On Mon, Jun 29, 2026 at 4:28 PM Simo Sorce <[email protected]> wrote: > > On Mon, 2026-06-29 at 06:39 -0400, Neal Gompa wrote: > > > > This would not qualify, though. AWS' crypto libraries are increasingly > > relied on by third parties. Of particular note, rustls uses it now. > > It is just one of the options, rustls can be used with other libraries, > so this is not a deal breaker.
This is not *entirely* true. rustls (*not acocunting for work that is not available in stable releases yet) has only two primary / built-in cryptography backends; one based on the "ring" crate, and one based on AWS-LC Both are BoringSSL forks. The backend based on AWS-LC is now the default in rustls upstream, because the "ring" crate is more or less unmaintained. Fedora currently only ships the non-default "ring" backend - because the "ring" crate didn't go through the cryptography review when it was added, whereas adding the actively maintained AWS-LC based backend is blocked by it. There *is* onging work in rustls that makes cryptography backends more pluggable (by migrating the previously internal aws-lc and ring backends to the same APIs that external providers use). But even then, the unofficial (!) OpenSSL backend for rustls is still feature-incomplete and probably not usable as a Fedora default as-is. Every time I ask upstream projects to support OpenSSL (better or at all) I get the same response: It's a horrible library to use and we're going to stick with other nicer options unless somebody pays us to care about OpenSSL. And I'm certainly not going to do that - but Red Hat apparently isn't, either. :shrug: Fabio -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
