starred/rspotify
1
0
Fork 0
mirror of https://github.com/ramsayleung/rspotify.git synced 2026-04-26 16:05:53 +03:00
Code Issues 15 Projects Releases 5 Packages Wiki Activity

[PR #476] [MERGED] security: Disable TLS1.0/1.1 for ureq-native-tls #482

New issue
Closed
opened 2026-02-27 20:24:53 +03:00 by kerem · 0 comments
kerem commented 2026-02-27 20:24:53 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/ramsayleung/rspotify/pull/476
Author: @Property404
Created: 4/3/2024
Status: Merged
Merged: 4/9/2024
Merged by: @ramsayleung

Base: masterHead: Property404/dont_use_old_tls

📝 Commits (1)

  • 0d42dca security: Disable TLS1.0/1.1 for ureq-native-tls

📊 Changes

1 file changed (+5 additions, -1 deletions)

View changed files

📝 rspotify-http/src/ureq.rs (+5 -1)

📄 Description

Description

Explicity opt-out of old TLS versions when using the ureq-native-tls feature. Rust-native-tls enables these outdated TLS versions by default

Motivation and Context

TLS 1.0 and 1.1 have been deprecated since 2021. Enabling TLS 1.0/1.1 has possibility (albeit a low one) of introducing a security vulnerability. All modern clients and servers have supported 1.2 for years, so this should be an issue

Dependencies

None

Type of change

  • [ *] Bug fix (non-breaking change which fixes an issue)

How has this been tested?

Locally only, through cargo-test and cargo-clippy

Is this change properly documented?

Added a short comment explaining reasoning

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/ramsayleung/rspotify/pull/476 **Author:** [@Property404](https://github.com/Property404) **Created:** 4/3/2024 **Status:** ✅ Merged **Merged:** 4/9/2024 **Merged by:** [@ramsayleung](https://github.com/ramsayleung) **Base:** `master` ← **Head:** `Property404/dont_use_old_tls` --- ### 📝 Commits (1) - [`0d42dca`](https://github.com/ramsayleung/rspotify/commit/0d42dca69d7a4547f62659f5a7e27daa226ec1a3) security: Disable TLS1.0/1.1 for ureq-native-tls ### 📊 Changes **1 file changed** (+5 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `rspotify-http/src/ureq.rs` (+5 -1) </details> ### 📄 Description ## Description Explicity opt-out of old TLS versions when using the ureq-native-tls feature. Rust-native-tls enables these outdated TLS versions by default ## Motivation and Context TLS 1.0 and 1.1 have been deprecated since 2021. Enabling TLS 1.0/1.1 has possibility (albeit a low one) of introducing a security vulnerability. All modern clients and servers have supported 1.2 for years, so this should be an issue ## Dependencies None ## Type of change - [ *] Bug fix (non-breaking change which fixes an issue) ## How has this been tested? Locally only, through cargo-test and cargo-clippy ## Is this change properly documented? Added a short comment explaining reasoning --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-02-27 20:24:53 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
ramsay/upgrade-0.16.1
dependabot/cargo/sha2-0.11.0
ramsay/upgrade-to-v0.16
ramsay/deprecate-removed-renamed-field
ramsay/migrate-to-new-endpoint
ramsay/deprecate-removed-endpoints
dependabot/cargo/strum-0.28.0
dependabot/cargo/reqwest-middleware-0.5.1
dependabot/cargo/reqwest-0.13.1
ramsay/upgrade-to-0.15.3
ramsay/upgrade-to-0.15.2
dependabot/cargo/ureq-3.1.2
ramsay/upgrade-dependencies
ramsay/upgrade-to-0.15.1
ramsay/fix-malformed-json
ramsay/upgrade-to-v0.15.0
ramsay/allow-enum-unknown-variant
ramsay/upgrade-to-0.14
ramsay/add_tcplistern_for_callback
ramsay/fix-clippy-error
ramsay/update-doc
ramsay/fix-endless-sequence
ramsay/publish-crate-workflow-test
ramsay/fix-pkce-refresh-token
ramsay/pkce_auth_refresh_token
ramsay_add_test_for_collectionyourepisodes
better-webapp
ramsay_fix_token_expired
percent-search
refresh_token_rwlock
ramsay_convert_result_inside_endpoint
streaming
v0.16.1
v0.16.0
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.0
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.0
v0.11.7
v0.11.6
v0.10.0
v0.11.5
v0.11.5.0
v0.11.4
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.11.5.1
v0.9
v0.9-alpha
Labels
Clear labels   
Stale

   
bug

   
discussion

   
enhancement

   
good first issue

   
good first issue

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question
No labels
Stale
bug
discussion
enhancement
good first issue
good first issue
help wanted
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/rspotify#482
No description provided.