffers are now limited to 64 kB by default. Use `Connection::set_buffer_limit` to change the buffer limits to suit your application. - *Breaking API change*: PEM parsing now lives in the [rustls-pemfile crate](https://crates.io/crates/rustls-pemfile). This means `rustls::internals::pemfile` and `rustls::RootCertStore::add_pem_file` no longer exist. - *Breaking API change*: `ServerCertVerifier::verify_server_cert` and `ClientCertVerifier::verify_client_cert` pass the end-entity and intermediate certificates separately. This means rustls deals with the case where the certificate chain is empty, rather than leaving that to ServerCertVerifier/ClientCertVerifier implementation. - *Breaking API change*: `SupportedCipherSuite` is now an enum with TLS 1.2 and TLS 1.3 variants. Some of its methods have moved to the inner `Tls12CipherSuite` and `Tls13CipherSuite` types. Instead of `usable_for_version()`, it now has a `version()` method. `get_hash()` has been renamed to `hash_algorithm()` and `usable_for_sigalg()` to `usable_for_signature_algorithm()`. - There are now 80% fewer unreachable unwraps in the core crate thanks to large refactoring efforts. - *Breaking API change*: the `WebPkiError` variant of `rustls::Error` now includes which operation failed. - *Breaking API changes*: These public API items have been renamed to meet naming guidelines: - `rustls::TLSError` to `rustls::Error`. - `rustls::ResolvesServerCertUsingSNI` to `rustls::ResolvesServerCertUsingSni`. - `rustls::WebPKIVerifier` to `rustls::WebPkiVerifier`. - `rustls::ciphersuites` to `rustls::cipher_suites`. - `rustls::ALL_CIPHERSUITES` to `ALL_CIPHER_SUITES`; `rustls::DEFAULT_CIPHERSUITES` to `DEFAULT_CIPHER_SUITES`. - `rustls::ClientHello::sigschemes` to `rustls::ClientHello::signature_schemes`. - `rustls::RootCertStore::get_subjects` to `rustls::RootCertStore::subjects`. - `rustls::ServerSession` to `rustls::ServerConnection`. - `rustls::ClientSession` to `rustls::ClientConnection`. - `rustls::ServerSession::get_sni_hostname` to `rustls::ServerConnection::sni_hostname`. - `rustls::ClientConfig::ciphersuites` to `rustls::ClientConfig::cipher_suites`. - `rustls::ServerConfig::ciphersuites` to `rustls::ServerConfig::cipher_suites`. - `rustls::ProducesTickets::get_lifetime` to `rustls::ProducesTickets::lifetime`. - `rustls::Session`: `get_peer_certificates` to `peer_certificates`, `get_alpn_protocol` to `alpn_protocol`, `get_protocol_version` to `protocol_version`, `get_negotiated_ciphersuite` to `negotiated_cipher_suite`. - *Breaking API change*: `ResolvesServerCert::resolve` and `ResolvesClientCert::resolve` now return `Option>` instead of `Option`. `CertifiedKey` is now an immutable type. - *Breaking API change*: `peer_certificates` returns a borrow rather than a copy on the internally stored certificate chain. - *Breaking API change*: `ClientConnection`'s DNS name parameter is now a new enum, `ServerName`, to allow future support for ECH and servers named by IP address. * 0.19.1 (2021-04-17): - Backport: fix security issue: there was a reachable panic in servers if a client sent an invalid `ClientECDiffieHellmanPublic` encoding, due to an errant `unwrap()` when parsing the encoding. * 0.19.0 (2020-11-22): - Ensured that `get_peer_certificates` is both better documented, and works uniformly for both full-handshake and resumed sessions. - Fix bug: fully qualified hostnames should have had their trailing dot stripped when quoted in the SNI extension. * 0.18.1 (2020-08-16): - Fix DoS vulnerability in TLS1.3 "Middlebox Compatibility Mode" CCS handling. This is thought to be quite minor -- see [this commit message](https://github.com/rustls/rustls/commit/e51bf92afcd9dfbd5f4e8154b847aa5cc380913c) for a full discussion. * 0.18.0 (2020-07-04): - Allow custom certificate validation implementations to also handle handshake signature computation. This allows uses in non-web contexts, where `webpki` is not likely to process the certificates in use. Thanks to @DemiMarie-parity. - Performance improvements. Thanks to @nviennot. - Fixed client authentication being unduly rejected by client when server uses the superseded certificate_types field of CertificateRequest. - *Breaking API change*: The writev_tls API has been removed, in favour of using vectored IO support now offered by std::io::Write. - Added ed25519 support for authentication; thanks to @potatosalad. - Support removal of unused ciphersuites at link-time. To use this, call `ClientConfig::with_ciphersuites` instead of `ClientConfig::new`. * 0.17.0 (2020-02-22): - *Breaking API change*: ALPN protocols offered by the client are passed to the server certificate resolution trait (`ResolvesServerCert`). - *Breaking API change*: The server certificate resolution trait now takes a struct containing its arguments, so new data can be passed to these functions without further breaking changes. - Signature schemes offered by the client are now filtered to those compatible with the client-offered ciphersuites. Prior to this change it was likely that server key type switching would not work for clients that offer signature schemes mismatched with their ciphersuites. - Add manual with goal-oriented documentation, and rationale for design decisions. - *Breaking API change*: `AlwaysResolvesClientCert::new` is now fallible, as is `ClientConfig::set_single_client_cert`. * 0.16.0 (2019-08-10): - Optimisation of read path for polled non-blocking IO. - Correct an omission in TLS1.3 middlebox compatibility mode, causing handshake failures with servers behind buggy middleboxes. - Move to *ring* 0.16. - Assorted refactoring to reduce memory usage during and after handshake. - Update other dependencies. * 0.15.2 (2019-04-02): - Moved example code around for benefit of Fuchsia. - Example code fixes for Windows -- Windows is now a tested platform. - QUIC-specific bug fixes. - Update dependencies. * 0.15.1 (2019-01-29): - Fix incorrect offering of SHA1. * 0.15.0 (2019-01-20): - Update dependencies. - *Breaking API change*: ALPN protocols are now encoded as a `Vec`, not a `String`. This alters the type of: - `ClientConfig::alpn_protocols` - `ClientConfig::set_protocols` - `ServerConfig::alpn_protocols` - `ServerConfig::set_protocols` - `Session::get_alpn_protocol` - Emit a warning when receiving an invalid SNI extension, such as one including an IP address. - Extended QUIC support for later QUIC drafts. - Correct bug where we'd send more than one fatal alert for handshake failure cases. - Discontinue support for SHA1 signatures. - Move to Rust 2018 edition. * 0.14.0 (2018-09-30): - Introduce client-side support for 0-RTT data in TLS1.3. - Fix a bug in rustls::Stream for non-blocking transports. - Move TLS1.3 support from draft 23 to final RFC8446 version. - Don't offer (e.g.) TLS1.3 if no TLS1.3 suites are configured. - Support stateful resumption in TLS1.3. Stateless resumption was previously supported, but is not the default configuration. - *Breaking API change*: `generate()` removed from `StoresServerSessions` trait. - *Breaking API change*: `take()` added to `StoresServerSessions` trait. * 0.13.1 (2018-08-17): - Fix a bug in rustls::Stream for non-blocking transports (backport). * 0.13.0 (2018-07-15): - Move TLS1.3 support from draft 22 to 23. - Add support for `SSLKEYLOGFILE`; not enabled by default. - Add support for basic usage in QUIC. - `ServerConfig::set_single_cert` and company now report errors. - Add support for vectored IO: `writev_tls` can now be used to optimise system call usage. - Support ECDSA signing for server and client authentication. - Add type like `rustls::Stream` which owns its underlying TCP stream and rustls session. * 0.12.0 (2018-01-06): - New API for learning negotiated cipher suite. - Move TLS1.3 support from draft 18 to 22. - Allow server-side MTU configuration. - Tested against latest BoringSSL test suite. - Support RFC5705 exporters. - Provide `ResolvesServerCertUsingSNI` for doing SNI-based certificate switching. - Allow disabling SNI extension on clients, for use with custom server certificate verifiers where the hostname may not make sense. - DNS names are now typesafe, using `webpki::DNSName`. - Update dependencies. * 0.11.0 (2017-08-28): - New server API for learning requested SNI name. - Server now checks selected certificate for validity. - Remove time crate dependency. - Follow webpki interface changes. - Update dependencies. * 0.10.0 (2017-08-12): - Request and verify SCTs using sct crate. This doesn't happen unless you pass in some certificate transparency logs -- example code does this. - Request OCSP stapled response and pass to cert verifier. Note that OCSP verification is not implemented, but this is the public API public change required to support this. - Allow OCSP and SCT stapling for servers. - Refactor handshake state machines. - Bind verifications to final state -- note API change for custom cert verification. * 0.9.0 (2017-06-16): - Update dependencies. - Add IO helper function (`complete_io`) to `rustls::Session`. - Add blocking stream type -- `rustls::Stream` -- to ease use on top of blocking sockets. * 0.8.0 (2017-05-14): - Add `dangerous_configuration` feature for unsafe features. * 0.7.0 (2017-05-08): - Update dependencies. * 0.6.0 (2017-05-06): - Update dependencies. - Expose ring's new support for PKCS#8-format private keys. - New API for applying limitation to internal buffer sizes. * 0.5.8 (2017-03-16): - Fix build on later rustc. * 0.5.7 (2017-02-27): - No changes from 0.5.6; republished with nightly cargo for category support. * 0.5.6 (2017-02-19): - RFC7627 extended master secret support - Assorted documentation improvements * 0.5.5 (2017-02-03): - Crate categories. - Protocol errors now permanent for given session. - Exposed `ResolvesServerCert` trait for customising certification selection. - Exposed `SignatureScheme` enum. * 0.5.4 (2017-01-26): - First release with TLS1.3-draft-18 support. - More performance improvements (now ~15Gbps per core). - New API to learn version of negotiated connection. * 0.5.0 (2016-09-27): - Tickets. - Coverage testing. - Benchmarking. - Massive performance improvements (from ~1Gbps to ~6Gbps per core). - OSX support. - Minor API corrections and additional testing.