Support TLS 1.3 #153
Merged
Support TLS 1.3 #153
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Note that rustls does not support TLS 1.0 and 1.1, only 1.2/1.3. We (the rustls maintainers) now suggest using rustls-platform-verifier instead, though (see README for rationale). That is not supported directly within reqwest today but making it work is not that hard. |
|
@djc thanks for pointing that out! Would you be able to look over the updated code, as I had to tweak the "Disable cert validation" logic to work with |
djc
reviewed
Jan 10, 2025
src-tauri/Cargo.toml
Outdated
| @@ -44,8 +44,10 @@ http = "1" | |||
| log = "0.4.21" | |||
| rand = "0.8.5" | |||
| regex = "1.10.2" | |||
| reqwest = { workspace = true, features = ["multipart", "cookies", "gzip", "brotli", "deflate", "json", "native-tls-alpn"] } | |||
| reqwest = { workspace = true, features = ["multipart", "cookies", "gzip", "brotli", "deflate", "json", "rustls-tls"] } | |||
There was a problem hiding this comment.
I think you could save some dependencies by picking rustls-tls-manual-roots-no-provider instead of the default rustls-tls (which pulls in webpki-roots).
There was a problem hiding this comment.
Oh, good one! I didn't notice that one in my autocomplete initially 🙏🏻
| } else { | ||
| // Use rustls to skip validation because rustls_platform_verifier does not have this | ||
| // ability | ||
| client_builder = client_builder |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #85
As mentioned in #85, I didn't want to transition to the Reqwest
rustls-tlsfeature (overnative-tls) because I think it's valuable for Yaak to inherit the OS-native root certificates.However, I discovered that Reqwest has a
rustls-tls-native-certsfeature, which usesrustlsAND pulls certs from the OS. Perfect!Here's a test of it working with https://tls13.1d.pw.