chore(deps): bump rustls from 0.22.2 to 0.23.0

[dependabot[bot]]

Bumps rustls from 0.22.2 to 0.23.0.

Release notes

Sourced from rustls's releases.

0.23.0

• Default cryptography provider changed to aws-lc-rs. Note that this has some implications on platform support and build-time tool requirements such as cmake on all platforms and nasm on Windows. Support for ring continues to be available: set the ring crate feature.

• Support for FIPS validated mode with aws-lc-rs: see the manual section and aws-lc-rs's FIPS documentation. Note that aws-lc-rs in FIPS mode has further build-time requirements as detailed in the FIPS documentation. Thanks to the aws-lc-rs for their assistance on this.

• Support for process-wide selection of CryptoProviders. See the documentation. Note that callers of ClientConfig::builder(), ServerConfig::builder(), WebPkiServerVerifier::builder() and WebPkiClientVerifier::builder() must now ensure that the crate's features are unambiguous or explicitly select a process-level provider using CryptoProvider::install_default(). Otherwise, these calls will panic with:

  no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point

  We recommend that libraries rely on the process-level provider by default, and that applications use this new API to select the provider they wish to use.

• New unbuffered API. UnbufferedClientConnection and UnbufferedServerConnection offer a low-level, event-driven API which does not internally buffer data. Thanks to the team from Ferrous Systems.

• New no_std support. A new (enabled by default) std crate feature now gates all APIs that depend on std. The above unbuffered APIs must be used for no_std support. Note that alloc continues to be required. Work is ongoing to reintroduce certain APIs for no_std users (see #1688) -- please file issues for other no_std use cases. Thanks to the team from Ferrous Systems.

• Performance improvement: internal copying while sending data is reduced. Thanks to the team from the Sōzu project.

• Performance improvement: write_vectored now produces less on-the-wire overhead, which will dramatically improve throughput if it is used with a large number of small messages. Thanks to the team from the Sōzu project.

• Acceptor API error handling improvement. If a TLS alert should be sent to inform the peer of a connection failure, this is now made available in the Err() variant returned from [Acceptor::accept] and [Accepted::into_connection] (which is also a breaking change). Applications should write this data to the peer. See the [server_acceptor] example.

• Support for FFDHE key exchange: custom CryptoProviders can now support FFDHE key exchange, in accordance with [RFC7919]. Note that the default providers do not do this. Thanks to the team from Fortanix.

• Support for servers requiring extended_master_secret support from clients. See [ServerConfig::require_ems]. Thanks to the team from Fortanix.

• Extension ordering in ClientHello messages are now randomised as an anti-fingerprinting measure. We do not foresee any interoperability issues [as Chrome has already rolled out the same change][chrome-ext-order]. Thanks to @​GomesGoncalo.

• Breaking change: CipherSuiteCommon::integrity_limit field removed (this was QUIC-specific, it has moved to quic::PacketKey::integrity_limit()).

• Breaking change: crypto::cipher::BorrowedPlainMessage and crypto::cipher::OpaqueMessage have been renamed (to OutboundPlainMessage and OutboundOpaqueMessage) and altered to support performance improvements. See the example code.

• Breaking change: all protocol enum types (eg. [CipherSuite]) have had their get_u8/get_u16 accessor removed; use u8::from() / u16::from() instead.

... (truncated)

Commits

• eb0791b Prepare 0.23.0
• 88022fc Reword no process-level CryptoProvider panic
• d5c6036 refactor: avoid pretty printing when logging
• cf098b0 Cargo.toml: disentangle std/aws_lc_rs features
• 425b527 ROADMAP.md: prepare for 0.23 release
• d5842f4 tls13/quic: construct QUIC suite from TLS 1.3 suite
• 4aafdc8 client/server: crypto_provider accessor for configs
• 50a6563 client_conn: reorder ClientConfig members
• 5138cd8 suites: split integrity and confidentiality limit handling
• 542b12c quic: expose limits via PacketKey trait
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[mbrubeck]

This will need to wait until tokio-rustls is updated too: https://github.com/rustls/tokio-rustls/pull/44

[dependabot[bot]]

Superseded by #337.