From afde990c6b73a8e49bef22a7088c223f5c370bab Mon Sep 17 00:00:00 2001 From: 0x676e67 Date: Wed, 18 Jun 2025 22:15:44 +0800 Subject: [PATCH 1/3] docs: update prefer chacha20 option docs --- boring/src/ssl/connector.rs | 4 ++++ boring/src/ssl/mod.rs | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/boring/src/ssl/connector.rs b/boring/src/ssl/connector.rs index 22a001a1..510a67c1 100644 --- a/boring/src/ssl/connector.rs +++ b/boring/src/ssl/connector.rs @@ -288,6 +288,10 @@ impl ConnectConfiguration { } /// Sets whether the aes chacha20 preference should be enabled. + /// + /// Controls the priority of TLS 1.3 cipher suites. When set to `true`, the client prefers: + /// AES_128_GCM, CHACHA20_POLY1305, then AES_256_GCM. Useful in environments with specific + /// encryption requirements. #[cfg(not(feature = "fips"))] #[corresponds(SSL_set_prefer_chacha20)] pub fn set_prefer_chacha20(&mut self, enable: bool) { diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index 6f31e56f..5073dc46 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -1910,7 +1910,11 @@ impl SslContextBuilder { unsafe { ffi::SSL_CTX_set_aes_hw_override(self.as_ptr(), enable as _) } } - /// Sets whether the aes chacha20 preference should be enabled. + /// Sets whether the AES-ChaCha20 preference should be enabled. + /// + /// Controls the priority of TLS 1.3 cipher suites. When set to `true`, the client prefers: + /// AES_128_GCM, CHACHA20_POLY1305, then AES_256_GCM. Useful in environments with specific + /// encryption requirements. #[cfg(not(feature = "fips"))] #[corresponds(SSL_CTX_set_prefer_chacha20)] pub fn set_prefer_chacha20(&mut self, enable: bool) { From 590cef9b1f2ea3c20f1ed3d5f86b5f5496c05c61 Mon Sep 17 00:00:00 2001 From: 0x676e67 Date: Wed, 18 Jun 2025 22:16:46 +0800 Subject: [PATCH 2/3] docs: update prefer chacha20 option docs --- boring/src/ssl/connector.rs | 2 +- boring/src/ssl/mod.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/boring/src/ssl/connector.rs b/boring/src/ssl/connector.rs index 510a67c1..f4836e85 100644 --- a/boring/src/ssl/connector.rs +++ b/boring/src/ssl/connector.rs @@ -287,7 +287,7 @@ impl ConnectConfiguration { unsafe { ffi::SSL_set_aes_hw_override(self.as_ptr(), enable as _) } } - /// Sets whether the aes chacha20 preference should be enabled. + /// Sets whether the ChaCha20 preference should be enabled. /// /// Controls the priority of TLS 1.3 cipher suites. When set to `true`, the client prefers: /// AES_128_GCM, CHACHA20_POLY1305, then AES_256_GCM. Useful in environments with specific diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index 5073dc46..1efc7c8d 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -1910,7 +1910,7 @@ impl SslContextBuilder { unsafe { ffi::SSL_CTX_set_aes_hw_override(self.as_ptr(), enable as _) } } - /// Sets whether the AES-ChaCha20 preference should be enabled. + /// Sets whether the ChaCha20 preference should be enabled. /// /// Controls the priority of TLS 1.3 cipher suites. When set to `true`, the client prefers: /// AES_128_GCM, CHACHA20_POLY1305, then AES_256_GCM. Useful in environments with specific From 3a32ea51f7961d0f7b2d15f6ce3481dafcb14c42 Mon Sep 17 00:00:00 2001 From: 0x676e67 Date: Sat, 21 Jun 2025 19:54:17 +0800 Subject: [PATCH 3/3] docs(connector): update documents --- boring/src/ssl/connector.rs | 42 +------------------------------------ 1 file changed, 1 insertion(+), 41 deletions(-) diff --git a/boring/src/ssl/connector.rs b/boring/src/ssl/connector.rs index f4836e85..4061a82c 100644 --- a/boring/src/ssl/connector.rs +++ b/boring/src/ssl/connector.rs @@ -266,14 +266,6 @@ impl ConnectConfiguration { impl ConnectConfiguration { /// Enables or disables ECH grease. - /// - /// # Arguments - /// - /// * `enable` - A boolean indicating whether to enable ECH grease. - /// - /// # Safety - /// - /// This function is unsafe because it calls an FFI function. #[cfg(not(feature = "fips"))] #[corresponds(SSL_set_enable_ech_grease)] pub fn set_enable_ech_grease(&mut self, enable: bool) { @@ -298,19 +290,7 @@ impl ConnectConfiguration { unsafe { ffi::SSL_set_prefer_chacha20(self.as_ptr(), enable as _) } } - /// Adds application settings. - /// - /// # Arguments - /// - /// * `alps` - A slice of bytes representing the application settings. - /// - /// # Returns - /// - /// * `Result<(), ErrorStack>` - Returns `Ok(())` if the operation is successful, otherwise returns an `ErrorStack`. - /// - /// # Safety - /// - /// This function is unsafe because it calls an FFI function. + /// Sets application settings flag for ALPS (Application-Layer Protocol Negotiation). #[corresponds(SSL_add_application_settings)] pub fn add_application_settings(&mut self, alps: &[u8]) -> Result<(), ErrorStack> { unsafe { @@ -326,32 +306,12 @@ impl ConnectConfiguration { } /// Sets the ALPS use new codepoint flag. - /// - /// # Arguments - /// - /// * `use_new` - A boolean indicating whether to use the new codepoint. - /// - /// # Safety - /// - /// This function is unsafe because it calls an FFI function. #[corresponds(SSL_set_alps_use_new_codepoint)] pub fn set_alps_use_new_codepoint(&mut self, use_new: bool) { unsafe { ffi::SSL_set_alps_use_new_codepoint(self.as_ptr(), use_new as _) } } /// Sets the SSL options. - /// - /// # Arguments - /// - /// * `options` - An `SslOptions` bitmask representing the options to set. - /// - /// # Returns - /// - /// * `Result<(), ErrorStack>` - Returns `Ok(())` if the operation is successful, otherwise returns an `ErrorStack`. - /// - /// # Safety - /// - /// This function is unsafe because it calls an FFI function. #[corresponds(SSL_set_options)] pub fn set_options(&mut self, options: SslOptions) -> Result<(), ErrorStack> { unsafe { cvt(ffi::SSL_set_options(self.as_ptr(), options.bits()) as _).map(|_| ()) }