Loading rust-runtime/aws-smithy-client/Cargo.toml +2 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ repository = "https://github.com/awslabs/smithy-rs" rt-tokio = ["aws-smithy-async/rt-tokio"] test-util = ["aws-smithy-protocol-test", "serde/derive", "rustls", "hyper/server", "hyper/h2", "tokio/full"] native-tls = ["client-hyper", "hyper-tls", "rt-tokio"] rustls = ["client-hyper", "hyper-rustls", "rt-tokio", "lazy_static"] rustls = ["client-hyper", "hyper-rustls", "rt-tokio", "lazy_static", "dep:rustls"] client-hyper = ["hyper"] hyper-webpki-doctest-only = ["hyper-rustls/webpki-roots"] Loading @@ -32,6 +32,7 @@ hyper = { version = "0.14.25", features = ["client", "http2", "http1", "tcp"], o # https://github.com/rust-lang/cargo/issues/1596 hyper-rustls = { version = "0.23.0", optional = true, features = ["rustls-native-certs", "http2"] } hyper-tls = { version = "0.5.0", optional = true } rustls = { version = "0.20", optional = true } lazy_static = { version = "1", optional = true } pin-project-lite = "0.2.7" serde = { version = "1", features = ["derive"], optional = true } Loading rust-runtime/aws-smithy-client/src/conns.rs +22 −1 Original line number Diff line number Diff line Loading @@ -19,13 +19,34 @@ pub type NativeTls = hyper_tls::HttpsConnector<hyper::client::HttpConnector>; /// A smithy connector that uses the `rustls` crate for TLS. pub type Rustls = crate::hyper_ext::Adapter<Https>; #[cfg(feature = "rustls")] use hyper_rustls::ConfigBuilderExt; // Creating a `with_native_roots` HTTP client takes 300ms on OS X. Cache this so that we // don't need to repeatedly incur that cost. #[cfg(feature = "rustls")] lazy_static::lazy_static! { static ref HTTPS_NATIVE_ROOTS: Https = { hyper_rustls::HttpsConnectorBuilder::new() .with_tls_config( rustls::ClientConfig::builder() .with_cipher_suites(&[ // TLS1.3 suites rustls::cipher_suite::TLS13_AES_256_GCM_SHA384, rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, // TLS1.2 suites rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, rustls::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() .expect("Error with the TLS configuration. Please file a bug report under https://github.com/awslabs/smithy-rs/issues.") .with_native_roots() .with_no_client_auth() ) .https_or_http() .enable_http1() .enable_http2() Loading Loading
rust-runtime/aws-smithy-client/Cargo.toml +2 −1 Original line number Diff line number Diff line Loading @@ -11,7 +11,7 @@ repository = "https://github.com/awslabs/smithy-rs" rt-tokio = ["aws-smithy-async/rt-tokio"] test-util = ["aws-smithy-protocol-test", "serde/derive", "rustls", "hyper/server", "hyper/h2", "tokio/full"] native-tls = ["client-hyper", "hyper-tls", "rt-tokio"] rustls = ["client-hyper", "hyper-rustls", "rt-tokio", "lazy_static"] rustls = ["client-hyper", "hyper-rustls", "rt-tokio", "lazy_static", "dep:rustls"] client-hyper = ["hyper"] hyper-webpki-doctest-only = ["hyper-rustls/webpki-roots"] Loading @@ -32,6 +32,7 @@ hyper = { version = "0.14.25", features = ["client", "http2", "http1", "tcp"], o # https://github.com/rust-lang/cargo/issues/1596 hyper-rustls = { version = "0.23.0", optional = true, features = ["rustls-native-certs", "http2"] } hyper-tls = { version = "0.5.0", optional = true } rustls = { version = "0.20", optional = true } lazy_static = { version = "1", optional = true } pin-project-lite = "0.2.7" serde = { version = "1", features = ["derive"], optional = true } Loading
rust-runtime/aws-smithy-client/src/conns.rs +22 −1 Original line number Diff line number Diff line Loading @@ -19,13 +19,34 @@ pub type NativeTls = hyper_tls::HttpsConnector<hyper::client::HttpConnector>; /// A smithy connector that uses the `rustls` crate for TLS. pub type Rustls = crate::hyper_ext::Adapter<Https>; #[cfg(feature = "rustls")] use hyper_rustls::ConfigBuilderExt; // Creating a `with_native_roots` HTTP client takes 300ms on OS X. Cache this so that we // don't need to repeatedly incur that cost. #[cfg(feature = "rustls")] lazy_static::lazy_static! { static ref HTTPS_NATIVE_ROOTS: Https = { hyper_rustls::HttpsConnectorBuilder::new() .with_tls_config( rustls::ClientConfig::builder() .with_cipher_suites(&[ // TLS1.3 suites rustls::cipher_suite::TLS13_AES_256_GCM_SHA384, rustls::cipher_suite::TLS13_AES_128_GCM_SHA256, // TLS1.2 suites rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, rustls::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, rustls::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, rustls::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, ]) .with_safe_default_kx_groups() .with_safe_default_protocol_versions() .expect("Error with the TLS configuration. Please file a bug report under https://github.com/awslabs/smithy-rs/issues.") .with_native_roots() .with_no_client_auth() ) .https_or_http() .enable_http1() .enable_http2() Loading
Daniele Ahmed <ahmeddan@amazon.de>Daniele Ahmed <ahmeddan@amazon.de>