Dirkjan Ochtman

@kornelski I think we'll be able to use aws-lc-rs but would still be interested in hearing the reasons that it's used!

@rami3l reqwest allows configuring the ClientBuilder with a pre-built ClientConfig (of the matching Rustls release), so I think we can build a rustls 0.22 ClientConfig and configure reqwest to use...

> > @rami3l reqwest allows configuring the ClientBuilder with a pre-built ClientConfig (of the matching Rustls release), so I think we can build a rustls 0.22 ClientConfig and configure reqwest...

@kornelski but in terms of impact: this specifically impacts Cloudflare's WARP deployment, right, not the default deployment one would get when setting up WARP for their organization? (I revised https://github.com/seanmonstar/reqwest/pull/2225...

I don't think we'll need to support both aws-lc-rs and ring in rustup. I think we should use reqwest's [`use_preconfigured_tls()`](https://docs.rs/reqwest/latest/reqwest/struct.ClientBuilder.html#method.use_preconfigured_tls) API to pass in our own `ClientConfig` that uses aws-lc-rs...

There's a bunch of dead-code elimination at several stages, it's possible that *ring* stuff gets removed at some point anyway if we avoid using it in practice.

@sunshowers sounds good, thanks for chiming in! @smoelius thanks for the detailed description. Do you think the proposed path forward for nextest would also address the dylint use cases?

> > @smoelius thanks for the detailed description. Do you think the proposed path forward for nextest would also address the dylint use cases? > > I'm not sure. Is...

@kornelski interesting... So WARP MITMs all connections, and only supports P521 for this? That seems pretty restrictive and a little surprising. Or is this configurable for WARP and does your...

Can you file a separate issue? Might be interesting to see if you can isolate this in a test binary directly using rustls-platform-verifier.