v1.7.1

Release Summary:

• Delete all code that references Kyber.
• Fix the alignment used in the Rust bindings custom allocator to match the C malloc alignment contract.
• s2n-tls now errors if a peer sent an ECDSA signature with a mislabeled curve.
• each connection now uses 57 less bytes.
• We would like to thank Joshua Rogers (https://joshua.hu/) of AISLE Research Team (https://aisle.com/) for reporting the following issues:
  • fix(bindings): use max_align_t for allocator alignment in #5745
  • fix(quic support): Wipe buffers after reading post-handshake message in #5750
  • fix(bindings): tie ClientHello lifetime to Fingerprint in #5747
  • fix: add bound check for Yc_length against server DH params in #5737
  • Memory overallocation in aws-kms-tls-auth, addressed in GHSA-5whh-4q9j-7v28

What's Changed

• fix: restrict mldsa signatures based on certificate by @jmayclin in #5713
• feat(bindings): expose signature scheme API by @jmayclin in #5708
• build(deps): update crabgrind requirement from 0.1 to 0.2 in /tests/regression in the all-cargo-updates group across 1 directory by @dependabot[bot] in #5716
• ci: fix typo in readme by @CarolYeh910 in #5718
• feat(bindings): add support for metric aggregation by @jmayclin in #5709
• fix: correct calculation of extensions bitfield size by @WesleyRosenblum in #5719
• build(deps): bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5722
• nix: Use rustup toolchain over nix packages rustc in devshell by @kaukabrizvi in #5712
• Add X25519MLKEM768 benchmarks by @WillChilds-Klein in #5616
• ci: temporary replace clang-format-action by @jouho in #5735
• fix(benches): reduce flakiness in s2n-tls-bench daily job by @kaukabrizvi in #5728
• chore: fix sidetrail timings by @maddeleine in #5729
• ci: Add CI guardrail for BoringSSL fork by @kaukabrizvi in #5715
• feat(metrics): add EMF emitter by @jmayclin in #5730
• ci: fix fuzz failure artifact upload by @jouho in #5742
• chore: unpin rtshark version by @jouho in #5743
• ci: fix conventional commit check by @jouho in #5744
• fix(bindings): tie ClientHello lifetime to Fingerprint by @WesleyRosenblum in #5747
• fix: add bound check for Yc_length against server DH params by @CarolYeh910 in #5737
• chore: unpin rust integration dependencies by @jouho in #5748
• build(deps): bump actions/checkout from 4 to 6 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5746
• fix: Add additional verification checks to ECDSA curves by @maddeleine in #5736
• fix(bindings): use max_align_t for allocator alignment by @WesleyRosenblum in #5745
• chore: Delete all code that references Kyber by @alexw91 in #5705
• ci: revert clang-format workflow by @jouho in #5751
• ci: trigger PR title check upon edit by @jouho in #5749
• fix(quic support): Wipe buffers after reading post-handshake message by @maddeleine in #5750
• refactor(integration): utilities module with cert materials by @jmayclin in #5753
• build(deps): bump baptiste0928/cargo-install from 3.3.2 to 3.4.0 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5758
• build(deps): update strum requirement from 0.27 to 0.28 in /bindings/rust/standard by @dependabot[bot] in #5759
• test(integration): add coverage of error types for cert related failures by @jmayclin in #5755
• refactor: Use strong libcrypto randomness instead of custom random by @kaukabrizvi in #5726
• feat: add clearer errors for hostname, security policy failures by @jmayclin in #5761
• docs: Add security reporting policy by @WesleyRosenblum in #5734
• fix: rust alert getter should not modify by @lrstewart in #5756
• Necessary changes were made in the s2n module to support AIX OS. by @patel-parth7 in #5724
• fix: Use logical OR instead of bitwise OR by @maddeleine in #5763
• build(deps): bump actions/upload-artifact from 6 to 7 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5764
• revert: "fix: rust alert getter should not modify" by @kaukabrizvi in #5766

New Contributors

• @patel-parth7 made their first contribution in #5724

Full Changelog: v1.7.0...1.7.1

v1.7.0

Release summary

Kyber removal means we're bumping the the MINOR version to v1.7.0.

What's Changed

• (chore): Rust bindings bump 0.3.33 by @jouho in #5694
• build(deps): update reqwest requirement from 0.12.7 to 0.13.1 in /tests/pcap in the all-cargo-updates group across 1 directory by @dependabot[bot] in #5690
• chore: bump to nixpkgs 2025.05 by @dougch in #5489
• chore: bump standard MSRV to 1.83 by @jmayclin in #5700
• chore: Mark Kyber as unsupported on all LibCrypto variants by @alexw91 in #5701
• chore: update s2n-tls-hyper crates version to 0.1.0 by @boquan-fang in #5702
• chore: move s2n-tls-bench to Codebuild by @boquan-fang in #5693
• test(integration): add rust test for session resumption by @kaukabrizvi in #5683
• test (integration): add renegotiate rust test by @kaukabrizvi in #5689
• feat(bindings): expose disable_x509_intent_verification API by @CarolYeh910 in #5703
• chore: add static lists of supported TLS parameters by @jmayclin in #5698
• chore: rust binding release v0.3.34 by @CarolYeh910 in #5707

Full Changelog: v1.6.4...v1.7.0

Release v1.6.4

Weekly release for Jan 5, 2026

Release Summary:

• Enables certificate intent validation by default. This also adds a config API s2n_config_disable_x509_intent_verification() to disable it if necessary
• Fixed an issue where selected_key_exchange_group for a resumed TLS 1.2 connection would incorrectly report secp256r1.

What's Changed

• build(deps): bump ytanikin/pr-conventional-commits from 1.4.2 to 1.5.1 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5656
• ci: add typo check to ci by @brimonk in #5491
• Import Cloudfront PQ TLS Policies by @alexw91 in #5539
• feat(build): Improve OpenSSL libcrypto discovery by @goatgoose in #5572
• test: update CRL certs to comply with intent validation by @CarolYeh910 in #5651
• (chore): Rust bindings bump 0.3.32 by @maddeleine in #5662
• ci: update clang format version by @CarolYeh910 in #5661
• (chore): Revert "feat(build): Improve OpenSSL libcrypto discovery (#5572)" by @maddeleine in #5664
• feat: verify certificate issuer intent by default by @CarolYeh910 in #5657
• chore: Fix increase in Rust unit test timings by @maddeleine in #5677
• feat: add handshake event by @jmayclin in #5635
• test(integration): add async cert verify and offload 'stress' test by @kaukabrizvi in #5653
• test(integration): refactor PQ tests to utilize in-memory harness by @kaukabrizvi in #5667
• build(deps): bump the all-gha-updates group across 1 directory with 4 updates by @dependabot[bot] in #5675
• build(deps): bump cross-platform-actions/action from 0.31.0 to 0.32.0 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5685
• Fix: print diagnostics to stdout in s2n_resume_test by @ravindran-dev in #5660
• Fix: Unpin the rust nightly toolchain version by @VIM4L-M in #5682
• fix: incorrect group reported for TLS 1.2 session resumption by @jmayclin in #5673
• test: confirm errors for no matching parameters by @jmayclin in #5679
• test(integration): add rust test for prefer low latency by @kaukabrizvi in #5684
• test(integration): add BoringSSL cohort to expand mTLS coverage by @kaukabrizvi in #5659
• Fix unit test build errors under -Werror by @thulasiramk-2310 in #5686

New Contributors

• @brimonk made their first contribution in #5491
• @ravindran-dev made their first contribution in #5660
• @VIM4L-M made their first contribution in #5682
• @thulasiramk-2310 made their first contribution in #5686

Full Changelog: v1.6.3...v1.6.4

Release v1.6.3

Release Summary

Weekly release for Dec 15, 2025

Release Summary:

• The TLS handshake now succeeds when the async cert callback is configured and peers sent multiple TLS handshake messages per record.

What's Changed

• tests(integration): cases for TLS 1.3 group selection by @jmayclin in #5652
• fix: refactor negotiate loop to fix issue with async callback by @maddeleine in #5641

Full Changelog: v1.6.2...v1.6.3

Release v1.6.2

Release Summary

• Add a new public API, s2n_client_hello_get_random(), and move client_random storage from the connection to the s2n_client_hello struct so applications can retrieve the client random from a parsed ClientHello.
• Allow multiple application contexts to be set on a s2n-tls connection.
• Warning level TLS alerts may now be non-fatal prior to version negotiation
• Added support for Security Policies to have "strongly preferred" SupportedGroups.

What's Changed

• feat: add client hello random getter by @kaukabrizvi in #5620
• chore: Rust bindings release 0.3.30 by @dougch in #5633
• chore: s2n-tls-hyper version bump by @jouho in #5636
• build(deps): bump the all-gha-updates group across 1 directory with 2 updates by @dependabot[bot] in #5640
• feat: add rfc9151 compat policies by @jouho in #5615
• feat: improve performance of getting validated cert chain from libcrypto by @CarolYeh910 in #5622
• feat: additional rfc9151 compat policy without sha1 hmac by @jouho in #5645
• test: add test certs for cert intent validation by @CarolYeh910 in #5630
• test(integv2): remove dynamic record sizing test and related cleanup by @kaukabrizvi in #5644
• feat: add additional application context into Connection by @boquan-fang in #5637
• chore(bindings-release): s2n-tls v0.3.31 release by @boquan-fang in #5649
• fix: allow for warning level TLS alerts prior to version negotiation by @WesleyRosenblum in #5646
• test(integration): add mTLS integration tests by @kaukabrizvi in #5638
• feat: Ability to set "strongly preferred" groups by @alexw91 in #5634
• refactor(tls-harness): use single test pair IO to allow for decryption by @jmayclin in #5648

Full Changelog: v1.6.1...v1.6.2

Release v1.6.1

Weekly release for Nov 17, 2025

Release Summary:

• Adds pure ML-KEM-1024 support: s2n_pure_mlkem_1024 KEM group is now negotiable.

What's Changed

• test: add memory profiler test by @jmayclin in #5329
• docs: comments for blob, stuffer methods by @jmayclin in #5326
• refactor: remove unused s2n_socket_set_read_size method by @lrstewart in #5594
• chore: Rust bindings release 0.3.29 by @maddeleine in #5595
• feat(integration): enable CodeBuild and Nix for rust integration tests by @kaukabrizvi in #5578
• fix: update action user name by @jmayclin in #5600
• docs: update pull request template by @jmayclin in #5591
• fix: update memory usage test assertions by @jmayclin in #5592
• Revert "feat: basic security policy builder interface (#5493)" by @lrstewart in #5599
• docs: add dev docs on handshake and io by @lrstewart in #5596
• ci: PR conventional commit lint GHA by @dougch in #5603
• fix(ci): add build to the validate-pr-title CI job by @CarolYeh910 in #5610
• build(deps): bump the all-gha-updates group across 1 directory with 2 updates by @dependabot[bot] in #5605
• test(integration): add dynamic record sizing test by @kaukabrizvi in #5608
• ci: update cmake version by @CarolYeh910 in #5612
• ci: exclude validate-pr-title from merge queue by @CarolYeh910 in #5613
• feat: add pure ML-KEM support by @CarolYeh910 in #5586
• fix(ci): check Amazon copyright statement by @CarolYeh910 in #5611
• ci: move the integnix job to us-west-2 by @dougch in #5604
• fix: replace uint8_t in for loops by @CarolYeh910 in #5619
• refactor(harness): Extend handshake logic to support TLS 1.2 by @kaukabrizvi in #5614
• test: require both MLKem and MLDsa capabilities for pure MLKEM tests by @kaukabrizvi in #5621
• ci: add rust integration test to codebuild start script by @kaukabrizvi in #5623
• docs: Adds note about serialization error case by @maddeleine in #5617
• fix: enable -Wcast-qual flag for libcrypto=awslc by @boquan-fang in #4735

Full Changelog: v1.6.0...v1.6.1

Release: v1.6.0

Weekly release for October 30 2025

Release Summary:

• Multiple changes to the s2n-tls default policy:
  1. Added TLS13 support
  2. Added Post-Quantum key exchange
  3. Removed CBC ciphersuites
• Changes to the RFC9151 policy: Removes RSA key exchange and DHE cipher suites. Use the numbered version of this policy instead (20250429) to maintain the current preferences.
• Adds support for PQ only policies, which should not include classical ECC curves. This feature only works on libcryptos that support TLS 1.3 and PQ kem groups.
• Fixed a validation issue in s2n_connection_deserialize() where malformed protocol version bytes could result in invalid connection state and inconsistent TLS behavior.
• Add a synchronous rust binding API for s2n_cert_validation_callback
• Upgrades MSRV for extended crates (s2n-tls-sys, s2n-tls, s2n-tls-tokio) from 1.63 to 1.72

What's Changed

• docs: Small doc changes for KTLS by @maddeleine in #5521
• ci: install missing rust component for gitthub action workflows by @jouho in #5528
• refactor(aws-kms-tls-auth): add hmac based psk derivation by @jmayclin in #5519
• chore: bindings release 0.3.27 by @jouho in #5526
• fix(usage-guide): Update book.toml for mdbook 0.5 release by @goatgoose in #5535
• bindings(rust): bump extended crates MSRV to 1.72.0 by @jouho in #5534
• feat(bindings): expose cert validation callback by @CarolYeh910 in #5357
• chore: bindings release 0.3.28 by @goatgoose in #5540
• chore: add new team member by @kaukabrizvi in #5542
• fix: validate protocol version during connection deserialization by @jouho in #5523
• chore(bindings): revert dependency pins by @jmayclin in #5544
• refactor(aws-kms-tls-auth): psk provider using HMAC psks by @jmayclin in #5530
• chore: update bindgen version to v0.69.0 by @boquan-fang in #5396
• refactor 1/2: Fix security policy version in tests to numbered string by @maddeleine in #5549
• refactor: add psk receiver by @jmayclin in #5552
• build(deps): update rtshark requirement from 3.1.0 to 4.0.0 in /tests/pcap in the all-cargo-updates group across 1 directory by @dependabot[bot] in #5555
• fix(aws-kms-tls-auth): supress logging & version bump by @jmayclin in #5554
• refactor 2/2: Fix security policy version in tests to numbered string by @maddeleine in #5553
• fix(test): Reduce s2n_security_policies_test duration by @goatgoose in #5558
• docs: update nix integration test instructions for uvinteg function by @kaukabrizvi in #5550
• build(deps): bump the all-gha-updates group across 1 directory with 4 updates by @dependabot[bot] in #5548
• build(deps): update zeroize requirement from =1.7.0 to =1.8.2 in /bindings/rust/extended by @dependabot[bot] in #5537
• build(deps): update regex requirement from =1.9.6 to =1.12.1 in /bindings/rust/extended by @dependabot[bot] in #5556
• feat: Improve supported cipher suites in RFC9151 policy by @goatgoose in #5559
• ci: pin to older kissat version to unblock CBMC by @lrstewart in #5581
• fix: update test broken by Openssl dhe generation change by @lrstewart in #5580
• feat: output utility for security policy by @jouho in #5502
• feat: add PQ only policy support by @CarolYeh910 in #5545
• fix: update test_pq_only policy snapshot by @CarolYeh910 in #5583
• refactor: Adds tls13 ciphersuites to default/default_fips policy by @maddeleine in #5560
• build(deps): bump the all-gha-updates group in /.github/workflows with 2 updates by @dependabot[bot] in #5585
• ci: scope down GitHub Token permissions by @AdnaneKhan in #5570

New Contributors

• @AdnaneKhan made their first contribution in #5570

Full Changelog: v1.5.27...v1.6.0

Release: v1.5.27

Weekly release for September 25 2025

Release Summary:

• Our kTLS feature can now perform key updates, meaning that kTLS is now safe to turn on in TLS1.3 when using the newest version of the linux kernel (6.14+).

What's Changed

• docs(usage guide): description connection serialization by @jmayclin in #5504
• test(integv2): trim bloated cases by @jmayclin in #5453
• test: Adds test for serializing a previously-serialized connection by @maddeleine in #5495
• chore: bindings release 0.3.26 by @CarolYeh910 in #5509
• build(deps): bump the all-gha-updates group in /.github/workflows with 4 updates by @dependabot[bot] in #5497
• ci: fix clippy by @CarolYeh910 in #5516
• chore(ci): Update older integ job to prep for deprecation by @dougch in #5501
• chore: delete files in preparation for refactor by @jmayclin in #5517
• ci: pin libloading which requires MSRV 1.71 by @jouho in #5520
• chore(ci): add sanitizer jobs for openssl-1.0.2-fips by @dougch in #5508
• chore(ci): add openssl-1.0.2-fips gcc-4.8 job by @dougch in #5512
• ci: remove duplicate buildspec by @dougch in #5228
• feat: Add key update to ktls feature by @maddeleine in #5484

Full Changelog: v1.5.26...v1.5.27

v1.5.26

Release Summary

• Adds async public key support: s2n_pkey_verify() can be performed asynchronously through the async offloading callback.
• Add new s2n_connection_get_signature_scheme method to retrieve the IANA description of the server signature scheme

What's Changed

• chore(nix): Move nix integ jobs to ec2 fleets by @dougch in #5461
• chore: Adds build file to get new codebuild project running in CI by @maddeleine in #5476
• build(deps): bump the all-gha-updates group across 1 directory with 3 updates by @dependabot[bot] in #5479
• chore(nix): switch to nixpkgs libressl by @dougch in #5467
• chore(release): release s2n-tls v0.3.25 by @boquan-fang in #5486
• ci: tweak ruff ci failure message by @lrstewart in #5485
• refactor: signature scheme name adjustment by @lrstewart in #5472
• feat: add method to get signature scheme name by @lrstewart in #5471
• Fix HKDF on big-endian by @sertonix in #5478
• refactor(tls-harness): avoid implicit shutdown of ossl connection by @jmayclin in #5474
• fix: no server signature scheme expected with rsa kex by @lrstewart in #5481
• feat: add pure mlkem_1024 definition by @johubertj in #5468
• feat(integration): add utilities for capability assertions by @jmayclin in #5475
• build(deps): bump nixbuild/nix-quick-install-action from 32 to 33 in /.github/workflows in the all-gha-updates group by @dependabot[bot] in #5487
• feat: 'latest' option for strict policy by @lrstewart in #5488
• chore: pin to older pytest-rerunfailures by @dougch in #5494
• refactor: move new default policies to separate file by @lrstewart in #5492
• feat: basic security policy builder interface by @lrstewart in #5493
• chore: bump instance size for Valgrind by @dougch in #5500
• chore(nix): Flip awslc to upstream flake. by @dougch in #5317
• ci: only use git fetch for nix jobs by @jmayclin in #5506
• feat: add async public key support by @CarolYeh910 in #5473

New Contributors

• @sertonix made their first contribution in #5478

Full Changelog: v1.5.25...v1.5.26

Release: v1.5.25

Weekly release for August 25 2025

Release Summary

• Add a copy of the rfc9151 policy (20250429) which pins all of the policy parts to the current version.
• Adds new TLSv1.3-enabled security policies for CloudFront's outbound ("upstream") connections to origin servers. We also add similar policies with PQ enabled.

What's Changed

• chore: bindings release 0.3.24 by @johubertj in #5455
• chore: apply clippy fixes by @johubertj in #5459
• Add fixed version of the rfc9151 policy by @Mark-Simulacrum in #5277
• test(integration): add record padding test by @jmayclin in #5451
• refactor(stuffer): Rename s2n_stuffer_has_pem_encapsulated_block by @alice-aws in #5465
• ci: don't include tls/extensions in SAW build by @lrstewart in #5466
• ci: fix wikipedia network test + better error message by @lrstewart in #5470
• refactor: setup replacement default policies by @lrstewart in #5464
• Add TLSv1.3 (classical + PQ) policies for CloudFront Upstream by @WillChilds-Klein in #5460

New Contributors

• @alice-aws made their first contribution in #5465

Full Changelog: v1.5.24...v1.5.25