Fix docs.rs build after doc_auto_cfg stabilization.

What's Changed

• Privatise docsrs cfg flag by @cpu in #2718

• New feature: foundational support for QUIC multipath draft - #2706 thanks to @flub
• Bug fix: avoid long-running TLS1.3 connections from eventually failing with PeerMisbehaved::TooManyKeyUpdateRequests - #2709

What's Changed

• Support encryption for QUIC multipath by @flub in #2706
• Prepare 0.23.33 by @ctz in #2711

New Contributors

• @flub made their first contribution in #2706

Full Changelog: v/0.23.32...v/0.23.33

Support using ML-DSA keys for signing when the aws-lc-rs-unstable feature is enabled.

What's Changed

• ML-DSA signing keys by @djc in #2579

New feature: support verification of P256+SHA512 and P384-SHA512 ECDSA signatures with aws-lc-rs. This is not a recommended combination, but such signatures exist in the wild. Fixes #2661 and #2477.

What's Changed

• Fix docs link errors by @ctz in #2590
• Prepare 0.23.32 by @ctz in #2663

Full Changelog: v/0.23.31...v/0.23.32

• Fixes #2584 -- complete_io() not making progress when used with non-blocking IO. This was a regression in 0.23.30 (now yanked).

What's Changed

• Prepare 0.23.31 by @ctz in #2587

Full Changelog: v/0.23.30...v/0.23.31

• Fixes a bug with the unbuffered connection API that could result in deframing junk data after a close notify alert was received.
• Updates Connection::complete_io() to yield a WouldBlock error when both read/write operations are blocked.

What's Changed

• Clarify the ambiguous process-level CryptoProvider error by @cpu in #2561
• 0.23: cherry-pick of fixes to complete_io() with non-blocking transport by @ctz in #2578
• sign: make public_key_to_spki() public by @djc in #2580
• 0.23.30 release prep & 2575 backport by @cpu in #2576

Full Changelog: v/0.23.29...v/0.23.30

Add unstable support for verifying experimental post-quantum ML-DSA signature schemes.

What's Changed

• post-quantum: add unstable ML-DSA support by @djc in #2550

• Improved errors for invalid signature algorithms; added variants to both CertificateError and CertRevocationError to replace the UnsupportedSignatureAlgorithm variant (now deprecated) in order to provide more context.
• Improved extension representation to increase handshake efficiency.

What's Changed

• Delete unusable no-std ticketer code by @ctz in #2500
• Support _ABSENT_PARAMS PKCS#1 signature algorithms by @ctz in #2505
• Rework representation of extensions in ClientHello by @ctz in #2502
• Rework representation of extensions in server messages by @ctz in #2508
• Reduce small Vec<Enum> uses in extensions by @ctz in #2509
• client: refactor in preparation for PSK support by @djc in #2516
• client: pass all of ClientHelloInput into tls12 handle_server_hello() by @djc in #2518
• client: refactor client handshake some more by @djc in #2521
• Simplify the simpleserver example by using rustls::Stream by @Ten0 in #2522
• Add SignatureSchemes for ML-DSA by @djc in #2532
• add From<Arc<CertifiedKey>> for SingleCertAndKey by @stormshield-gt in #2535
• Memoise computation of empty hash by @ctz in #2538
• Correct calculation of ServerHello ECH confirmation by @ctz in #2545
• Improve compactness of Debug impl for extensions by @ctz in #2546
• Do not retain master secret during terminal key schedule state by @ctz in #2540
• Adopt webpki 0.103.4 by @djc in #2531

• New feature: expose number of TLS1.3 tickets received via ClientConnection::tls13_tickets_received(). Thanks to @Frando.
• New feature: add ClientHello::named_groups() -- see #2484 for background.
• New feature: support for secp256r1mlkem768 key exchange. This is not offered by default, but rustls::crypto::aws_lc_rs::kx_group::SECP256R1MLKEM768 can be added to a custom CryptoProvider::kx_groups. Thanks to @cjpatton.
• Improve error reporting for unsupported signature schemes.

What's Changed

• fuzz: remove Cargo patch for webpki by @cpu in #2450
• Update verifybench test data by @ctz in #2453
• Update dependencies by @djc in #2452
• manual: add a short howto debugging section by @cpu in #2451
• chore(deps): update dependency go to v1.24.3 by @renovate-bot in #2454
• SECURITY.md: temporal updates by @ctz in #2456
• internals: clean up item order around ClientHelloPayload by @djc in #2457
• Small clippy fixes by @cpu in #2458
• Rework clippy setup by @ctz in #2460
• Nightly clippy fixes by @ctz in #2461
• Upgrade to criterion 0.6 by @djc in #2464
• Move some tests about; reduce duplication of test helper code by @ctz in #2462
• Enable more lints on internal crates by @ctz in #2465
• Fix "Format (unstable)" job in CI by @ctz in #2466
• Fix nightly docs by @ctz in #2467
• Support rustls-graviola in rustls-bench by @ctz in #2469
• Fix bug in crypto::aws_lc_rs::pq::hybrid::Layout by @cjpatton in #2470
• Support secp256r1mlkem768 by @ctz in #2471
• Convert more low-level integration tests into unit tests by @ctz in #2472
• Disable clippy::clone_on_ref_ptr lint by @ctz in #2474
• Prefer x.clone() to Arc::clone(&x) by @ctz in #2475
• feat: expose the number of received TLS1.3 resumption tickets by @Frando in #2476
• Convert more low-level integration tests into unit tests by @ctz in #2473
• Eliminate redundant HandshakeMessagePayload::typ field by @ctz in #2478
• Introduce specific error for unsupported signatures by @ctz in #2479
• Take semver-compatible updates by @ctz in #2481
• Further precursor refactors from "Improve TLS extension representation" by @ctz in #2482
• Only include renegotiation SCSV for TLS1.2 attempts by @ctz in #2486
• ci-bench: low-noise benchmarks with rustls-fuzzing-provider by @ctz in #2483
• Expose named_groups extension in ClientHello by @ctz in #2488
• Prepare 0.23.28 by @ctz in #2499

New Contributors

• @cjpatton made their first contribution in #2470
• @Frando made their first contribution in #2476

Full Changelog: v/0.23.27...v/0.23.28

• Add support for connection-level ALPN protocol configuration.
• Improve invalid key purpose errors.
• Prefer post-quantum key exchange algorithms by default.
• Add improved kTLS API.

What's Changed

• Add prefer-post-quantum to default features by @ctz in #2425
• Tighten up decoding of empty messages by @ctz in #2430
• Update Rust crate brotli to v8 by @renovate-bot in #2435
• Update Rust crate brotli-decompressor to v5 by @renovate-bot in #2434
• clarify comments, field and parameter identifiers by @elagergren-spideroak in #2432
• Add support for connection-level ALPN protocol configuration by @djc in #2438
• Improve representation of SNI, ALPN and protocol version extensions by @ctz in #2441
• Update Rust crate nix to 0.30 by @renovate-bot in #2442
• Add kernel connection API by @swlynch99 in #2370
• Improve invalid key purpose errors by @djc in #2426