Update rustls to 0.23 and tokio-rustls to 0.26

In addition we now use aws_lc_rs instead of ring which is new default crypto provider in rustls
rwf2 · Mar 25, 2024 · ec945fb · ec945fb
1 parent bd26ca4
commit ec945fb
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/core/lib/Cargo.toml b/core/lib/Cargo.toml
@@ -50,8 +50,8 @@ rmp-serde = { version = "1", optional = true }
 uuid_ = { package = "uuid", version = "1", optional = true, features = ["serde"] }
 
 # Optional TLS dependencies
-rustls = { version = "0.22", optional = true }
-tokio-rustls = { version = "0.25", optional = true }
+rustls = { version = "0.23", optional = true }
+tokio-rustls = { version = "0.26", optional = true }
 rustls-pemfile = { version = "2.0.0", optional = true }
 
 # Optional MTLS dependencies

diff --git a/core/lib/src/listener/tls.rs b/core/lib/src/listener/tls.rs
@@ -31,7 +31,7 @@ impl TlsConfig {
     pub(crate) fn server_config(&self) -> Result<ServerConfig, Error> {
         let provider = rustls::crypto::CryptoProvider {
             cipher_suites: self.ciphers().map(|c| c.into()).collect(),
-            ..rustls::crypto::ring::default_provider()
+            ..rustls::crypto::aws_lc_rs::default_provider()
         };
 
         #[cfg(feature = "mtls")]
@@ -59,7 +59,7 @@ impl TlsConfig {
 
         tls_config.ignore_client_order = self.prefer_server_cipher_order;
         tls_config.session_storage = ServerSessionMemoryCache::new(1024);
-        tls_config.ticketer = rustls::crypto::ring::Ticketer::new()?;
+        tls_config.ticketer = rustls::crypto::aws_lc_rs::Ticketer::new()?;
         tls_config.alpn_protocols = vec![b"http/1.1".to_vec()];
         if cfg!(feature = "http2") {
             tls_config.alpn_protocols.insert(0, b"h2".to_vec());

diff --git a/core/lib/src/tls/config.rs b/core/lib/src/tls/config.rs
@@ -476,7 +476,7 @@ impl CipherSuite {
 
 impl From<CipherSuite> for rustls::SupportedCipherSuite {
     fn from(cipher: CipherSuite) -> Self {
-        use rustls::crypto::ring::cipher_suite;
+        use rustls::crypto::aws_lc_rs::cipher_suite;
 
         match cipher {
             CipherSuite::TLS_CHACHA20_POLY1305_SHA256 =>

diff --git a/core/lib/src/tls/util.rs b/core/lib/src/tls/util.rs
@@ -33,7 +33,7 @@ pub fn load_key(reader: &mut dyn io::BufRead) -> Result<PrivateKeyDer<'static>>
 
     // Ensure we can use the key.
     let key = keys.remove(0);
-    rustls::crypto::ring::sign::any_supported_type(&key).map_err(KeyError::Unsupported)?;
+    rustls::crypto::aws_lc_rs::sign::any_supported_type(&key).map_err(KeyError::Unsupported)?;
     Ok(key)
 }