Upgrade rustls to v0.23 and add support for aws-lc-rs #1222
Conversation
paolobarbolini
force-pushed
the
rustls-0.23
branch
2 times, most recently
from
b6e3371
to
f376d5b
Compare
paolobarbolini
changed the title
paolobarbolini
force-pushed
the
rustls-0.23
branch
3 times, most recently
from
8c5422c
to
cbb296c
Compare
paolobarbolini
force-pushed
the
rustls-0.23
branch
from
cbb296c
to
e1bc2f9
Compare
|
Hey is there any plans to merge this, there's a security advisory that depends on this version bump. |
paolobarbolini
force-pushed
the
rustls-0.23
branch
from
e1bc2f9
to
6da7f23
Compare
To be fair this is not true. The patch was backported to previous versions of |
paolobarbolini
force-pushed
the
rustls-0.23
branch
from
6da7f23
to
989c70f
Compare
|
@Callum-A we are planning to merge this soon. |
|
Thanks all @paolobarbolini is correct. Ty for the info, the advisory we received on our end has been resolved :) |
|
I wonder if it makes sense to default to |
|
Defaulting to ring is a good idea IMO. There's a lot of hate and discontent over in the rustls issue tracker ATM about their choice to default to aws-lc-rs. Personally, I'm excited to have aws-lc-rs as an option because it's being maintained by a large company and not a solo maintainer, but the build issues are real. |
paolobarbolini
force-pushed
the
rustls-0.23
branch
from
989c70f
to
747f29c
Compare
|
Fixed |
|
@paolobarbolini thanks! |
paolobarbolini
force-pushed
the
rustls-0.23
branch
from
747f29c
to
2735e31
Compare
|
I've switched the tests back to |
async-nats/Cargo.toml
Outdated
| @@ -56,7 +58,10 @@ num = "0.4.1" | |||
|
|
|||
|
|
|||
| [features] | |||
| default = ["server_2_10"] | |||
| default = ["server_2_10", "aws_lc_rs"] | |||
There was a problem hiding this comment.
were you able to get any perf numbers comparing both crypto backends?
I would like to get some data before deciding to make a default switch.
# 0.35.0 ## Overview This release makes tls setup more flexible, leveraging rusls v0.23 and allowing to pick crypto backend: * ring * aws-lc-rs * fips Some other highlights: * force reconnect via `force_reconnect` method * explicit create/update consumer API Thank you for all your contributions! ## Added * Add `ToServerAddrs` impl for array/vector of strings by @mmalek in #1231 * Add public constructor for Acker by @AbstractiveNord in #1232 * Add force reconnect by @Jarema in #1240 * Add features check by @Jarema in #1247 * Add stream placement by @Jarema in #1250 * Add consumer action by @Jarema in #1254 * Add support for aws-lc-rs (rustls v0.23.0) by @paolobarbolini in #1222 ## Fixed * Use last header value for JetStream messages by @Jarema in #1239 ## Changed * Wrap inbox prefix in an `Arc` by @thomastaylor312 in #1236 * Document feature flags by @Jarema in #1246 * Don't force flush if write buffer isn't empty by @paolobarbolini in #1241 ## New Contributors * @mmalek made their first contribution in #1231 **Full Changelog**: async-nats/v0.34.0...async-nats/v0.35.0 Signed-off-by: Tomasz Pietrek <tomasz@nats.io> Co-authored-by: Piotr Piotrowski <piotr@synadia.com>
Depends on rustls/tokio-rustls#59