Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bindings(s2n-tls): fix pq feature #4887

Open
jmayclin opened this issue Nov 12, 2024 · 0 comments
Open

bindings(s2n-tls): fix pq feature #4887

jmayclin opened this issue Nov 12, 2024 · 0 comments
Labels
priority/low Rank 4 s2n-core team size/small

Comments

@jmayclin
Copy link
Contributor

jmayclin commented Nov 12, 2024
edited
Loading

Problem:

The pq feature is misleading for the s2n-tls and s2n-tls-sys crates.

The only functionality gated behind this feature is the definition of a few pq policies.

s2n-tls/bindings/rust/s2n-tls/src/security.rs

Lines 108 to 112 in 8dd4815

#[cfg(feature = "pq")]
pub const TESTING_PQ: Policy = policy!("PQ-TLS-1-0-2021-05-26");
#[cfg(feature = "pq")]
pub const DEFAULT_PQ: Policy = policy!("default_pq");

This is misleading because customer might see that the pq feature is off by default and conclude that PQ isn't supported by default.

However, PQ functionality/cryptography are available by default from aws-lc.

Solution:

I think the PQ feature should be removed from s2n-tls-sys and s2n-tls.

There is currently no meaningful functionality to be gated behind the PQ feature. In the future it might be useful to gate certain tests, but I think this could be more simply handled with a runtime feature probe or a env variable.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/low Rank 4 s2n-core team size/small
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lrstewart @jmayclin @dougch