Weekly release for July 24 2025
Release Summary

The aws-kms-tls-auth crate is now available, which provides utilities to do TLS-PSK based authentication using IAM and KMS.
Created a new hybrid KEM group s2n_secp384r1_mlkem_1024.
Updated the default_pq security policy to include the secp384r1_mlkem_1024 hybrid KEM group.

What's Changed

fix(ci): adding set -e to prevent nix develop to hide failing tests by @boquan-fang in fix(ci): adding set -e to prevent nix develop to hide failing tests aws/s2n-tls#5393
chore: release 0.3.22 by @boquan-fang in chore: release 0.3.22 aws/s2n-tls#5397
docs: note that s2n_shutdown may keep reading by @lrstewart in docs: note that s2n_shutdown may keep reading aws/s2n-tls#5370
feat(aws-kms-tls-auth): add codec and parsing by @jmayclin in feat(aws-kms-tls-auth): add codec and parsing aws/s2n-tls#5398
ci: start codebuild jobs from github actions by @lrstewart in ci: start codebuild jobs from github actions aws/s2n-tls#5383
ci: Migrate Duvet GitHub Action to duvet-action repo by @johubertj in ci: Migrate Duvet GitHub Action to duvet-action repo aws/s2n-tls#5400
feat(aws-kms-tls-auth): add psk identity by @jmayclin in feat(aws-kms-tls-auth): add psk identity aws/s2n-tls#5402
feat: add ML-KEM-1024 kem definition by @johubertj in feat: add ML-KEM-1024 kem definition aws/s2n-tls#5367
Flip Nix integration tests to use uv/pytest by @dougch in Flip Nix integration tests to use uv/pytest aws/s2n-tls#5352
feat(aws-kms-tls-auth): add provider & receiver structs by @jmayclin in feat(aws-kms-tls-auth): add provider & receiver structs aws/s2n-tls#5408
ci: require repo write permissions for codebuild by @lrstewart in ci: require repo write permissions for codebuild aws/s2n-tls#5421
docs(aws-kms-tls-auth): add readme by @jmayclin in docs(aws-kms-tls-auth): add readme aws/s2n-tls#5409
docs(aws-kms-tls-auth): clarify security impact of failure modes by @jmayclin in docs(aws-kms-tls-auth): clarify security impact of failure modes aws/s2n-tls#5424
ci: run rustfmt/clippy on standard crates by @jmayclin in ci: run rustfmt/clippy on standard crates aws/s2n-tls#5333
feat: add secp384r1_mlkem_1024 kem group by @johubertj in feat: add secp384r1_mlkem_1024 kem group aws/s2n-tls#5395
feat(bench): add generic shutdown functionality by @jmayclin in feat(bench): add generic shutdown functionality aws/s2n-tls#5426
chore: Nix Corretto version bump/upstream by @dougch in chore: Nix Corretto version bump/upstream aws/s2n-tls#5427
feature: update default_pq to support secp384r1_mlkem_1024 by @johubertj in feature: update default_pq to support secp384r1_mlkem_1024 aws/s2n-tls#5433
build(deps): bump cross-platform-actions/action from 0.28.0 to 0.29.0 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in build(deps): bump cross-platform-actions/action from 0.28.0 to 0.29.0 in /.github/workflows in the all-gha-updates group aws/s2n-tls#5435

Full Changelog: aws/s2n-tls@v1.5.22...v1.5.23

View the full release notes at https://github.com/aws/s2n-tls/releases/tag/v1.5.23.