mirror of https://github.com/ctz/rustls
16 KiB
16 KiB
Release history:
- 0.20.8 (2023-01-12)
- Yield an error from
ConnectionCommon::read_tls()
if buffers are full. Both a full deframer buffer and a full incoming plaintext buffer will now cause an error to be returned. Callers should callprocess_new_packets()
and read out the plaintext data fromreader()
after each successful call toread_tls()
. - The minimum supported Rust version is now 1.57.0 due to some dependencies requiring it.
- Yield an error from
- 0.20.7 (2022-10-18)
- Expose secret extraction API under the
secret_extraction
cargo feature. This is designed to enable switching from rustls to kTLS (kernel TLS offload) after a successful TLS 1.2/1.3 handshake, for example. - Move filtering of signature schemes after config selection, avoiding the need
for linking in encryption/decryption code for all cipher suites at the cost of
exposing more signature schemes in the
ClientHello
emitted by theAcceptor
. - Expose AlertDescription, ContentType, and HandshakeType, SignatureAlgorithm, and NamedGroup as part of the stable API. Previously they were part of the unstable internals API, but were referenced by parts of the stable API.
- We now have a Discord channel for community discussions.
- The minimum supported Rust version is now 1.56.0 due to several dependencies requiring it.
- Expose secret extraction API under the
- 0.20.6 (2022-05-18)
- 0.20.5 included a change to track more context for the
Error::CorruptMessage
which made API-incompatible changes to theError
type. We yanked 0.20.5 and have reverted that change as part of 0.20.6.
- 0.20.5 included a change to track more context for the
- 0.20.5 (2022-05-14)
- Correct compatbility with servers which return no TLS extensions and take advantage of a special case encoding.
- Remove spurious warn-level logging introduced in 0.20.3.
- Expose cipher suites in
ClientHello
type. - Allow verification of IP addresses with
dangerous_config
enabled. - Retry I/O operations in
ConnectionCommon::complete_io()
when interrupted. - Fix server::ResolvesServerCertUsingSni case sensitivity.
- 0.20.4 (2022-02-19)
- Correct regression in QUIC 0-RTT support.
- 0.20.3 (2022-02-13)
- Support loading ECDSA keys in SEC1 format.
- Support receipt of 0-RTT "early data" in TLS1.3 servers. It is not enabled
by default; opt in by setting
ServerConfig::max_early_data_size
to a non-zero value. - Support sending of data with the first server flight. This is also not
enabled by default either: opt in by setting
ServerConfig::send_half_rtt_data
. - Support
read_buf
interface when compiled with nightly. This means data can be safely read out of a rustls connection into a buffer without the buffer requiring initialisation first. Set theread_buf
feature to use this. - Improve efficiency when writing vectors of TLS types.
- Reduce copying and improve efficiency in TLS1.2 handshake.
- 0.20.2 (2021-11-21)
- Fix
CipherSuite::as_str()
value (as introduced in 0.20.1).
- Fix
- 0.20.1 (2021-11-14)
- Allow cipher suite enum items to be stringified.
- Improve documentation of configuration builder types.
- Ensure unused cipher suites can be removed at link-time.
- Ensure single-use error types implement
std::error::Error
, and are public.
- 0.20.0 (2021-09-26)
- Breaking change:
Connection
is now an enum instead of a trait. You can abstract overClientConnection
andServerConnection
with a bound likewhere C: Deref<ConnectionCommon<SD>>, SD: SideData
. - Breaking change: the SNI arguments to
ClientCertVerifier
methods have been removed. TheAcceptor
API now allows selecting aServerConfig
based on theClientHello
instead. - Unclean TCP closure is now tracked by the library. This means a new error is possible when reading plaintext:
ErrorKind::UnexpectedEof
will be returned in this case. - Breaking change: insulate the rustls public API from webpki API changes:
- PKI errors are now reported using rustls-specific errors.
- There is now a rustls-specific root trust anchor type.
- Breaking change: the following types are no longer exposed in the crate root, and can instead be imported
through the
client
module exposed in the crate root:ResolvesClientCert
,StoresClientSessions
,WriteEarlyData
,ClientSessionMemoryCache
,NoClientSessionStorage
,HandshakeSignatureValid
,ServerCertVerified
,ServerCertVerifier
,WebPkiVerifier
andDangerousClientConfig
. - Breaking change: the following types are no longer exposed in the crate root, and can instead be imported
through the
server
module exposed in the crate root:AllowAnonymousOrAuthenticatedClient
,AllowAnyAuthenticatedClient
,NoClientAuth
,ResolvesServerCertUsingSni
,NoServerSessionStorage
,ServerSessionMemoryCache
,StoresServerSessions
,ClientHello
,ProducesTickets
,ResolvesServerCert
,ClientCertVerified
andClientCertVerifier
. - Breaking API change:
QuicExt::write_hs()
now returns aKeyChange
type that returns handshake or 1-RTT keys. In the case of 1-RTT keys, aKeyChange
also includes aSecrets
type that must be used to derive further key updates, independent from the rustlsConnection
. TheQuicExt::next_1rtt_keys()
method has been removed. - Breaking API change: QUIC header protection keys now use a new type that directly exposes a masking/unmasking operation.
- Breaking change:
- 0.20.0-beta2 (2021-07-04)
- Breaking change: internal buffers are now limited to 64 kB by default. Use
Connection::set_buffer_limit
to change the buffer limits to suit your application. - Breaking API change: PEM parsing now lives in the rustls-pemfile crate.
This means
rustls::internals::pemfile
andrustls::RootCertStore::add_pem_file
no longer exist. - Breaking API change:
ServerCertVerifier::verify_server_cert
andClientCertVerifier::verify_client_cert
pass the end-entity and intermediate certificates separately. This means rustls deals with the case where the certificate chain is empty, rather than leaving that to ServerCertVerifier/ClientCertVerifier implementation. - Breaking API change:
SupportedCipherSuite
is now an enum with TLS 1.2 and TLS 1.3 variants. Some of its methods have moved to the innerTls12CipherSuite
andTls13CipherSuite
types. Instead ofusable_for_version()
, it now has aversion()
method.get_hash()
has been renamed tohash_algorithm()
andusable_for_sigalg()
tousable_for_signature_algorithm()
. - There are now 80% fewer unreachable unwraps in the core crate thanks to large refactoring efforts.
- Breaking API change: the
WebPkiError
variant ofrustls::Error
now includes which operation failed. - Breaking API changes: These public API items have been renamed to meet naming guidelines:
rustls::TLSError
torustls::Error
.rustls::ResolvesServerCertUsingSNI
torustls::ResolvesServerCertUsingSni
.rustls::WebPKIVerifier
torustls::WebPkiVerifier
.rustls::ciphersuites
torustls::cipher_suites
.rustls::ALL_CIPHERSUITES
toALL_CIPHER_SUITES
;rustls::DEFAULT_CIPHERSUITES
toDEFAULT_CIPHER_SUITES
.rustls::ClientHello::sigschemes
torustls::ClientHello::signature_schemes
.rustls::RootCertStore::get_subjects
torustls::RootCertStore::subjects
.rustls::ServerSession
torustls::ServerConnection
.rustls::ClientSession
torustls::ClientConnection
.rustls::ServerSession::get_sni_hostname
torustls::ServerConnection::sni_hostname
.rustls::ClientConfig::ciphersuites
torustls::ClientConfig::cipher_suites
.rustls::ServerConfig::ciphersuites
torustls::ServerConfig::cipher_suites
.rustls::ProducesTickets::get_lifetime
torustls::ProducesTickets::lifetime
.rustls::Session
:get_peer_certificates
topeer_certificates
,get_alpn_protocol
toalpn_protocol
,get_protocol_version
toprotocol_version
,get_negotiated_ciphersuite
tonegotiated_cipher_suite
.
- Breaking API change:
ResolvesServerCert::resolve
andResolvesClientCert::resolve
now returnOption<Arc<CertifiedKey>>
instead ofOption<CertifiedKey>
.CertifiedKey
is now an immutable type. - Breaking API change:
peer_certificates
returns a borrow rather than a copy on the internally stored certificate chain. - Breaking API change:
ClientConnection
's DNS name parameter is now a new enum,ServerName
, to allow future support for ECH and servers named by IP address.
- Breaking change: internal buffers are now limited to 64 kB by default. Use
- 0.19.1 (2021-04-17):
- Backport: fix security issue: there was a reachable panic in servers if a client
sent an invalid
ClientECDiffieHellmanPublic
encoding, due to an errantunwrap()
when parsing the encoding.
- Backport: fix security issue: there was a reachable panic in servers if a client
sent an invalid
- 0.19.0 (2020-11-22):
- Ensured that
get_peer_certificates
is both better documented, and works uniformly for both full-handshake and resumed sessions. - Fix bug: fully qualified hostnames should have had their trailing dot stripped when quoted in the SNI extension.
- Ensured that
- 0.18.1 (2020-08-16):
- Fix DoS vulnerability in TLS1.3 "Middlebox Compatibility Mode" CCS handling. This is thought to be quite minor -- see this commit message for a full discussion.
- 0.18.0 (2020-07-04):
- Allow custom certificate validation implementations to also
handle handshake signature computation. This allows uses in non-web
contexts, where
webpki
is not likely to process the certificates in use. Thanks to @DemiMarie-parity. - Performance improvements. Thanks to @nviennot.
- Fixed client authentication being unduly rejected by client when server uses the superseded certificate_types field of CertificateRequest.
- Breaking API change: The writev_tls API has been removed, in favour of using vectored IO support now offered by std::io::Write.
- Added ed25519 support for authentication; thanks to @potatosalad.
- Support removal of unused ciphersuites at link-time. To use this,
call
ClientConfig::with_ciphersuites
instead ofClientConfig::new
.
- Allow custom certificate validation implementations to also
handle handshake signature computation. This allows uses in non-web
contexts, where
- 0.17.0 (2020-02-22):
- Breaking API change: ALPN protocols offered by the client are passed
to the server certificate resolution trait (
ResolvesServerCert
). - Breaking API change: The server certificate resolution trait now takes a struct containing its arguments, so new data can be passed to these functions without further breaking changes.
- Signature schemes offered by the client are now filtered to those compatible with the client-offered ciphersuites. Prior to this change it was likely that server key type switching would not work for clients that offer signature schemes mismatched with their ciphersuites.
- Add manual with goal-oriented documentation, and rationale for design decisions.
- Breaking API change:
AlwaysResolvesClientCert::new
is now fallible, as isClientConfig::set_single_client_cert
.
- Breaking API change: ALPN protocols offered by the client are passed
to the server certificate resolution trait (
- 0.16.0 (2019-08-10):
- Optimisation of read path for polled non-blocking IO.
- Correct an omission in TLS1.3 middlebox compatibility mode, causing handshake failures with servers behind buggy middleboxes.
- Move to ring 0.16.
- Assorted refactoring to reduce memory usage during and after handshake.
- Update other dependencies.
- 0.15.2 (2019-04-02):
- Moved example code around for benefit of Fuchsia.
- Example code fixes for Windows -- Windows is now a tested platform.
- QUIC-specific bug fixes.
- Update dependencies.
- 0.15.1 (2019-01-29):
- Fix incorrect offering of SHA1.
- 0.15.0 (2019-01-20):
- Update dependencies.
- Breaking API change: ALPN protocols are now encoded as a
Vec<u8>
, not aString
. This alters the type of:ClientConfig::alpn_protocols
ClientConfig::set_protocols
ServerConfig::alpn_protocols
ServerConfig::set_protocols
Session::get_alpn_protocol
- Emit a warning when receiving an invalid SNI extension, such as one including an IP address.
- Extended QUIC support for later QUIC drafts.
- Correct bug where we'd send more than one fatal alert for handshake failure cases.
- Discontinue support for SHA1 signatures.
- Move to Rust 2018 edition.
- 0.14.0 (2018-09-30):
- Introduce client-side support for 0-RTT data in TLS1.3.
- Fix a bug in rustls::Stream for non-blocking transports.
- Move TLS1.3 support from draft 23 to final RFC8446 version.
- Don't offer (e.g.) TLS1.3 if no TLS1.3 suites are configured.
- Support stateful resumption in TLS1.3. Stateless resumption was previously supported, but is not the default configuration.
- Breaking API change:
generate()
removed fromStoresServerSessions
trait. - Breaking API change:
take()
added toStoresServerSessions
trait.
- 0.13.1 (2018-08-17):
- Fix a bug in rustls::Stream for non-blocking transports (backport).
- 0.13.0 (2018-07-15):
- Move TLS1.3 support from draft 22 to 23.
- Add support for
SSLKEYLOGFILE
; not enabled by default. - Add support for basic usage in QUIC.
ServerConfig::set_single_cert
and company now report errors.- Add support for vectored IO:
writev_tls
can now be used to optimise system call usage. - Support ECDSA signing for server and client authentication.
- Add type like
rustls::Stream
which owns its underlying TCP stream and rustls session.
- 0.12.0 (2018-01-06):
- New API for learning negotiated cipher suite.
- Move TLS1.3 support from draft 18 to 22.
- Allow server-side MTU configuration.
- Tested against latest BoringSSL test suite.
- Support RFC5705 exporters.
- Provide
ResolvesServerCertUsingSNI
for doing SNI-based certificate switching. - Allow disabling SNI extension on clients, for use with custom server certificate verifiers where the hostname may not make sense.
- DNS names are now typesafe, using
webpki::DNSName
. - Update dependencies.
- 0.11.0 (2017-08-28):
- New server API for learning requested SNI name.
- Server now checks selected certificate for validity.
- Remove time crate dependency.
- Follow webpki interface changes.
- Update dependencies.
- 0.10.0 (2017-08-12):
- Request and verify SCTs using sct crate. This doesn't happen unless you pass in some certificate transparency logs -- example code does this.
- Request OCSP stapled response and pass to cert verifier. Note that OCSP verification is not implemented, but this is the public API public change required to support this.
- Allow OCSP and SCT stapling for servers.
- Refactor handshake state machines.
- Bind verifications to final state -- note API change for custom cert verification.
- 0.9.0 (2017-06-16):
- Update dependencies.
- Add IO helper function (
complete_io
) torustls::Session
. - Add blocking stream type --
rustls::Stream
-- to ease use on top of blocking sockets.
- 0.8.0 (2017-05-14):
- Add
dangerous_configuration
feature for unsafe features.
- Add
- 0.7.0 (2017-05-08):
- Update dependencies.
- 0.6.0 (2017-05-06):
- Update dependencies.
- Expose ring's new support for PKCS#8-format private keys.
- New API for applying limitation to internal buffer sizes.
- 0.5.8 (2017-03-16):
- Fix build on later rustc.
- 0.5.7 (2017-02-27):
- No changes from 0.5.6; republished with nightly cargo for category support.
- 0.5.6 (2017-02-19):
- RFC7627 extended master secret support
- Assorted documentation improvements
- 0.5.5 (2017-02-03):
- Crate categories.
- Protocol errors now permanent for given session.
- Exposed
ResolvesServerCert
trait for customising certification selection. - Exposed
SignatureScheme
enum.
- 0.5.4 (2017-01-26):
- First release with TLS1.3-draft-18 support.
- More performance improvements (now ~15Gbps per core).
- New API to learn version of negotiated connection.
- 0.5.0 (2016-09-27):
- Tickets.
- Coverage testing.
- Benchmarking.
- Massive performance improvements (from ~1Gbps to ~6Gbps per core).
- OSX support.
- Minor API corrections and additional testing.