min
/
boring2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
boring2/boring
History
0x676e67 dded5d4e8c
Sync `Detailed error codes` and `Clean up boring_sys::init()` (#47) 
* RTG-3333 Support X25519MLKEM768 by default, but don't sent it as client

X25519MLKEM768 is the standardised successor of the preliminary
X25519Kyber768Draft00. Latest browsers have switched to X25519MLKEM768.
Cloudflare supports both on the edge.

We've had support for X25519MLKEM768 in this crate for a while, but
didn't enable by default. We're now enabling serverside support by
default. We also let clients advertise support when set
to kx-client-pq-supported.

We don't enable support by default yet for clients set to
kx-client-pq-preferred, as that would cause an extra round-trip due to
HelloRetryRequest if the server doesn't support X25519MLKEM768 yet.

BoringSSL against which we build must support X25519MLKEM768, otherwise
this will fail.

* replace once_cell with LazyLock

We can drop the once_cell dependency since the same functionality is
implemented in std now.

Requires bumping MSRV to 1.80.

* fix manual_c_str_literals clippy warning

* chore: Fix docs on SslRef::replace_ex_data

* Detailed error codes

* Clean up boring_sys::init()

We don't need the workaround that was initially introduced for a bug in
openssl, and OPENSSL_init_ssl always calls into CRYPTO_library_init on
boringssl, so just call it explicitly.

---------

Co-authored-by: Bas Westerbaan <bas@cloudflare.com>
Co-authored-by: Alessandro Ghedini <alessandro@cloudflare.com>
Co-authored-by: Evan Rittenhouse <erittenhouse@cloudflare.com>
Co-authored-by: Kornel <kornel@cloudflare.com>
Co-authored-by: Rushil Mehra <rmehra@cloudflare.com>
 		2025-02-12 22:49:09 +08:00
..
examples rename rboring to boring2 2024-11-15 10:44:03 +08:00
src Sync `Detailed error codes` and `Clean up boring_sys::init()` (#47) 2025-02-12 22:49:09 +08:00
test Introduce X509Flags 2024-01-03 19:37:59 +01:00
Cargo.toml feat(boring): Add add_cert_compression_alg support (#44) 2025-02-07 13:37:09 +08:00
LICENSE Rename stuff 2020-11-11 17:47:30 +00:00
README.md Rename stuff 2020-11-11 17:47:30 +00:00

README.md

boring2

crates.io

BoringSSL bindings are available for the Rust programming language, and the HTTP Client is built on top of it.

Non-goals

This package only implements the TLS extensions spec and supports the original boring with the following features:

  • Safari and Firefox required TLS extensions
  • kDHE and ffdhe2048/ffdhe3072 implementations
  • Removal of RPK support

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed under the terms of both the Apache License, Version 2.0 and the MIT license without any additional terms or conditions.

Accolades

The project is based on a fork of boring.