chore(deps): bump rustls from 0.20.6 to 0.23.1

[dependabot]

Bumps rustls from 0.20.6 to 0.23.1.

Release notes

Sourced from rustls's releases.

0.23.1

• Fix build with aws_lc_rs feature enabled but std feature disabled.
• Fix build for docs.rs.

What's Changed

• docs: update RELEASING to mention running daily-tests by @​cpu in rustls/rustls#1825
• crypto: gate ticketer module on std for aws-lc-rs by @​cpu in rustls/rustls#1824
• Fix docs.rs build by @​ctz in rustls/rustls#1827
• Prepare 0.23.1 by @​ctz in rustls/rustls#1831
• Reorder & tidy imports with rustfmt by @​ctz in rustls/rustls#1577

Full Changelog: rustls/rustls@v/0.23.0...v/0.23.1

0.23.0

• Default cryptography provider changed to [aws-lc-rs]. Note that this has some implications on [platform support and build-time tool requirements][aws-lc-rs-reqs] such as cmake on all platforms and nasm on Windows. Support for ring continues to be available: set the ring crate feature.

• Support for FIPS validated mode with [aws-lc-rs]: see [the manual section][fips-manual] and [aws-lc-rs's FIPS documentation][aws-fips-docs]. Note that aws-lc-rs in FIPS mode has further build-time requirements as detailed in the FIPS documentation. Thanks to the aws-lc-rs for their assistance on this.

• Support for process-wide selection of CryptoProviders. See [the documentation][process-provider]. Note that callers of ClientConfig::builder(), ServerConfig::builder(), WebPkiServerVerifier::builder() and WebPkiClientVerifier::builder() must now ensure that the crate's features are unambiguous or explicitly select a process-level provider using CryptoProvider::install_default(). Otherwise, these calls will panic with:

  no process-level CryptoProvider available -- call CryptoProvider::install_default() before this point

  We recommend that libraries rely on the process-level provider by default, and that applications use this new API to select the provider they wish to use.

• New unbuffered API. [UnbufferedClientConnection] and [UnbufferedServerConnection] offer a [low-level, event-driven API which does not internally buffer data][unbuffered]. Thanks to the team from Ferrous Systems.

• New no_std support. A new (enabled by default) std crate feature now gates all APIs that depend on std. The above [unbuffered] APIs must be used for no_std support. Note that alloc continues to be required. Work is ongoing to reintroduce certain APIs for no_std users (see #1688) -- please file issues for other no_std use cases. Thanks to the team from Ferrous Systems.

• Performance improvement: internal copying while sending data is reduced. Thanks to the team from the Sōzu project.

• Performance improvement: write_vectored now produces less on-the-wire overhead, which will dramatically improve throughput if it is used with a large number of small messages. Thanks to the team from the Sōzu project.

• Acceptor API error handling improvement. If a TLS alert should be sent to inform the peer of a connection failure, this is now made available in the Err() variant returned from [Acceptor::accept] and [Accepted::into_connection] (which is also a breaking change). Applications should write this data to the peer. See the [server_acceptor] example.

• Support for FFDHE key exchange: custom CryptoProviders can now support FFDHE key exchange, in accordance with [RFC7919]. Note that the default providers do not do this. Thanks to the team from Fortanix.

• Support for servers requiring extended_master_secret support from clients. See [ServerConfig::require_ems]. Thanks to the team from Fortanix.

• Extension ordering in ClientHello messages are now randomised as an anti-fingerprinting measure. We do not foresee any interoperability issues [as Chrome has already rolled out the same change][chrome-ext-order]. Thanks to @​GomesGoncalo.

• Breaking change: CipherSuiteCommon::integrity_limit field removed (this was QUIC-specific, it has moved to quic::PacketKey::integrity_limit()).

... (truncated)

Commits

• 546a85d Format imports with cargo +nightly fmt-unstable
• 2d66fe4 Fix name for benchmarking toolchain step
• a473526 Run rustfmt nightly in CI
• b6f283e Ask rustfmt to make our imports consistent
• bce2e5e Prepare 0.23.1
• 69920b0 default_fips_provider(): make visible in docs
• 384b3d6 Avoid fips feature for docs.rs
• 03f52c1 crypto: gate ticketer module on std for aws-lc-rs
• 408a42a docs: update RELEASING to mention running daily-tests
• eb0791b Prepare 0.23.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #436.