On Mon, Jun 29, 2026 at 4:28 PM Simo Sorce <[email protected]> wrote:
>
> On Mon, 2026-06-29 at 06:39 -0400, Neal Gompa wrote:
> >
> > This would not qualify, though. AWS' crypto libraries are increasingly
> > relied on by third parties. Of particular note, rustls uses it now.
>
> It is just one of the options, rustls can be used with other libraries,
> so this is not a deal breaker.

This is not *entirely* true.

rustls (*not acocunting for work that is not available in stable
releases yet) has only two primary / built-in cryptography backends;
one based on the "ring" crate, and one based on AWS-LC Both are
BoringSSL forks.

The backend based on AWS-LC is now the default in rustls upstream,
because the "ring" crate is more or less unmaintained.

Fedora currently only ships the non-default "ring" backend - because
the "ring" crate didn't go through the cryptography review when it was
added, whereas adding the actively maintained AWS-LC based backend is
blocked by it.

There *is* onging work in rustls that makes cryptography backends more
pluggable (by migrating the previously internal aws-lc and ring
backends to the same APIs that external providers use). But even then,
the unofficial (!) OpenSSL backend for rustls is still
feature-incomplete and probably not usable as a Fedora default as-is.

Every time I ask upstream projects to support OpenSSL (better or at
all) I get the same response: It's a horrible library to use and we're
going to stick with other nicer options unless somebody pays us to
care about OpenSSL. And I'm certainly not going to do that - but Red
Hat apparently isn't, either. :shrug:

Fabio
-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to