8000 Invert working of `SignatureScheme::supported_in_tls13` by ctz · Pull Request #2420 · rustls/rustls · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Invert working of SignatureScheme::supported_in_tls13 #2420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 8, 2025
Merged

Invert working of SignatureScheme::supported_in_tls13 #2420

merged 1 commit into from
Apr 8, 2025

Conversation

ctz
Copy link
Member
@ctz ctz commented Apr 8, 2025
edited
Loading

This was previously an allow-list, which stands in the way of people shipping providers for other algorithms that are not specifically outlawed in RFC8446.

fixes #2419

@rustls-benchmarking Rustls Benchmarking
Copy link
rustls-benchmarking bot commented Apr 8, 2025
edited
Loading

Benchmark results

Instruction counts

Significant differences

There are no significant instruction count differences

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server 10727728 10784729 57001 (0.53%) 1.10%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 1157860 1153675 -4185 (-0.36%) 1.46%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 1155559 1151390 -4169 (-0.36%) 1.45%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 8281613 8309871 28258 (0.34%) 0.92%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server 10749277 10718885 -30392 (-0.28%) 1.17%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 8333056 8316327 -16729 (-0.20%) 0.74%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 3102267 3096597 -5670 (-0.18%) 0.33%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 3104637 3099094 -5543 (-0.18%) 0.53%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server 10464367 10455447 -8920 (-0.09%) 0.94%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client 3302992 3305113 2121 (0.06%) 0.27%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 2067799 2068158 359 (0.02%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server 30263204 30265536 2332 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server 28745855 28747981 2126 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server 28746248 28748346 2098 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server 28742919 28744949 2030 (0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server 30260329 30262427 2098 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server 28824338 28826331 1993 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server 28824291 28826283 1992 (0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server 30263397 30265440 2043 (0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server 30217717 30219733 2016 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server 28821444 28823358 1914 (0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server 30220856 30222798 1942 (0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server 30220890 30222750 1860 (0.01%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_server 31992280 31994020 1740 (0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_server 31995319 31997059 1740 (0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server 31995420 31997160 1740 (0.01%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_server 32113930 32115670 1740 (0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server 32116969 32118709 1740 (0.01%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_server 32117070 32118810 1740 (0.01%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_server 32458975 32460715 1740 (0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_server 32462026 32463766 1740 (0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_server 32462052 32463792 1740 (0.01%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_server 32560930 32562670 1740 (0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server 32563936 32565676 1740 (0.01%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server 32564007 32565747 1740 (0.01%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_client 3303809 3303966 157 (0.00%) 0.27%
handshake_no_resume_ring_1.3_ecdsap256_aes_server 1295882 1295940 58 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server 1297064 1297112 48 (0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 2071136 2071203 67 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server 7227513 7227573 60 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server 7229474 7229532 58 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client 27803534 27803363 -171 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client 28200437 28200598 161 (0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_server 11125214 11125272 58 (0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_server 11130975 11131033 58 (0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client 1927445 1927437 -8 (-0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client 1934174 1934181 7 (0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_client 2333545 2333552 7 (0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client 2339194 2339201 7 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client 28227130 28227206 76 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client 27808043 27807984 -59 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client 27862729 27862677 -52 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client 28230157 28230203 46 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client 27860313 27860271 -42 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client 27867194 27867231 37 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client 28204449 28204469 20 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client 27800877 27800868 -9 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client 34741688 34741678 -10 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_client 58129867 58129855 -12 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client 28234115 28234120 5 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_server 46298267 46298259 -8 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 92699193 92699178 -15 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server 46294739 46294746 7 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client 28197467 28197471 4 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server 46401502 46401508 6 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server 80537605 80537615 10 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 80638435 80638425 -10 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server 80641400 8064139 8000 0 -10 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client 92690579 92690570 -9 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_server 46288014 46288010 -4 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client 34743387 34743390 3 (0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_client 58040662 58040657 -5 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_client 58122649 58122644 -5 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client 92658978 92658971 -7 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 58235185 58235181 -4 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client 58258339 58258343 4 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server 80549138 80549143 5 (0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_server 46193041 46193039 -2 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 46454107 46454105 -2 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server 80544346 80544344 -2 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 46461087 46461088 1 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_client 58154251 58154252 1 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client 58162565 58162566 1 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 80646055 80646054 -1 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client 92668103 92668102 -1 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client 92724256 92724257 1 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client 30935214 30935214 0 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_client 30840981 30840981 0 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client 3889611 3889611 0 (0.00%) 0.20%
handshake_tickets_ring_1.2_rsa_aes_client 4583443 4583443 0 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 58233812 58233812 0 (0.00%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_client 2245945 2245945 0 (0.00%) 0.20%
handshake_session_id_ring_1.2_rsa_aes_server 4303178 4303178 0 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server 5018062 5018062 0 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client 31159247 31159247 0 (0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_client 31237871 31237871 0 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client 4232262 4232262 0 (0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_client 30939322 30939322 0 (0.00%) 0.20%
handshake_tickets_ring_1.2_rsa_aes_server 4767842 4767842 0 (0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_client 30848032 30848032 0 (0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_client 31166600 31166600 0 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client 31162640 31162640 0 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server 3871875 3871875 0 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client 30843924 30843924 0 (0.00%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_server 10996897 10996897 0 (0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client 1719379 1719379 0 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client 30932271 30932271 0 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server 46456430 46456430 0 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_client 31233911 31233911 0 (0.00%) 0.20%
handshake_session_id_ring_1.2_rsa_aes_client 4320082 4320082 0 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 92697827 92697827 0 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client 31230497 31230497 0 (0.00%) 0.20%

Wall-time

Significant differences

There are no significant wall-time differences

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha 1.11 ms 1.10 ms -0.01 ms (-1.32%) 2.70%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes 1.10 ms 1.09 ms -0.01 ms (-1.32%) 2.77%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes 1.07 ms 1.06 ms -0.01 ms (-1.29%) 2.08%
handshake_session_id_ring_1.2_rsa_aes 1.53 ms 1.51 ms -0.02 ms (-0.99%) 1.14%
handshake_tickets_aws_lc_rs_1.2_rsa_aes 1.81 ms 1.79 ms -0.02 ms (-0.90%) 1.89%
handshake_tickets_ring_1.2_rsa_aes 1.61 ms 1.60 ms -0.01 ms (-0.85%) 1.01%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha 5.19 ms 5.16 ms -0.04 ms (-0.71%) 1.00%
handshake_session_id_aws_lc_rs_1.3_rsa_aes 5.01 ms 4.97 ms -0.03 ms (-0.69%) 1.00%
handshake_tickets_aws_lc_rs_1.3_rsa_aes 5.20 ms 5.17 ms -0.04 ms (-0.68%) 1.22%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha 4.98 ms 4.94 ms -0.03 ms (-0.66%) 1.00%
handshake_session_id_aws_lc_rs_1.2_rsa_aes 1.63 ms 1.62 ms -0.01 ms (-0.63%) 1.28%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha 5.20 ms 5.17 ms -0.02 ms (-0.45%) 1.01%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes 4.54 ms 4.52 ms -0.02 ms (-0.44%) 1.14%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes 5.23 ms 5.21 ms -0.02 ms (-0.41%) 1.35%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha 4.31 ms 4.29 ms -0.02 ms (-0.40%) 1.10%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha 4.52 ms 4.50 ms -0.02 ms (-0.38%) 1.16%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes 4.34 ms 4.33 ms -0.02 ms (-0.37%) 1.17%
transfer_no_resume_ring_1.2_rsa_aes 5.86 ms 5.88 ms 0.02 ms (0.37%) 4.59%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes 4.54 ms 4.56 ms 0.02 ms (0.35%) 5.30%
handshake_session_id_ring_1.3_ecdsap256_chacha 5.52 ms 5.50 ms -0.02 ms (-0.33%) 1.00%
transfer_no_resume_ring_1.3_rsa_aes 5.94 ms 5.96 ms 0.02 ms (0.32%) 4.10%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 456.95 µs 458.38 µs 1.43 µs (0.31%) 3.39%
handshake_session_id_ring_1.3_ecdsap256_aes 5.55 ms 5.53 ms -0.02 ms (-0.30%) 1.00%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha 4.98 ms 4.96 ms -0.01 ms (-0.30%) 1.23%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes 5.24 ms 5.25 ms 0.02 ms (0.29%) 4.50%
transfer_no_resume_ring_1.3_ecdsap256_aes 5.45 ms 5.47 ms 0.02 ms (0.28%) 4.98%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes 5.03 ms 5.02 ms -0.01 ms (-0.27%) 1.00%
handshake_tickets_ring_1.3_ecdsap256_aes 5.61 ms 5.60 ms -0.01 ms (-0.26%) 1.00%
handshake_session_id_ring_1.3_rsa_aes 6.04 ms 6.02 ms -0.01 ms (-0.24%) 1.00%
handshake_tickets_ring_1.3_rsa_aes 6.10 ms 6.09 ms -0.01 ms (-0.23%) 1.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes 459.38 µs 460.41 µs 1.03 µs (0.23%) 3.30%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes 5.12 ms 5.13 ms 0.01 ms (0.22%) 4.69%
transfer_no_resume_ring_1.3_ecdsap384_aes 8.55 ms 8.57 ms 0.02 ms (0.22%) 2.57%
handshake_session_id_ring_1.3_ecdsap384_aes 8.64 ms 8.62 ms -0.01 ms (-0.17%) 1.00%
handshake_no_resume_ring_1.2_rsa_aes 960.26 µs 961.81 µs 1.55 µs (0.16%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes 5.20 ms 5.21 ms 0.01 ms (0.16%) 4.25%
transfer_no_resume_ring_1.3_rsa_chacha 13.50 ms 13.53 ms 0.02 ms (0.15%) 1.68%
handshake_session_id_ring_1.3_rsa_chacha 5.99 ms 5.99 ms -0.01 ms (-0.15%) 1.00%
handshake_no_resume_ring_1.3_ecdsap256_aes 478.84 µs 478.19 µs -0.65 µs (-0.14%) 3.20%
handshake_tickets_ring_1.3_rsa_chacha 6.06 ms 6.05 ms -0.01 ms (-0.13%) 1.00%
handshake_session_id_ring_1.3_ecdsap384_chacha 8.60 ms 8.59 ms -0.01 ms (-0.13%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 13.01 ms 13.03 ms 0.02 ms (0.12%) 1.87%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 13.70 ms 13.72 ms 0.02 ms (0.12%) 1.70%
transfer_no_resume_ring_1.3_ecdsap384_chacha 16.11 ms 16.13 ms 0.02 ms (0.11%) 1.48%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes 1.15 ms 1.15 ms 0.00 ms (0.11%) 1.15%
transfer_no_resume_ring_1.3_ecdsap256_chacha 13.02 ms 13.03 ms 0.01 ms (0.10%) 1.74%
handshake_tickets_ring_1.3_ecdsap384_aes 8.71 ms 8.70 ms -0.01 ms (-0.09%) 1.00%
handshake_tickets_ring_1.3_ecdsap256_chacha 5.57 ms 5.56 ms -0.00 ms (-0.09%) 1.00%
handshake_no_resume_ring_1.3_rsa_chacha 965.52 µs 966.34 µs 0.82 µs (0.09%) 1.00%
handshake_tickets_ring_1.3_ecdsap384_chacha 8.67 ms 8.66 ms -0.01 ms (-0.07%) 1.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 1.14 ms 1.14 ms 0.00 ms (0.05%) 1.24%
handshake_no_resume_ring_1.3_ecdsap256_chacha 476.94 µs 477.11 µs 0.16 µs (0.03%) 3.13%
handshake_no_resume_ring_1.3_ecdsap384_aes 3.58 ms 3.58 ms 0.00 ms (0.03%) 1.00%
handshake_no_resume_ring_1.3_rsa_aes 965.11 µs 964.82 µs -0.29 µs (-0.03%) 1.00%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha 13.69 ms 13.68 ms -0.00 ms (-0.01%) 1.56%
handshake_no_resume_ring_1.3_ecdsap384_chacha 3.58 ms 3.58 ms -0.00 ms (-0.00%) 1.00%

Additional information

Historical results

Checkout details:

@ctz ctz force-pushed the jbp-tls13-restricted-sigs branch from 0205e7c to d8d0b66 Compare April 8, 2025 13:30
@codecov Codecov
Copy link
codecov bot commented Apr 8, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.01%. Comparing base (68d6ef2) to head (1b46817).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2420   +/-   ##
=======================================
  Coverage   96.00%   96.01%           
=======================================
  Files          94       94           
  Lines       22525    22558   +33     
=======================================
+ Hits        21626    21659   +33     
  Misses        899      899

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

djc
djc approved these changes Apr 8, 2025
View reviewed changes
Copy link
Member
@djc djc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@djc djc mentioned this pull request Apr 8, 2025
Closed
@djc
Copy link
Member
djc commented Apr 8, 2025

Maybe there should also be a line or 2 about why not "failing closed" is the better solution here? (Even if that is just "because it aligns more closely with the spec".)

@ctz
Invert working of SignatureScheme::supported_in_tls13
1b46817 
This was previously an allow-list, which stands in the way
of people shipping providers for other algorithms that are
not specifically outlawed in RFC8446.
@ctz ctz force-pushed the jbp-tls13-restricted-sigs branch from d8d0b66 to 1b46817 Compare April 8, 2025 13:56
@ctz
Copy link
Member Author
ctz commented Apr 8, 2025

Maybe there should also be a line or 2 about why not "failing closed" is the better solution here? (Even if that is just "because it aligns more closely with the spec".)

Added a bit to the docstring for this function.

@ctz ctz added this pull request to the merge queue Apr 8, 2025
Merged via the queue into main with commit 334760f Apr 8, 2025
64 checks passed
@ctz ctz deleted the jbp-tls13-restricted-sigs branch April 8, 2025 17:14
@ctz ctz mentioned this pull request Apr 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TLS 1.3 SignatureSchemes are not extendable on the server
2 participants
@ctz @djc
0