Joe Birr-Pixton
Joe Birr-Pixton
> Will this be accompanied with a `0.24` release (and not a `0.23.x` release)? I would plan to put this in a 0.23.x release, and rustls-mbedtls-provider would need to implement...
I have reworked this to be the opposite: the default for the new `ffdhe_group()` function continues to link everything in, so there is no need for any lock-step change. Instead,...
Furthermore: - `ActiveKeyExchange::hybrid_component()` introduced in #2136 -- see https://github.com/rustls/rustls/pull/2136#issuecomment-2511339286 for one idea
Additionally: - https://github.com/rustls/rustls/pull/2256#issuecomment-2517882500 gives a ~6% TLS1.2 resumption speed bump, though is not applicable to aws-lc-rs's TLS1.2 PRF implementation. I decided it wasn't worth it with the bifurcation of the...
I believe all these are now covered.
> * `ActiveKeyExchange::hybrid_component()` introduced in [Implement post-quantum hybrid KX optimisation #2136](https://github.com/rustls/rustls/pull/2136) -- see [Implement post-quantum hybrid KX optimisation #2136 (comment)](https://github.com/rustls/rustls/pull/2136#issuecomment-2511339286) for one idea Actually, no, this one remains.
I think at the very least, we should add to https://github.com/rustls/rustls-native-certs?tab=readme-ov-file#should-i-use-this-or-webpki-roots to explain the various tradeoffs
> 1. The reason being that the openssl server does not return the `client_cert_type` extension, but instead sends a RawPublicKey directly. Is this common behaviour, and if so would it...