rustls/rustls v/0.20.3

on GitHub

• Support loading ECDSA keys in SEC1 format.
• Support receipt of 0-RTT "early data" in TLS1.3 servers. It is not enabled
  by default; opt in by setting ServerConfig::max_early_data_size to a non-zero
  value.
• Support sending of data with the first server flight. This is also not
  enabled by default either: opt in by setting ServerConfig::send_half_rtt_data.
• Support read_buf interface when compiled with nightly. This means
  data can be safely read out of a rustls connection into a buffer without
  the buffer requiring initialisation first. Set the read_buf feature to
  use this.
• Improve efficiency when writing vectors of TLS types.
• Reduce copying and improve efficiency in TLS1.2 handshake.

What's Changed

• Fix deprecation notice by @linkmauve in #863
• Reworked ticketswitcher to reduce time mutex is held. by @davidv1992 in #861
• Add rfc7251 cipher suites IDs by @ShadowJonathan in #865
• Fix typo in docs by @horazont in #869
• Fix clippy suggestions for 1.57 by @djc in #867
• Strict ALPN checking for QUIC by @Ralith in #873
• Defer opening key log file until writing to it by @djc in #871
• Support for feature(read_buf) by @divergentdave in #877
• Minimize state passed to process_alpn_protocol() by @djc in #880
• Correct docs for WebPkiVerifier server impl by @teisenbe in #887
• Silence clippy false positive warning by @djc in #892
• Avoid copying key agreement key material by @djc in #891
• CI: add CIFuzz integration by @DavidKorczynski in #862
• Avoid temporary allocations for encoding TLS vectors by @djc in #894
• Update (and thereby fix) verifybench tests by @ctz in #896
• Fix deny-by-default Clippy lints in examples and api.rs by @zombiepigdragon in #901
• Fix new unreachable_pub warnings by @djc in #917
• Use Self(()) instead of Self { 0: () }. by @briansmith in #923
• Address Clippy warnings about unwrap_or_else(Vec::new). by @briansmith in #924
• Revert "Defer opening key log file until writing to it" by @briansmith in #926
• Split KeyLogFile into its own module. by @briansmith in #929
• Derive debug for marker types by @tsoutsman in #902
• Use the new feature resolver (resolver = "2"). by @briansmith in #927
• Clean up client extension construction by @ctz in #934
• Implement TLS1.3 "early data" for TCP-TLS servers by @ctz in #897
• TLS 1.3 client: Stop holding onto entire ClientConfig after handshake. by @briansmith in #937
• Correct comment typos: RSASigningKey -> RsaSigningKey. by @briansmith in #941
• Make side handling more obvious by @djc in #914
• Clarify when may_receive_application_data is set. by @briansmith in #953
• CommonState::process_main_protocol: Remove misleading comments. by @briansmith in #954
• Remove RsaSigningKey from the public API documentation. by @briansmith in #942
• Restore thread-safety to the integration test suite w.r.t. env::set_var. by @briansmith in #936
• Remove unused variant HandshakeType::EarlyData by @djc in #956
• Make cargo {check,build,test} --all-features work on Rust Stable (take 3). by @briansmith in #965
• Remove check_message and match all incoming messages uniformly by @briansmith in #957
• TLS client: Make the logic for sending Certificate/CertificateVerify clearer. by @briansmith in #971
• Tests: Split out dangerous_configuration tests from rest, client/server cert verifier tests in particular. by @briansmith in #935
• TLS 1.3: Improve error reporting for handshake message received during early data. by @briansmith in #967
• TLS 1.3: Fix build warning with default feature set. by @briansmith in #972
• Server: Don't depend on ALL_CIPHER_SUITES when not using Acceptor. by @briansmith in #975
• Remove redundant rustls-mio/tests/curves.rs. by @briansmith in #980
• Remove redundant rustls-mio/tests/{client,server}_suites.rs tests. by @briansmith in #979
• Remove redundant OpenSSL-based ALPN tests and "skipped()" test helper. by @briansmith in #978
• Add integration test for AllowAnyAnonymousOrAuthenticatedClient. by @briansmith in #983
• AllowAnyAuthenticatedClient: Remove redundant function. by @briansmith in #984
• Add tests for Debug implementations of assertions. by @briansmith in #985
• Remove all client auth tests that use OpenSSL by @briansmith in #982
• Remove redundant rustls-mio/tests/errors.rs test. by @briansmith in #986
• Remove 1 second pause before running BadSSL tests. by @briansmith in #988
• Remove OpenSSL-based session resumption tests and dead OpenSSL-specific test utilities by @briansmith in #987
• Remove final openssl-using tests by @ctz in #992
• Change nor to and in docs about compression support in TLS versions by @hasheddan in #993
• Require 0.5RTT server data to be explicitly enabled by @ctz in #990
• Support SEC1-format EC keys via PKCS8 conversion by @ctz in #998
• Update rustls-pemfile requirement from 0.2.0 to 0.3.0 by @dependabot in #1001
• Reject malformed change_cipher_specs in TLS1.3 by @ctz in #1000

New Contributors

• @ShadowJonathan made their first contribution in #865
• @divergentdave made their first contribution in #877
• @teisenbe made their first contribution in #887
• @DavidKorczynski made their first contribution in #862
• @zombiepigdragon made their first contribution in #901
• @tsoutsman made their first contribution in #902
• @hasheddan made their first contribution in #993

Full Changelog: v/0.20.2...v/0.20.3