• Add support for connection-level ALPN protocol configuration.
• Improve invalid key purpose errors.
• Prefer post-quantum key exchange algorithms by default.
• Add improved kTLS API.

What's Changed

• Add prefer-post-quantum to default features by @ctz in #2425
• Tighten up decoding of empty messages by @ctz in #2430
• Update Rust crate brotli to v8 by @renovate-bot in #2435
• Update Rust crate brotli-decompressor to v5 by @renovate-bot in #2434
• clarify comments, field and parameter identifiers by @elagergren-spideroak in #2432
• Add support for connection-level ALPN protocol configuration by @djc in #2438
• Improve representation of SNI, ALPN and protocol version extensions by @ctz in #2441
• Update Rust crate nix to 0.30 by @renovate-bot in #2442
• Add kernel connection API by @swlynch99 in #2370
• Improve invalid key purpose errors by @djc in #2426

• Bug fix: in certain circumstances we saw std::io::Write::write_vectored implementations that reported writing more bytes than were available, in violation of that method's invariants. This seems to happen on macOS with certain VPN software active. Now we detect and return an error from write_tls calls in this case. See #2316.
• Admit support for a wider set of SignatureSchemes in TLS1.3, so that external providers may support ED448, post-quantum signatures, and others. See #2420.

What's Changed

• Upgrade to hickory-resolver 0.25 by @djc in #2387
• Pin [email protected] for now by @ctz in #2389
• Revert "Pin [email protected] for now" by @ctz in #2390
• chore(deps): lock file maintenance by @renovate-bot in #2404
• Cargo: update aws-lc-fips-sys 0.13.4 -> 0.13.5 by @cpu in #2409
• chore(deps): update rust crate zlib-rs to 0.5 by @renovate-bot in #2407
• chore(deps): update dependency go to v1.24.2 by @renovate-bot in #2410
• chore: fix some typos by @xixishidibei in #2411
• Add cargo deny check in CI by @djc in #2412
• build(deps): bump openssl from 0.10.71 to 0.10.72 by @dependabot in #2413
• Take semver-compatible updates by @ctz in #2415
• Use tlswg name for draft-kwiatkowski-tls-ecdhe-mlkem by @ctz in #2418
• Invert working of SignatureScheme::supported_in_tls13 by @ctz in #2420
• Reduce use of library internals in tests by @ctz in #2421
• 0.23.26: Detect and error on faulty io::Write::write_vectored by @ctz in #2422

New Contributors

• @xixishidibei made their first contribution in #2411

Full Changelog: v/0.23.25...v/0.23.26

• Translate webpki::Error::RequiredEkuNotFound to rustls::CertificateError::InvalidPurpose. This allows rustls-platform-verifier to stop requiring that rustls shares its version of its private webpki dependency, which is a semver hazard.

What's Changed

• Map webpki RequiredEkuNotFound error to InvalidPurpose by @djc in #2384
• Prepare 0.23.25 by @ctz in #2385

Full Changelog: v/0.23.24...v/0.23.25

• New feature: More detailed and helpful error reporting for common certificate errors, such as name mismatches and certificate expiry. Users who std::fmt::Display the rustls Error type will take advantage of this automatically. Users handling CertificateError variants individually should note the new variants, such as CertificateError::NotValidForNameContext (compare CertificateError::NotValidForName).

  $ cargo -q run --bin tlsclient-mio -- --http wrong.host.badssl.com
  TLS error: invalid peer certificate: certificate not valid for name "wrong.host.badssl.com";
  certificate is only valid for DnsName("*.badssl.com") or DnsName("badssl.com")
  Connection closed

  The old CertificateError variants (such as NotValidForName, Expired, etc.) remain usable, and may be produced by both the default and third-party certificate verification traits.

• New feature: Allow KTLS handoff for unbuffered API users, by introducing dangerous_extract_secrets(). Thanks to @edef1c.

• Bug fix: Unbuffered connections now consume data during the next_record() function, rather than production of the state. This fixes #2031.

• Bug fix: Build speed improvement for aws-lc-rs fips users.

• Behavior change: Clients no longer offer resumption between different ClientConfigs that share a resumption store but do not share server certificate verification and client authentication credentials. If you share a resumption store between multiple ClientConfigs, please ensure their server certificate verification and client authentication credentials are also shared. Please read the new documentation on the ClientConfig::resumption item for details.

  Additionally, if you share a resumption store or ticketer between multiple ServerConfigs, please see the new documentation on ServerConfig about this.

What's Changed

• Fix daily tests by @ctz in #2340
• ci: improve performance via more cache usage by @ctz in #2343
• Take semver-compatible dependencies by @ctz in #2344
• unbuffered: introduce dangerous_extract_secrets, analogous to buffered API by @edef1c in #2345
• docs: fix MSRV etc. by @brody4hire in #2346
• Clippy 1.85, 2024 style by @djc in #2348
• cleanup: specify once_cell version etc. in only 1 place by @brody4hire in #2352
• docs: update reference to danger NoCertificateVerification struct in examples by @brody4hire in #2351
• docs: minor improvements to CryptoProvider doc by @brody4hire in #2353
• unbuffered: do not prematurely consume data by @ctz in #2338
• bogo: implement -wait-for-debugger in shim by @cpu in #2347
• Take rustls-webpki 0.103.0 and improve certificate error reporting by @ctz in #2342
• Avoid handshake message round-tripping for binders by @ctz in #2359
• docs: improve some more links, etc. by @brody4hire in #2355
• adjust FIPS feature handling w.r.t aws-lc-sys by @cpu in #2291
• client: reject TLS 1.3 compat session ID in 1.2 by @cpu in #2360
• Update semver-compatible dependencies by @djc in #2366
• Avoid semver errors on discriminant changes by @djc in #2367
• fuzz/Cargo.lock: take semver-compatible updates by @ctz in #2372
• Prevent resumption between "incompatible" clients by @ctz in #2361
• chore(deps): update rust crate asn1 to 0.21 by @renovate-bot in #2374
• Mark unreachable functions with coverage(off) by @ctz in #2373
• docs: link to manual from front page by @ctz in #2375
• chore(deps): update dependency go to v1.24.1 by @renovate-bot in #2376
• admin/coverage: only measure core crate coverage by @ctz in #2377
• Refactor: prefer to take reference on match scrutinee by @ctz in #2379
• Add warning about server-side cross-config resumption by @ctz in #2381
• Prepare 0.23.24 by @ctz in #2383

New Contributors

• @edef1c made their first contribution in #2345

Full Changelog: v/0.23.23...v/0.23.24

• Export SingleCertAndKey implementation of ResolvesServerCert (was already used internally).
• Expose CertifiedKey::from_der() to help create CertifiedKeys with necessary checks.
• Note: users of the unbuffered API should now expect to encounter the new ConnectionState::PeerClosed variant, raised when the peer cleanly terminates their side of the connection with a close_notify alert.

What's Changed

• doc: fix tlsclient-mio sample usage in README.md by @brody4hire in #2321
• chore(deps): update seanmiddleditch/gha-setup-ninja action to v6 by @renovate-bot in #2322
• Use recent & published version of libfuzzer-sys by @ctz in #2323
• build(deps): bump openssl from 0.10.68 to 0.10.70 by @dependabot in #2324
• chore: resolve overindented doc list items by @brody4hire in #2326
• chore(ci): fix formatting of Taplo job by @brody4hire in #2328
• doc: minor crate feature doc cleanup by @brody4hire in #2327
• Fix RFC 7250 Compliance (#2257) by @holodorum in #2274
• build(deps): bump hickory-proto from 0.25.0-alpha.4 to 0.25.0-alpha.5 by @dependabot in #2335
• Expose SingleCertAndKey server cert resolver by @djc in #2337
• unbuffered: introduce PeerClosed state by @ctz in #2332

• Support for post-quantum-secure key exchange using X25519MLKEM768 when using the aws-lc-rs provider. This is supported by default, but offered at a low algorithm negotiation priority.

  A new crate feature prefer-post-quantum adjusts the aws-lc-rs provider's DEFAULT_KX_GROUPS order, so X25519MLKEM768 is the most preferred key exchange algorithm. This has some performance impact: handshakes which offer TLS1.3 are larger and slower.

  We expect to add this feature to the crate's default features in a future minor release.

  The rustls-post-quantum crate now depends on the core rustls crate and activates this feature.

• std::io::BufRead is now implemented for Reader, Stream, and StreamOwned. Thanks to @goffrie

What's Changed

• chore(deps): lock file maintenance by @renovate-bot in #2304
• Fix SSL 2 version constant to 0x0002 by @droe in #2305
• Incidental/preparatory parts of #2288 by @ctz in #2306
• chore: enforce taplo toml formatting by @brody4hire in #2307
• CI: deny all Clippy warnings including clippy::incompatible_msrv by @brody4hire in #2310
• chore: list rustls features near top of rustls/Cargo.toml by @brody4hire in #2314
• top-level sync::Arc alias to support fork for targets with no atomic ptr by @brody4hire in #2285
• add missing doc for default std feature by @brody4hire in #2313
• Implement BufRead for Reader, Stream, and StreamOwned by @goffrie in #2303
• Move rustls-post-quantum into the core crate by @ctz in #2288
• chore(deps): update rust crate x509-parser to 0.17 by @renovate-bot in #2320
• Detect ChunkVecBuffer::consume larger than length by @paolobarbolini in #2318
• Defensiveness improvements to ChunkVecBuffer by @ctz in #2319

New Contributors

• @droe made their first contribution in #2305
• @goffrie made their first contribution in #2303

Full Changelog: v/0.23.21...v/0.23.22

The functionality of this crate became part of the core rustls crate from its 0.23.22 release. This crate now sets the prefer-post-quantum feature, and maintains the same interface as before by re-exporting items from the 0.23.22 core crate.

Full Changelog: rustls-post-quantum-v/0.2.1...rustls-post-quantum-v/0.2.2

Added support for sending the certificate_authorities extension in the ClientHello (see #2265).

What's Changed

• improve provider-example CI testing & coverage testing by @brodycj in #2277
• Adopt benchmarking docs to new rustls-bench crate by @sbernauer in #2279
• Support certificate_authorities extension in ClientHello by @s-arash in #2265
• Clarify ordering of module items by @djc in #2271
• examples: ech-client should process all HTTPS records by @cpu in #2278
• docs: fix CONTRIBUTING.md broken link by @cpu in #2282
• Improve fuzzing coverage further by @ctz in #2267
• post-quantum key exchange writeup by @ctz in #2281
• Take aws-lc-rs 1.12 by @ctz in #2286
• Server fuzzing harness improvements by @ctz in #2294
• cleanup: use more parens when calculating ECH seed by @brodycj in #2296
• docs: update @cpu maintainer status by @cpu in #2299
• Prepare v0.23.21 release by @s-arash in #2301

Release notes:

• Support hybrid key exchange optimization: this improves efficiency of hybrid post-quantum key exchanges when the classical half of the hybrid is selected, which will be common during the post-quantum transition. This optimization is described in and allowed by draft-ietf-tls-hybrid-design; we plan to produce a short report soon illustrating its benefits.

This release, like 0.23.18, has an MSRV of 1.71. We are aware of a compiler bug in 1.71 that may affect rustls and recommend 1.73 or later.

What's Changed

• fix codecov.io upload by @ctz in #2236
• bench: optionally record individual handshake latencies by @ctz in #2224
• CI: enable doc tests on all CI hosts (and update CI doc test comments) by @brodycj in #2242
• replace unnecessary use of .map_or() with .is_some_and() by @brodycj in #2240
• Document a MSRV policy by @ctz in #2243
• Assorted clippy fixes by @ctz in #2245
• Normalise syntax of test_for_each_provider! by @ctz in #2222
• openssl-tests: fix clippy::zombie_processes warnings by @ctz in #2248
• performance headlines / landing page by @ctz in #2246
• multithreading benchmarking write-up by @ctz in #2207
• 2024-11-28-threading report: fix link by @ctz in #2250
• README: link to more providers by @ctz in #2251
• Port version bump to 0.23.19 to main by @djc in #2254
• Lock file maintenance by @renovate-bot in #2253
• Implement post-quantum hybrid KX optimisation by @ctz in #2136
• style.css: fix <pre> blowing out page width by @ctz in #2255
• docs: reduce permission scope by @cpu in #2261
• Lock file maintenance by @renovate-bot in #2262
• Restructure hybrid key exchange implementation by @ctz in #2259
• Improve fuzzing coverage and improve processed data tracking by @ctz in #2249
• openssl-tests: install openssl from source by @ctz in #2263
• examples: use inner hostname in ech-client HTTPS DNS query by @cpu in #2268
• server: remove ClientHello constructor by @djc in #2270
• fix rustls-provider-example hpke no-std support by @brodycj in #2269
• nit: remove trailing space from doc comments by @brodycj in #2273
• Release notes for rustls 0.23.20 & rustls-post-quantum 0.2.0 by @ctz in #2272

Full Changelog: v/0.23.18...v/0.23.20

Administrative release -- fixes the crate README. See https://github.com/rustls/rustls/releases/tag/rustls-post-quantum-v%2F0.2.0

What's Changed

• Fix rustls-post-quantum readme by @ctz in #2275

Full Changelog: rustls-post-quantum-v/0.2.0...rustls-post-quantum-v/0.2.1