Fix QUIC compilation and FIPS features #10
Conversation
Fix a build issue due to lack of trait constraints. Pass FIPS feature flag through and test it
|
Thanks for the PR! I haven‘t had time to work on this recently. Please note that I created the crate mainly to play with the provider mechanism and I‘m not using it productively anywhere. That said, I‘m happy to review and merge PRs. change looks good! |
I am mostly in the same boat, but given how well it is working in my current testing I am starting to look into next steps. Do you have any/know of any plans to upstream this to https://github.com/cloudflare/boring in the future? |
|
Hmm, good question. I think the interesting part of this crate is the (potential) FIPS support via boringssl. However, I'm nowhere near a FIPS expert and I'm unsure if actually all FIPS-relevant computations are already (or can be) executed as part of the FIPS-approved crypto module in boringssl. I wouldn't be opposed to upstreaming this (but I think it requires cleanups and probably more tests), and it's already split up in a way that should make it fairly easy. There hasn't been a lot of chatter about rustls within Cloudflare (that I know of), so not sure about the interest in having this as part of cloudflare/boring. |
|
That (FIPS) is exactly my interest as well. Also not an expert, but I think the rustls provider model is setup in a way such that it could meet FIPS requirements with a custom provider - though I also didn't audit the usage here to see if it meets that (nor would that mean much, given my lack of FIPS expertise 🙂 ) |
In playing around with this crate (which is great!) I ran into a few issues:
Fixed a build issue due to lack of trait constraints.
Pass FIPS feature flag through and test it