[Breaking changes] Update rustls from 0.21 to 0.23

Question

[Breaking changes] Update rustls from 0.21 to 0.23

Closed this issue 5 months ago · 6 comments

rpxy heavily relies on rustls and its dependents. to upgrade rpxy, we need to wait for updates of the following crates based on rustls.

rustls 0.22
tokio-rustls 0.25.0
rustls-pemfile 2.0.0
quinn 0.11 (waiting for the release quinn-rs/quinn#1715 rustls/rustls#1741)
h3 hyperium/h3#238 (comment)
s2n-quic-rustls (alternative: stop using rustls and use s2n-tls)

~~- [x] hyper-rustls (waiting for rustls/hyper-rustls#234 with hyper-1.0 support, alternative: hyper-tls could be workaround)~~

Answer 1 · 2024-01-14T13:19:46.000Z

hyper-rustls v0.26.0 is available independently from other updates.

Answer 2 · 2024-01-14T13:53:56.000Z

updated hyper-rustls to v0.26 in #137

Answer 3 · 2024-05-23T06:13:40.000Z

hyperium/h3#238 was merged.

Answer 4 · 2024-05-23T08:01:02.000Z

@yerke Thanks! Now waiting for the release ofs2n-quic-rustls. (It already supports rustls-0.23 in its unreleased version.)

Answer 5 · 2024-05-28T13:43:28.000Z

Almost done in the draft PR #156. In my environment, it works flawlessly. Moreover, in the PR, we completely redefined the certificate manager as a separated crate that can support multiple types of certificate sources in addition to the static files in the current version. Thus in the future, we can extended the function of the cert manager to support other types of certificate management, e.g., ACME-based dynamic fetching of certificates.

NOTE:s2n-quic-0.38 supporting rustls-0.23 is not released yet. Currently, we are directly using the HEAD of s2n-quic repo.

Answer 6 · 2024-06-01T18:08:02.000Z

Resolved by #126