• Fixes #2584 -- complete_io() not making progress when used with non-blocking IO. This was a regression in 0.23.30 (now yanked).

What's Changed

• Prepare 0.23.31 by @ctz in #2587

Full Changelog: v/0.23.30...v/0.23.31

• Fixes a bug with the unbuffered connection API that could result in deframing junk data after a close notify alert was received.
• Updates Connection::complete_io() to yield a WouldBlock error when both read/write operations are blocked.

What's Changed

• Clarify the ambiguous process-level CryptoProvider error by @cpu in #2561
• 0.23: cherry-pick of fixes to complete_io() with non-blocking transport by @ctz in #2578
• sign: make public_key_to_spki() public by @djc in #2580
• 0.23.30 release prep & 2575 backport by @cpu in #2576

Full Changelog: v/0.23.29...v/0.23.30

Add unstable support for verifying experimental post-quantum ML-DSA signature schemes.

What's Changed

• post-quantum: add unstable ML-DSA support by @djc in #2550

• Improved errors for invalid signature algorithms; added variants to both CertificateError and CertRevocationError to replace the UnsupportedSignatureAlgorithm variant (now deprecated) in order to provide more context.
• Improved extension representation to increase handshake efficiency.

What's Changed

• Delete unusable no-std ticketer code by @ctz in #2500
• Support _ABSENT_PARAMS PKCS#1 signature algorithms by @ctz in #2505
• Rework representation of extensions in ClientHello by @ctz in #2502
• Rework representation of extensions in server messages by @ctz in #2508
• Reduce small Vec<Enum> uses in extensions by @ctz in #2509
• client: refactor in preparation for PSK support by @djc in #2516
• client: pass all of ClientHelloInput into tls12 handle_server_hello() by @djc in #2518
• client: refactor client handshake some more by @djc in #2521
• Simplify the simpleserver example by using rustls::Stream by @Ten0 in #2522
• Add SignatureSchemes for ML-DSA by @djc in #2532
• add From<Arc<CertifiedKey>> for SingleCertAndKey by @stormshield-gt in #2535
• Memoise computation of empty hash by @ctz in #2538
• Correct calculation of ServerHello ECH confirmation by @ctz in #2545
• Improve compactness of Debug impl for extensions by @ctz in #2546
• Do not retain master secret during terminal key schedule state by @ctz in #2540
• Adopt webpki 0.103.4 by @djc in #2531

• New feature: expose number of TLS1.3 tickets received via ClientConnection::tls13_tickets_received(). Thanks to @Frando.
• New feature: add ClientHello::named_groups() -- see #2484 for background.
• New feature: support for secp256r1mlkem768 key exchange. This is not offered by default, but rustls::crypto::aws_lc_rs::kx_group::SECP256R1MLKEM768 can be added to a custom CryptoProvider::kx_groups. Thanks to @cjpatton.
• Improve error reporting for unsupported signature schemes.

What's Changed

• fuzz: remove Cargo patch for webpki by @cpu in #2450
• Update verifybench test data by @ctz in #2453
• Update dependencies by @djc in #2452
• manual: add a short howto debugging section by @cpu in #2451
• chore(deps): update dependency go to v1.24.3 by @renovate-bot in #2454
• SECURITY.md: temporal updates by @ctz in #2456
• internals: clean up item order around ClientHelloPayload by @djc in #2457
• Small clippy fixes by @cpu in #2458
• Rework clippy setup by @ctz in #2460
• Nightly clippy fixes by @ctz in #2461
• Upgrade to criterion 0.6 by @djc in #2464
• Move some tests about; reduce duplication of test helper code by @ctz in #2462
• Enable more lints on internal crates by @ctz in #2465
• Fix "Format (unstable)" job in CI by @ctz in #2466
• Fix nightly docs by @ctz in #2467
• Support rustls-graviola in rustls-bench by @ctz in #2469
• Fix bug in crypto::aws_lc_rs::pq::hybrid::Layout by @cjpatton in #2470
• Support secp256r1mlkem768 by @ctz in #2471
• Convert more low-level integration tests into unit tests by @ctz in #2472
• Disable clippy::clone_on_ref_ptr lint by @ctz in #2474
• Prefer x.clone() to Arc::clone(&x) by @ctz in #2475
• feat: expose the number of received TLS1.3 resumption tickets by @Frando in #2476
• Convert more low-level integration tests into unit tests by @ctz in #2473
• Eliminate redundant HandshakeMessagePayload::typ field by @ctz in #2478
• Introduce specific error for unsupported signatures by @ctz in #2479
• Take semver-compatible updates by @ctz in #2481
• Further precursor refactors from "Improve TLS extension representation" by @ctz in #2482
• Only include renegotiation SCSV for TLS1.2 attempts by @ctz in #2486
• ci-bench: low-noise benchmarks with rustls-fuzzing-provider by @ctz in #2483
• Expose named_groups extension in ClientHello by @ctz in #2488
• Prepare 0.23.28 by @ctz in #2499

New Contributors

• @cjpatton made their first contribution in #2470
• @Frando made their first contribution in #2476

Full Changelog: v/0.23.27...v/0.23.28

• Add support for connection-level ALPN protocol configuration.
• Improve invalid key purpose errors.
• Prefer post-quantum key exchange algorithms by default.
• Add improved kTLS API.

What's Changed

• Add prefer-post-quantum to default features by @ctz in #2425
• Tighten up decoding of empty messages by @ctz in #2430
• Update Rust crate brotli to v8 by @renovate-bot in #2435
• Update Rust crate brotli-decompressor to v5 by @renovate-bot in #2434
• clarify comments, field and parameter identifiers by @elagergren-spideroak in #2432
• Add support for connection-level ALPN protocol configuration by @djc in #2438
• Improve representation of SNI, ALPN and protocol version extensions by @ctz in #2441
• Update Rust crate nix to 0.30 by @renovate-bot in #2442
• Add kernel connection API by @swlynch99 in #2370
• Improve invalid key purpose errors by @djc in #2426

• Bug fix: in certain circumstances we saw std::io::Write::write_vectored implementations that reported writing more bytes than were available, in violation of that method's invariants. This seems to happen on macOS with certain VPN software active. Now we detect and return an error from write_tls calls in this case. See #2316.
• Admit support for a wider set of SignatureSchemes in TLS1.3, so that external providers may support ED448, post-quantum signatures, and others. See #2420.

What's Changed

• Upgrade to hickory-resolver 0.25 by @djc in #2387
• Pin cargo-hack@0.6.33 for now by @ctz in #2389
• Revert "Pin cargo-hack@0.6.33 for now" by @ctz in #2390
• chore(deps): lock file maintenance by @renovate-bot in #2404
• Cargo: update aws-lc-fips-sys 0.13.4 -> 0.13.5 by @cpu in #2409
• chore(deps): update rust crate zlib-rs to 0.5 by @renovate-bot in #2407
• chore(deps): update dependency go to v1.24.2 by @renovate-bot in #2410
• chore: fix some typos by @xixishidibei in #2411
• Add cargo deny check in CI by @djc in #2412
• build(deps): bump openssl from 0.10.71 to 0.10.72 by @dependabot in #2413
• Take semver-compatible updates by @ctz in #2415
• Use tlswg name for draft-kwiatkowski-tls-ecdhe-mlkem by @ctz in #2418
• Invert working of SignatureScheme::supported_in_tls13 by @ctz in #2420
• Reduce use of library internals in tests by @ctz in #2421
• 0.23.26: Detect and error on faulty io::Write::write_vectored by @ctz in #2422

New Contributors

• @xixishidibei made their first contribution in #2411

Full Changelog: v/0.23.25...v/0.23.26

• Translate webpki::Error::RequiredEkuNotFound to rustls::CertificateError::InvalidPurpose. This allows rustls-platform-verifier to stop requiring that rustls shares its version of its private webpki dependency, which is a semver hazard.

What's Changed

• Map webpki RequiredEkuNotFound error to InvalidPurpose by @djc in #2384
• Prepare 0.23.25 by @ctz in #2385

Full Changelog: v/0.23.24...v/0.23.25

• New feature: More detailed and helpful error reporting for common certificate errors, such as name mismatches and certificate expiry. Users who std::fmt::Display the rustls Error type will take advantage of this automatically. Users handling CertificateError variants individually should note the new variants, such as CertificateError::NotValidForNameContext (compare CertificateError::NotValidForName).

  $ cargo -q run --bin tlsclient-mio -- --http wrong.host.badssl.com
  TLS error: invalid peer certificate: certificate not valid for name "wrong.host.badssl.com";
  certificate is only valid for DnsName("*.badssl.com") or DnsName("badssl.com")
  Connection closed

  The old CertificateError variants (such as NotValidForName, Expired, etc.) remain usable, and may be produced by both the default and third-party certificate verification traits.

• New feature: Allow KTLS handoff for unbuffered API users, by introducing dangerous_extract_secrets(). Thanks to @edef1c.

• Bug fix: Unbuffered connections now consume data during the next_record() function, rather than production of the state. This fixes #2031.

• Bug fix: Build speed improvement for aws-lc-rs fips users.

• Behavior change: Clients no longer offer resumption between different ClientConfigs that share a resumption store but do not share server certificate verification and client authentication credentials. If you share a resumption store between multiple ClientConfigs, please ensure their server certificate verification and client authentication credentials are also shared. Please read the new documentation on the ClientConfig::resumption item for details.

  Additionally, if you share a resumption store or ticketer between multiple ServerConfigs, please see the new documentation on ServerConfig about this.

What's Changed

• Fix daily tests by @ctz in #2340
• ci: improve performance via more cache usage by @ctz in #2343
• Take semver-compatible dependencies by @ctz in #2344
• unbuffered: introduce dangerous_extract_secrets, analogous to buffered API by @edef1c in #2345
• docs: fix MSRV etc. by @brody4hire in #2346
• Clippy 1.85, 2024 style by @djc in #2348
• cleanup: specify once_cell version etc. in only 1 place by @brody4hire in #2352
• docs: update reference to danger NoCertificateVerification struct in examples by @brody4hire in #2351
• docs: minor improvements to CryptoProvider doc by @brody4hire in #2353
• unbuffered: do not prematurely consume data by @ctz in #2338
• bogo: implement -wait-for-debugger in shim by @cpu in #2347
• Take rustls-webpki 0.103.0 and improve certificate error reporting by @ctz in #2342
• Avoid handshake message round-tripping for binders by @ctz in #2359
• docs: improve some more links, etc. by @brody4hire in #2355
• adjust FIPS feature handling w.r.t aws-lc-sys by @cpu in #2291
• client: reject TLS 1.3 compat session ID in 1.2 by @cpu in #2360
• Update semver-compatible dependencies by @djc in #2366
• Avoid semver errors on discriminant changes by @djc in #2367
• fuzz/Cargo.lock: take semver-compatible updates by @ctz in #2372
• Prevent resumption between "incompatible" clients by @ctz in #2361
• chore(deps): update rust crate asn1 to 0.21 by @renovate-bot in #2374
• Mark unreachable functions with coverage(off) by @ctz in #2373
• docs: link to manual from front page by @ctz in #2375
• chore(deps): update dependency go to v1.24.1 by @renovate-bot in #2376
• admin/coverage: only measure core crate coverage by @ctz in #2377
• Refactor: prefer to take reference on match scrutinee by @ctz in #2379
• Add warning about server-side cross-config resumption by @ctz in #2381
• Prepare 0.23.24 by @ctz in #2383

New Contributors

• @edef1c made their first contribution in #2345

Full Changelog: v/0.23.23...v/0.23.24

• Export SingleCertAndKey implementation of ResolvesServerCert (was already used internally).
• Expose CertifiedKey::from_der() to help create CertifiedKeys with necessary checks.
• Note: users of the unbuffered API should now expect to encounter the new ConnectionState::PeerClosed variant, raised when the peer cleanly terminates their side of the connection with a close_notify alert.

What's Changed

• doc: fix tlsclient-mio sample usage in README.md by @brody4hire in #2321
• chore(deps): update seanmiddleditch/gha-setup-ninja action to v6 by @renovate-bot in #2322
• Use recent & published version of libfuzzer-sys by @ctz in #2323
• build(deps): bump openssl from 0.10.68 to 0.10.70 by @dependabot in #2324
• chore: resolve overindented doc list items by @brody4hire in #2326
• chore(ci): fix formatting of Taplo job by @brody4hire in #2328
• doc: minor crate feature doc cleanup by @brody4hire in #2327
• Fix RFC 7250 Compliance (#2257) by @holodorum in #2274
• build(deps): bump hickory-proto from 0.25.0-alpha.4 to 0.25.0-alpha.5 by @dependabot in #2335
• Expose SingleCertAndKey server cert resolver by @djc in #2337
• unbuffered: introduce PeerClosed state by @ctz in #2332