fork of boring2 with prefix patch

Go to file

Christopher Patton 2fa3d96966 Use features to set key exchange preferences Overwrite boringSSL's default key exchange preferences with safe defaults using feature flags: * "kx-pq-supported" enables support for PQ key exchange algorithms. Classical key exchange is still preferred, but will be upgraded to PQ if requested. * "kx-pq-preferred" enables preference for PQ key exchange, with fallback to classical key exchange if requested. * "kx-nist-required" disables non-NIST key exchange. Each feature implies "kx-safe-default". When this feature is enabled, don't compile bindings for `SSL_CTX_set1_curves()` and `SslCurve`. This is to prevent the feature flags from silently overriding curve preferences chosen by the user. Ideally we'd allow both: that is, use "kx-" to set defaults, but still allow the user to manually override them. However, this doesn't work because by the time the `SSL_CTX` is constructed, we don't yet know whether we're the client or server. (The "kx-" features set different preferences for each.) If "kx-sfe-default" is set, then the curve preferences are set just before initiating a TLS handshake (`SslStreamBuilder::connect()`) or waiting for a TLS handshake (`SslStreamBuilder::accept()`).		2023-09-01 14:21:35 -07:00
.github/workflows	Use features to set key exchange preferences	2023-09-01 14:21:35 -07:00
boring	Use features to set key exchange preferences	2023-09-01 14:21:35 -07:00
boring-sys	Use features to set key exchange preferences	2023-09-01 14:21:35 -07:00
hyper-boring	Introduce `no-patches` feature	2023-09-01 09:28:27 +01:00
scripts	Add publish script	2020-11-12 13:08:13 +00:00
tokio-boring	Introduce `no-patches` feature	2023-09-01 09:28:27 +01:00
.gitignore	Rename stuff	2020-11-11 17:47:30 +00:00
.gitmodules	Add fips-3678 feature (#52 )	2022-01-31 16:11:33 -06:00
.rusty-hook.toml	Add tokio-boring	2020-11-11 19:26:22 +00:00
Cargo.toml	Fix -Z minimal-versions	2023-08-30 12:19:04 +01:00
README.md	Update docs	2023-07-10 12:29:30 +01:00
RELEASE_NOTES	Release 3.0.4	2023-08-05 14:34:05 +01:00
THIRD_PARTY	Rename stuff	2020-11-11 17:47:30 +00:00
cliff.toml	Add git-cliff configuration	2023-07-28 14:02:46 +01:00

README.md

boring

BoringSSL bindings for the Rust programming language and TLS adapters for tokio and hyper built on top of it.

Documentation

Boring API: https://docs.rs/boring
tokio TLS adapters: https://docs.rs/tokio-boring
hyper HTTPS connector: https://docs.rs/hyper-boring
FFI bindings: https://docs.rs/boring-sys

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed under the terms of both the Apache License, Version 2.0 and the MIT license without any additional terms or conditions.

Accolades

The project is based on a fork of rust-openssl.