All notable changes to this project will be documented in this file.
- Add rustls-core feature flag, to allow depending on rustls without requiring the aws-lc backend. For backwards compatibility, the "rustls" feature continues to depend on aws-lc, but in a future version this will likely change to only require the core rustls crate with no features by default.
- Allow using tokio-rustls version 0.26
Versions prior to this using the default configuration are vulnerable to a Slowloris attack.
This version mitigates the vulnerability.
Previous versions can mitigate the vulnerability by increasing the value passed to Builder::max_handshakes to a large
number (such as usize::MAX). Decreasing the handshake_timeout can also help, although it is still strongly recommended
to increase the max_handshakes more than the current default.
- [breaking] Change
poll_acceptnot to have a limit on the number of pending handshakes in the queue, so that connections that are not making progress towards completing the handshake will not block other connections from being accepted. This replacesBuilder::max_handshakeswithBuilder::accept_batch_size.
- Update tokio-rustls
- [breaking] Remove until & remove option from accept
- BREAKING CHANGE: remove
untilfrom AsyncAccept trait. UseStreamExt.take_untilon the TlsListener instead. - BREAKING CHANGE:
acceptfn on AsyncAccept trait no longer returns an Option - BREAKING CHANGE:
acceptfn on TlsListener no longer returns an Option
- BREAKING CHANGE: remove
- [breaking] Update to hyper 1.0
- BREAKING CHANGE: Removed hyper-h1 and hyper-h2 features
This is a backwards incompatible release. The main change is that accepting a new connection now returns a tuple of the new connection, and the peer
address. The AsyncAccept trait was also changed similarly. The Error enum was also changed to provide more details about the error. And if
the handshake times out, it now returns an error instead of silently waiting for the next connection.
-
[breaking] Add a new error type for handshake timeouts
- BREAKING CHANGE: Adds a new variant to the Error Enum
- BREAKING CHANGE: The Error enum is now non_exhaustive
- BREAKING CHANGE: Now returns an error if a handshake times out
-
[breaking] Yield remote address upon accepting a connection, and include it in errors.
- BREAKING CHANGE: The enum variant
Error::ListenerErroris now struct-like instead of tuple-like, and isnon_exhaustivelike the enum itself. - BREAKING CHANGE:
Errornow has three type parameters, not two. - BREAKING CHANGE:
TlsListener::acceptand<TlsListener as Stream>::nextyields a tuple of (connection, remote address), not just the connection. - BREAKING CHANGE:
AsyncAcceptnow has an associated typeAddress, whichpoll_acceptmust now return along with the accepted connection.
- BREAKING CHANGE: The enum variant
-
[breaking] More changes for including peer address in response
- BREAKING CHANGE: AsyncAccept::Error must implement std::error::Error
- BREAKING CHANGE: TlsAcceptError is now a struct form variant.
- Increase tokio-rustls version to 0.24.0
- Added additional tests and examples
- Re-export tls engine crates as public modules.
- Increased default handshake timeout to 10 seconds (technically a breaking change)
- Support for
openssl
- Fixed compilation on non-unix environments, where tokio-net doesn't include unix sockets
SpawningHandshakeswill abort the tasks for pending connections when the linked futures are dropped. This should allow timeouts to cause the connectionto be closed.
- Added [
AsyncAccept::until] method, that creates a newAsyncAcceptthat will stop accepting connections after another future finishes. - Added
hypersubmodule to add additional support for hyper. Specifically, a newtype for the hyperAccepttrait forAsyncAccept. - Added
SpawningHandshakesstruct behind thertfeature flag. This allows you to perform multiple handshakes in parallel with a multi-threaded runtime.
- Backwards incompatible:
AsyncAccept::poll_acceptnow returns,Poll<Option<Result<...>>>instead ofPoll<Result<...>>. This allows the incoming stream of connections to stop, for example, if a graceful shutdown has been initiated.impls provided by this crate have been updated, but custom implementations ofAsyncAccept, or direct usage of the trait may break. - Removed unnecessary type bounds (see #14). Potentially a breaking change, although I'd be suprised if any real code was affected.
- Added
TlsListener::replace_accept_pin()function to allow replacing the listener certificate at runtime, when the listener is pinned.
- Added
TlsListener::replace_acceptor()function to allow replacing the listener certificate at runtime.
- The implementation of
AsyncTlsfortokio_native_tls::TlsAcceptornow requires the connection type to implementSend. This in turn allowsTlsListenerto beSendwhen using thenative-tlsfeature. Technically, this is a breaking change. However, in practice it is unlikely to break existing code and makes usingTlsListenermuch easier to use whennative-tlsis enabled.
NOTE: This release contains several breaking changes.
- Support for
native-tls.
- The TLS backend is now configurable. Both rustls and native-tls are supported. Other backends can also be used by implementing the
AsyncTlstrait.- You must now supply either the
rustlsornative-tlsfeatures to get support for a tls backend. - Unfortunately, the machinery for this required adding an additional type parameter to
TlsListener.
- You must now supply either the
- The
TlsListenerstream now returns atls_listener::Errorinstead ofstd::io::Errortype. - Signatures of
TcpListener::new()andbuilder()have changed to now take an argument of the TLS type rather than arustls::ServerConfig, to update existing calls, replacebuilder(config)withbuilder(Arc::new(config).into()).
- Crate will now compile when linked against a target that doesn't explicitly enable the
tokio/timeandhyper/tcpfeatures.