Cargo Features
Boring has no features set by default.
[dependencies]
boring = { version = "4.11.0", features = ["fips", "fips-compat", "fips-link-precompiled", "rpk", "pq-experimental", "underscore-wildcards", "kx-safe-default", "kx-client-pq-supported", "kx-client-pq-preferred", "kx-client-nist-required"] }
- fips = fips-compat
-
Controlling the build
Use a FIPS-validated version of boringssl.Enables fips of boring-sys
- fips-compat fips?
-
Build with compatibility for the BoringSSL FIPS version, without enabling the
fips
feature itself (useful e.g. iffips-link-precompiled
is used with an older BoringSSL version). - fips-link-precompiled
-
Link with precompiled FIPS-validated
bcm.o
module.Enables fips-link-precompiled of boring-sys
- rpk
-
Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250) This feature is necessary in order to compile the bindings for the default branch of boringSSL. Alternatively, a version of boringSSL that implements the same feature set can be provided by setting
BORING_BSSL{,_FIPS}_SOURCE_PATH
andBORING_BSSL{,_FIPS}_ASSUME_PATCHED
.Enables rpk of boring-sys
- pq-experimental
-
Applies a patch to the boringSSL source code that enables support for PQ key exchange. This feature is necessary in order to compile the bindings for the default branch of boringSSL. Alternatively, a version of boringSSL that implements the same feature set can be provided by setting
BORING_BSSL{,_FIPS}_SOURCE_PATH
andBORING_BSSL{,_FIPS}_ASSUME_PATCHED
.Enables pq-experimental of boring-sys
- underscore-wildcards
-
Applies a patch to enable
ffi::X509_CHECK_FLAG_UNDERSCORE_WILDCARDS
. Same caveats as those forpq-experimental
feature apply.Enables underscore-wildcards of boring-sys
- kx-safe-default kx-client-nist-required? kx-client-pq-preferred? kx-client-pq-supported?
-
Controlling key exchange preferences at compile time
Choose key exchange preferences at compile time. This prevents the user from choosing their own preferences. - kx-client-pq-supported kx-client-pq-preferred? = kx-safe-default
-
Support PQ key exchange. The client will prefer classical key exchange, but will upgrade to PQ key exchange if requested by the server. This is the safest option if you don't know if the peer supports PQ key exchange. This feature implies "kx-safe-default".
- kx-client-pq-preferred = kx-client-pq-supported, kx-safe-default
-
Prefer PQ key exchange. The client will prefer PQ exchange, but fallback to classical key exchange if requested by the server. This is the best option if you know the peer supports PQ key exchange. This feature implies "kx-safe-default" and "kx-client-pq-supported".
- kx-client-nist-required = kx-safe-default
-
Disable key exchange involving non-NIST key exchange on the client side.
Implies "kx-safe-default".