svenstaro / proxyboi

A super simple reverse proxy with TLS support
MIT License
94 stars 13 forks source link

Bump rustls from 0.18.1 to 0.21.2 #253

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps rustls from 0.18.1 to 0.21.2.

Changelog

Sourced from rustls's changelog.

Release history:

  • 0.20.8 (2023-01-12)
    • Yield an error from ConnectionCommon::read_tls() if buffers are full. Both a full deframer buffer and a full incoming plaintext buffer will now cause an error to be returned. Callers should call process_new_packets() and read out the plaintext data from reader() after each successful call to read_tls().
    • The minimum supported Rust version is now 1.57.0 due to some dependencies requiring it.
  • 0.20.7 (2022-10-18)
    • Expose secret extraction API under the secret_extraction cargo feature. This is designed to enable switching from rustls to kTLS (kernel TLS offload) after a successful TLS 1.2/1.3 handshake, for example.
    • Move filtering of signature schemes after config selection, avoiding the need for linking in encryption/decryption code for all cipher suites at the cost of exposing more signature schemes in the ClientHello emitted by the Acceptor.
    • Expose AlertDescription, ContentType, and HandshakeType, SignatureAlgorithm, and NamedGroup as part of the stable API. Previously they were part of the unstable internals API, but were referenced by parts of the stable API.
    • We now have a Discord channel for community discussions.
    • The minimum supported Rust version is now 1.56.0 due to several dependencies requiring it.
  • 0.20.6 (2022-05-18)
    • 0.20.5 included a change to track more context for the Error::CorruptMessage which made API-incompatible changes to the Error type. We yanked 0.20.5 and have reverted that change as part of 0.20.6.
  • 0.20.5 (2022-05-14)
    • Correct compatbility with servers which return no TLS extensions and take advantage of a special case encoding.
    • Remove spurious warn-level logging introduced in 0.20.3.
    • Expose cipher suites in ClientHello type.
    • Allow verification of IP addresses with dangerous_config enabled.
    • Retry I/O operations in ConnectionCommon::complete_io() when interrupted.
    • Fix server::ResolvesServerCertUsingSni case sensitivity.
  • 0.20.4 (2022-02-19)
    • Correct regression in QUIC 0-RTT support.
  • 0.20.3 (2022-02-13)
    • Support loading ECDSA keys in SEC1 format.
    • Support receipt of 0-RTT "early data" in TLS1.3 servers. It is not enabled by default; opt in by setting ServerConfig::max_early_data_size to a non-zero value.
    • Support sending of data with the first server flight. This is also not enabled by default either: opt in by setting ServerConfig::send_half_rtt_data.
    • Support read_buf interface when compiled with nightly. This means data can be safely read out of a rustls connection into a buffer without the buffer requiring initialisation first. Set the read_buf feature to use this.
    • Improve efficiency when writing vectors of TLS types.

... (truncated)

Commits
  • 5053fde Prepare 0.21.2
  • 7d333d2 Fix typo in ConfigBuilder::with_root_certificates()
  • 1a149d8 docs: add help for diagnosing BoGo failures. (#1316)
  • 4f29321 bogo: support -on-resume-early-write-after-message
  • 49f36f6 server: abort handshake if psk KEM extension is missing
  • a11f98e bogo: disable extension order permutation tests
  • 0471747 bogo: disable SRTP tests
  • e91e7d3 ClientSessionMemoryCache: prefer most recent tickets
  • d03850c TLS1.2: provide empty session_id in base case
  • bf54fc6 bogo: set correct error expectation for RSA/MD5 tests
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #261.