fix: rustls 0.23.1, next version of tokio-rustls

[pimeys]

Hey,

We can merge this only when the next version of tokio-rustls is out. I'm just opening it up already because we upgraded our whole project and need this dependency. Having this PR in our Cargo.toml so we can review and step back to crates.io when the dependency issues in the ecosystem are all merged and published.

Supersedes: https://github.com/programatik29/axum-server/pull/106

[diptanu]

@pimeys Can we merge this now? We are stuck with an older version of rusttls because of this.

[MaxFangX]

@diptanu you can integrate the changes from this PR into your own project with a patch like so:

[dependencies]
axum-server = "=0.6.0"

[patch.crates-io]
axum-server = { git = "https://github.com/grafbase/axum-server", branch = "rustls-0.23" }

More info on patches

[diptanu]

@MaxFangX Thanks! It would be great if this PR was merged in because SSL and being able to use latest version of the rust-tls library would be great.

[julianh-y]

+1 on getting this merged.

[atezet]

In the meantime tokio-rustls = 0.26.0 was released and we got RUSTSEC-2024-0336

@pimeys will you update this PR?

@programatik29 can we get this merged somehow?

[liningpan]

Before this can be merged, I guess we need to figure out what to do with rustls changing the default crypto provider from ring to aws-lc-rs. So far both reqwest and tonic decided to keep using ring as the default for various reasons

• https://github.com/seanmonstar/reqwest/pull/2225
• https://github.com/hyperium/tonic/pull/1670#discussion_r1556404421
• https://github.com/seanmonstar/reqwest/pull/2299
• https://github.com/rustls/rustls/issues/1876#issuecomment-2023403756

One of the reasons listed was aws-lc-rs requires CMake to compile. This was later fixed in https://github.com/aws/aws-lc-rs/pull/317.