Add aes256-sha384 TLS cipher feature#135
Open
pawelchcki wants to merge 1 commit into
Open
Conversation
pawelchcki
force-pushed
the
aes256-sha384-cipher
branch
from
0fc8eaf to
53846bc
Compare
pawelchcki
changed the title
pawelchcki
force-pushed
the
aes256-sha384-cipher
branch
2 times, most recently
from
6fe1500 to
d89ba3f
Compare
pawelchcki
force-pushed
the
aes256-sha384-cipher
branch
from
d89ba3f to
4da4c9f
Compare
pawelchcki
changed the title
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds an opt-in TLS 1.3 cipher suite selection for the embedded-tls backend, allowing connections to servers that require TLS_AES_256_GCM_SHA384.
Changes:
- Introduces a
DefaultCiphertype alias toggled by a newaes256-sha384Cargo feature. - Updates TLS provider/connection types to use
DefaultCipherinstead of hard-codingAes128GcmSha256. - Documents the new feature and pins git dependencies to specific revisions.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/client.rs | Makes the embedded-tls cipher suite configurable via a feature-gated DefaultCipher alias. |
| README.md | Documents default cipher and how to enable the AES-256/SHA-384 option. |
| Cargo.toml | Adds aes256-sha384 feature and pins embedded-tls / esp-mbedtls git deps to specific revs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+116
to
+117
| `reqwless` uses `TLS_AES_128_GCM_SHA256` by default. To connect to servers that only accept | ||
| `TLS_AES_256_GCM_SHA384`, enable the `aes256-sha384` feature: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
aes256-sha384feature for embedded-tlsTLS_AES_128_GCM_SHA256as the default embedded-tls cipher suiteTLS_AES_256_GCM_SHA384whenaes256-sha384is enabledNotes
This keeps the client API unchanged. The cipher suite is selected at compile time through Cargo features, avoiding the runtime wrapper enum needed for configurable cipher selection.
dd97196dfd56c836b6267dc89f1fe618094f72a3is the oldest practical embedded-tls pin I found. Earlier useful candidates either miss reqwless-facing optional features or fail to compile withder 0.8.0without the laterder/heaplessfix.Validation
cargo checkcargo check --no-default-features --features embedded-tlscargo check --no-default-features --features embedded-tls,aes256-sha384git diff --checkrustfmt --check src/client.rs