Actix-web: Upgrade to `rustls v0.16.0`

Created on 12 Aug 2019  路  16Comments  路  Source: actix/actix-web

rustls v0.16.0 has upgraded ring which is no longer compatible with rustls v0.15.2.

picture kathampy
👍2

Most helpful comment

We should wait several weeks. It is super painful to upgrade ring

picture fafhrd91 on 13 Aug 2019
👍3

All 16 comments

I briefly read the README of rustls, I think this update makes sense. But we have to upgrade rustls in actix-connect at first due to conflicts.

JohnTitor picture JohnTitor on 13 Aug 2019

We should wait several weeks. It is super painful to upgrade ring

fafhrd91 picture fafhrd91 on 13 Aug 2019
👍3

It's been a month. Can we upgrade now?

svenstaro picture svenstaro on 9 Sep 2019

what do you need from 0.16?

fafhrd91 picture fafhrd91 on 9 Sep 2019

btw maybe we should create separate crates for actix-connect, like actix-connect-rustls, actix-connect-ssl etc?

fafhrd91 picture fafhrd91 on 9 Sep 2019

My problem mostly is that the ecosystem is kinda blocked on a certain ring version if not all crates move at the same time and so I'd like to move this as quickly as possible to unblock people early.

Personally, I'd like this feature from the changelog of rustls:
Correct an omission in TLS1.3 middlebox compatibility mode, causing handshake failures with servers behind buggy middleboxes.

svenstaro picture svenstaro on 9 Sep 2019

btw maybe we should create separate crates for actix-connect, like actix-connect-rustls, actix-connect-ssl etc?

I'm not sure. That wouldn't really help with ring, right?

svenstaro picture svenstaro on 9 Sep 2019

that would unblock actix's creates in term of dependencies. developer could choose whatever version of rustls to use

fafhrd91 picture fafhrd91 on 9 Sep 2019

I need to use hyper and hyper-rustls for low level HTTP calls (Actix Web Client is not suitable for me) which need rustls 0.16. reqwest has also upgraded.

kathampy picture kathampy on 9 Sep 2019

that would unblock actix's creates in term of dependencies. developer could choose whatever version of rustls to use

Sorry, I don't have a well-informed opinion about the implications of that vs. keeping it as is. It seems to me we already have plenty of split dependencies and features would suffice.

svenstaro picture svenstaro on 9 Sep 2019

I've opened a PR for this here: https://github.com/actix/actix-net/pull/42, unfortunately I don't think I can make the tests pass since the dependencies do not use a relative path, they use crates.io and so they're out of sync.

jeromegn picture jeromegn on 10 Sep 2019

Let's get this thing on the road.

svenstaro picture svenstaro on 27 Sep 2019

Notice: the new versions of actix-connect and actix-server(-config) are released.

JohnTitor picture JohnTitor on 4 Oct 2019
👍1

Currently blocking: actix-testing because 0.1.0 wants actix-server 0.6.1 which doesn't dep on rustls 0.16 yet. Can you do a release of actix-testing @fafhrd91?

svenstaro picture svenstaro on 14 Oct 2019

actix-testing is released

fafhrd91 picture fafhrd91 on 14 Oct 2019

master uses rustls 0.16

fafhrd91 picture fafhrd91 on 21 Nov 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

uncotion picture uncotion  路  3Comments
cheolgyu picture cheolgyu  路  3Comments
icommit picture icommit  路  3Comments
bbigras picture bbigras  路  5Comments
bedax picture bedax  路  3Comments