Skip to content

bindings(s2n-tls): fix pq feature #4887

New issue
New issue
Open
Open
bindings(s2n-tls): fix pq feature#4887
Labels
priority/lowRank 4s2n-coreteamsize/small
@jmayclin

Description

@jmayclin
jmayclin
opened on Nov 12, 2024

Problem:

The pq feature is misleading for the s2n-tls and s2n-tls-sys crates.

The only functionality gated behind this feature is the definition of a few pq policies.

s2n-tls/bindings/rust/s2n-tls/src/security.rs

Lines 108 to 112 in 8dd4815

#[cfg(feature = "pq")]
pub const TESTING_PQ: Policy = policy!("PQ-TLS-1-0-2021-05-26");
#[cfg(feature = "pq")]
pub const DEFAULT_PQ: Policy = policy!("default_pq");

This is misleading because customer might see that the pq feature is off by default and conclude that PQ isn't supported by default.

However, PQ functionality/cryptography are available by default from aws-lc.

Solution:

I think the PQ feature should be removed from s2n-tls-sys and s2n-tls.

There is currently no meaningful functionality to be gated behind the PQ feature. In the future it might be useful to gate certain tests, but I think this could be more simply handled with a runtime feature probe or a env variable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority/lowRank 4s2n-coreteamsize/small

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions