* (chore): Rust bindings bump 0.3.33 (#5694)
* build(deps): update reqwest requirement from 0.12.7 to 0.13.1 in
/tests/pcap in the all-cargo-updates group across 1 directory (#5690)
* chore: bump to nixpkgs 2025.05 (#5489)
* chore: bump standard MSRV to 1.83 (#5700)
* Mark Kyber as unsupported on all LibCrypto variants (#5701)
* chore: update s2n-tls-hyper crates version to 0.1.0 (#5702)
* chore: move s2n-tls-bench to Codebuild (#5693)
* test(integration): add rust test for session resumption (#5683)
* test (integration): add renegotiate rust test (#5689)
* feat(bindings): expose disable_x509_intent_verification API (#5703)
* chore: add static lists of supported TLS parameters (#5698)
* chore: rust binding release v0.3.34 (#5707)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=107
- Update to version 1.6.4
* build(deps): bump ytanikin/pr-conventional-commits from 1.4.2 to 1.5.1
in /.github/workflows in the all-gha-updates group (#5656)
* ci: add typo check to ci (#5491)
* Import Cloudfront PQ TLS Policies (#5539)
* feat(build): Improve OpenSSL libcrypto discovery (#5572)
* test: update CRL certs to comply with intent validation (#5651)
* (chore): Rust bindings bump 0.3.32 (#5662)
* ci: update clang format version (#5661)
* (chore): Revert "feat(build): Improve OpenSSL libcrypto discovery (#5572)" (#5664)
* feat: verify certificate issuer intent by default (#5657)
* chore: Fix increase in Rust unit test timings (#5677)
* feat: add handshake event (#5635)
* test(integration): add async cert verify and offload 'stress' test (#5653)
* test(integration): refactor PQ tests to utilize in-memory harness (#5667)
* build(deps): bump the all-gha-updates group across 1 directory with 4 updates (#5675)
* build(deps): bump cross-platform-actions/action from 0.31.0 to 0.32.0
in /.github/workflows in the all-gha-updates group (#5685)
* Fix: print diagnostics to stdout in s2n_resume_test (#5660)
* Fix: Unpin the rust nightly toolchain version (#5682)
* fix: incorrect group reported for TLS 1.2 session resumption (#5673)
* test: confirm errors for no matching parameters (#5679)
* test(integration): add rust test for prefer low latency (#5684)
* test(integration): add BoringSSL cohort to expand mTLS coverage (#5659)
* Fix unit test build errors under -Werror (#5686)
OBS-URL: https://build.opensuse.org/request/show/1326350
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=105
- Update to version 1.6.3
* tests(integration): cases for TLS 1.3 group selection (#5652)
* fix: refactor negotiate loop to fix issue with async callback (#5641)
- from version 1.6.2
* feat: add client hello random getter (#5620)
* chore: Rust bindings release 0.3.30 (#5633)
* chore: s2n-tls-hyper version bump (#5636)
* build(deps): bump the all-gha-updates group across 1 directory with 2 updates (#5640)
* feat: add rfc9151 compat policies (#5615)
* feat: improve performance of getting validated cert chain from libcrypto (#5622)
* feat: additional rfc9151 compat policy without sha1 hmac (#5645)
* test: add test certs for cert intent validation (#5630)
* test(integv2): remove dynamic record sizing test and related cleanup (#5644)
* feat: add additional application context into Connection (#5637)
* chore(bindings-release): s2n-tls v0.3.31 release (#5649)
* fix: allow for warning level TLS alerts prior to version negotiation (#5646)
* test(integration): add mTLS integration tests (#5638)
* feat: Ability to set "strongly preferred" groups (#5634)
* refactor(tls-harness): use single test pair IO to allow for decryption (#5648)
OBS-URL: https://build.opensuse.org/request/show/1325346
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=103
- Update to version 1.5.26
* chore(nix): Move nix integ jobs to ec2 fleets (#5461)
* chore: Adds build file to get new codebuild project running in CI (#5476)
* build(deps): bump the all-gha-updates group across
1 directory with 3 updates (#5479)
* chore(nix): switch to nixpkgs libressl (#5467)
* chore(release): release s2n-tls v0.3.25 (#5486)
* ci: tweak ruff ci failure message (#5485)
* refactor: signature scheme name adjustment (#5472)
* feat: add method to get signature scheme name (#5471)
* Fix HKDF on big-endian (#5478)
* refactor(tls-harness): avoid implicit shutdown of ossl connection (#5474)
* fix: no server signature scheme expected with rsa kex (#5481)
* feat: add pure mlkem_1024 definition (#5468)
* feat(integration): add utilities for capability assertions (#5475)
* build(deps): bump nixbuild/nix-quick-install-action from 32 to 33
in /.github/workflows in the all-gha-updates group (#5487)
* feat: 'latest' option for strict policy (#5488)
* chore: pin to older pytest-rerunfailures (#5494)
* refactor: move new default policies to separate file (#5492)
* feat: basic security policy builder interface (#5493)
* chore: bump instance size for Valgrind (#5500)
* chore(nix): Flip awslc to upstream flake. (#5317)
* ci: only use git fetch for nix jobs (#5506)
* feat: add async public key support (#5473)
OBS-URL: https://build.opensuse.org/request/show/1305954
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=95
- Update to version 1.5.25
* chore: bindings release 0.3.24 by @johubertj in (#5455)
* chore: apply clippy fixes by @johubertj in (#5459)
* Add fixed version of the rfc9151 policy by @Mark-Simulacrum in (#5277)
* test(integration): add record padding test by @jmayclin in (#5451)
* refactor(stuffer): Rename s2n_stuffer_has_pem_encapsulated_block
by @alice-aws in (#5465)
* ci: don't include tls/extensions in SAW build by @lrstewart in (#5466)
* ci: fix wikipedia network test + better error message by @lrstewart in (#5470)
* refactor: setup replacement default policies by @lrstewart in (#5464)
* Add TLSv1.3 (classical + PQ) policies for CloudFront Upstream
by @WillChilds-Klein in (#5460)
OBS-URL: https://build.opensuse.org/request/show/1302340
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=93
- Update to version 1.5.24
* refactor(bench): unify IO methods (#5434)
* test(bench): add api for mutual auth handshake (#5437)
* chore: bindings release 0.3.23 (#5439)
* ci: document how to manually run the codebuild jobs (#5441)
* chore: add Awslc fips next to CI (#5349)
* feat: add integration test for secp384r1_mlkem_1024 (#5438)
* fix(typo): fix a typo in codebuild.yml (#5445)
* build(deps): update criterion requirement from 0.6 to 0.7 in
/bindings/rust/standard (#5442)
* chore(ci): tell crt to not check submodule version (#5450)
* Add AWS-CRT-SDK-TLSv1.0-2025-PQ (#5403)
* chore(ci): once a week, clean the nix store for the kTLS job. (#5430)
* refactor(tls-harness): separate benchmark abstractions (#5444)
OBS-URL: https://build.opensuse.org/request/show/1297656
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=91
- Update to version 1.5.22
* chore(ci): add a cargo timing buildspec (#5176)
* build(deps): update pprof requirement from 0.14 to 0.15
in /bindings/rust/standard (#5334)
* refactor(examples): remove connection pool (#5353)
* ci: Fix the sslyze test for nix (#5283)
* Include application message in Debug impl (#5359)
* build: prevent needless rebuild with S2N_INTERN_LIBCRYPTO=ON and Ninja (#5356)
* build(deps): bump baptiste0928/cargo-install from 3.3.0 to 3.3.1
in /.github/workflows in the all-gha-updates group (#5361)
* tests(integv2): fix flaky session resumption test (#5362)
* tests(integ): add more debug logging (#5363)
* build(deps): bump nixbuild/nix-quick-install-action from 30 to 31
in /.github/workflows in the all-gha-updates group (#5366)
* build(deps): bump nixbuild/nix-quick-install-action from 31 to 32
in /.github/workflows in the all-gha-updates group (#5371)
* fix: policy util should ignore deprecated TLS1.2 kems if missing (#5372)
* chore: apply clippy and fmt fixes (#5386)
* feature: new TLS1.2 + FIPS CRT security policy (#5375)
OBS-URL: https://build.opensuse.org/request/show/1291955
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=87
- Update to version 1.5.19
* Remove unused negotiate_kem function causing build failure (#5316)
* chore: Bump nixpkgs version to 24.11 (#5294)
* tests: policy snapshot test (#5309)
* fix(benches): use session ticket for resumption (#5305)
* feature: release ML-DSA support (#5307)
* feature: support for ML-DSA handshake signatures (#5303)
* tests: turn verbose mode off by default in integ tests (#5286)
* Revert "build: add pull requests limit for dependabot" (#5302)
* chore: Update Apache test certificates from RSA1024 to RSA2048 (#5285)
* feature: add crypto support for mldsa signing (#5272)
* refactor: remove conn->client_hello_version (#5278)
* build(deps): unpin test-log because of MSRV updates (#5300)
* build: add pull requests limit for dependabot (#5299)
* chore: bindings release 0.3.19 (#5298)
* build(deps): update strum requirement from 0.25 to 0.27
in /bindings/rust/standard (#5292)
* build(deps): update test-log-macros requirement from =0.2.14
to =0.2.17 in /bindings/rust/standard (#5290)
* feat: Add `as_ptr()` API for Config (#5274)
* tests: reduce integ test flakiness + improve debugability (#5282)
* build(deps): update env_logger requirement from 0.10 to 0.11
in /bindings/rust/standard (#5296)
* build(deps): bump aws-actions/configure-aws-credentials from 4.1.0
to 4.2.0 in /.github/workflows in the all-gha-updates group (#5297)
* tests: fix flaky test_serialization (#5288)
* chore: bump standard MSRV to 1.82.0 (#5295)
* chore: Add comments to track dependency requirements (#5287)
* tests: improve coverage for s2n_stream_cipher_null (#5268)
* build(deps): bump astral-sh/setup-uv from 5 to 6 in /.github/workflows
OBS-URL: https://build.opensuse.org/request/show/1280462
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=81
- Update to version 1.5.18
* build: add -Wa,-mbranches-within-32B-boundaries compiler flag (#5267)
* build(deps): bump JulienKode/team-labeler-action from 1.3.0 to 2.0.0
in /.github/workflows in the all-gha-updates group (#5252)
* refactor: remove unused hash methods (#5269)
* Add 20250414 security policy (#5253)
* feature: add support for configuring (but not yet using) ml-dsa certs (#5263)
* tests: add ml-dsa test certs from RFC (#5261)
* refactor: cleanup hash to better support multiple implementations (#5258)
* chore: bindings release 0.3.17 (#5260)
* chore: add new team member (#5259)
* ci: add awslcfips to nix jobs (#5205)
* chore(ci): revert nix installer pin (#5251)
OBS-URL: https://build.opensuse.org/request/show/1274929
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=79
- Update to version 1.5.15
* feature: openssl-3.0-fips support (#5191)
* ci: defend against unset version number in awslc installer (#5195)
* fix: openssl-3.0-fips should use libcrypto HKDF (#5183)
* fix: remove unnecessary RC4 restriction (#5170)
* fix: openssl-3.0-fips should use separate private rand (#5184)
* ci: move openssl3fips build to existing asan build (#5181)
* chore: include Need By Date section in github issue template (#5187)
* ci: cleanup awslc-fips versioning (#5156)
* chore: bump linting action Ubuntu version (#5186)
* build(deps): update aws-lc-rs version to remove paste deps (#5192)
* test: fix self-talk pkey offload test for openssl-3.0-fips (#5175)
* test: reduce parameter selection (#5161)
* chore: add inline noqa suppression (#5159)
* ci: make start_codebuild.sh work for forks (#5178)
* test(integv2): add partial support for OpenSSL 3.0 provider (#5131)
* (docs): Improve PQ docs (#5173)
* ci: use ruff --diff instead of --check (#5177)
* chore: pin once_cell version to unblock the CI (#5174)
* fix(ruff): resolve linting errors detected by Ruff (#5140)
* fix: mark chachapoly as unavailable with openssl-3.0-fips (#5168)
* tests: fix flaky ja4 test (#5169)
* chore: update git blame ignore commit ID (#5164)
* style: fix redundant return (#5150)
* build(deps): bump nixbuild/nix-quick-install-action from 29 to 30
in /.github/workflows in the all-gha-updates group (#5153)
* refactor: add libcrypto PRF impl for openssl-3.0-fips (#5158)
* chore: binding release 0.3.13 (#5167)
* chore(ci): pin symbolic-common (#5166)
OBS-URL: https://build.opensuse.org/request/show/1266597
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=73
- Update to version 1.5.14
* tests: try to make s2n_mem_usage_test more useful (#5139)
* chore: git-blame-ignore ruff formatting (#5151)
* chore(bindings): change in rustup behavior (#5160)
* refactor: remove unused prf hmac impls (#5148)
* chore(ci): make the awslc fips install script version aware (#5100)
* fix: memory leak during STEK rotation (#5146)
* refactor: add alternative EVP signing method (#5141)
* refactor: cleanup prf header (#5144)
* feat(bindings): expose context on cert chain (#5132)
* Ruff Formatting and add to CI (#5138)
* chore(nix): Add aws-lc-fips 2022/4 (#5109)
* test(integv2): fixes to allow test_record_padding to partially run (#5099)
* build(deps): update rtshark requirement from 2.9.0 to 3.1.0 in /tests/pcap
in the all-cargo-updates group across 1 directory (#5087)
* tests: use sig schemes as source of truth for valid hash+sig algs (#5129)
- from version 1.5.13
* ci: always set values for command line defines (#5126)
* fix: update callback return value (#5136)
* refactor: always use EVP hashing (#5121)
* ci: add check for third-party-src in disable rand override buildspec (#5137)
* feat: add async cert validation support (#5110)
* chore: remove unused well-known-endpoints.py (#5127)
* fix(bindings): remove mutation behind Arc (#5124)
* chore: binding release 0.3.12 (#5128)
* refactor: use EVP_MD_fetch() if available (#5116)
* feat: Option to disable RAND engine override (#5108)
* fix(bindings): make Context borrow immutable (#5071)
* build(deps): update rand requirement (#5125)
* chore: fix a typo in API comments (#5123)
OBS-URL: https://build.opensuse.org/request/show/1253014
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=71
- Update to version 1.5.10
* refactor(bench): remove historical benchmarks (#4940)
* fix: pem parsing detection of last cert errors (#4908)
* docs: specify s2n_blob growable conditions (#4943)
* chore(bindings): move tokio examples to dedicated folder (#4954)
* chore: fix GHA for merge-queue (#4973)
* chore(binding): release 0.3.8 (#4969)
* (chore): Installs Nix in AL2023 Buildspec (#4934)
* build(deps): bump the all-gha-updates group in /.github/workflows with 5 updates (#4961)
* feat(s2n-tls-hyper): Add support for negotiating HTTP/2 (#4924)
* tests: allow TLS1.2 with RSA-PSS certs in integ tests (#4949)
* ci: update CRT test ubuntu version to ubuntu24 (#4964)
* feat(bindings): enable application owned certs (#4937)
* ci: batch dependabot updates (#4959)
* ci(refactor): deprecate Omnibus (#4953)
* build(deps): bump actions/cache from 2.1.4 to 4.1.2 in /.github/workflows (#4928)
* build(deps): bump peaceiris/actions-gh-pages from 3 to 4 in /.github/workflows (#4921)
* build(deps): bump cross-platform-actions/action from 0.23.0 to 0.26.0 in /.github/workflows (#4951)
* build(deps): bump github/codeql-action from 2 to 3 in /.github/workflows (#4917)
* ci: add change directory to third-party-src logic (#4950)
* feat: TLS1.2 support for RSA-PSS certificates (#4927)
* feat: feature probe S2N_LIBCRYPTO_SUPPORTS_ENGINE (#4878)
* test(bindings): run unit tests under asan (#4948)
* ci(refactor): remove ASAN from Omnibus and GeneralBatch (#4946)
* ci(refactor): remove fuzz tests from Omnibus (#4945)
* refactor: add a s2n_libcrypto_is_openssl() helper function (#4930)
* fix(s2n-tls-hyper): Add proper IPv6 address formatting (#4938)
* ci: add openssl-1.0.2-fips to fuzz test (#4942)
* ci(refactor): remove Valgrind checks from omnibus and generalBatch (#4913)
* fix(bindings): address clippy issues from 1.83 (#4941)
OBS-URL: https://build.opensuse.org/request/show/1235556
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=67
