quininer
commented
2 years ago This should be easy to port from tokio-rustls, PRs are welcome.
Closed FlorianUekermann closed 2 years ago
quininer
commented
2 years ago This should be easy to port from tokio-rustls, PRs are welcome.
rustls::server::Acceptorallows selecting aServerConfigbased on the client hello. This has various potential benefits. I need this for a presumably less obvious case than usual:I develop the rustls-acme crate, which implements Let's Encrypt certificate acquisition via the tls-alpn-01 mechanism. This requires negotiating an application protocol via alpn iff the client hello offers a specific protocol and only that one protocol.
This wouldn't be particularly problematic if I relaxed the last condition a bit, because I could list that protocol in the ServerConfig and be done with it. However, as of rustls 0.20 raises an error if the ServerConfig specifies at least one protocol and the client offers at least one, but no overlap can be found. Therefore I need to select a different config iff the client hello indicates a tls-alpn-01 validation request.
I am using async-rustls (based on rustls 0.19), which simply doesn't do alpn if no overlap is found. Switching to futures-rustls and rustls 0.20 in is blocked by the inability to work around this issue in futures-rustls.