gruberb/ohttp-gateway
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ohttp-gateway/CHANGELOG.md
Bastian Gruber 66d3471a0d
Release v1.0.0: RFC 9458 compliant OHTTP gateway with key configuration fixes 
- Update dependencies to ohttp 0.7.1 and bhttp 0.7.1
- Fix key configuration format to include required 2-byte length prefix per RFC 9458
- Update license to match actual MPL-2.0 license file
- Fix clippy warnings for better code quality
- Add comprehensive CHANGELOG.md for v1.0.0 release

This release provides a production-ready, RFC 9458 compliant OHTTP gateway
with proper key management, security controls, and observability features.
2025-11-23 16:33:09 -04:00

2.5 KiB
Raw Permalink Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.0.0] - 2024-11-23

Added

  • RFC 9458 compliant OHTTP gateway implementation
  • Automatic key rotation with configurable intervals
  • Key management with deterministic and random key generation
  • Comprehensive security middleware with rate limiting
  • Prometheus metrics integration for observability
  • Health check endpoints for monitoring
  • Docker support for containerized deployment
  • Configurable target origin allowlists
  • Request validation and security controls
  • Binary HTTP (BHTTP) message handling
  • HPKE encryption/decryption for OHTTP protocol
  • Graceful shutdown handling
  • Structured logging with JSON support
  • Configuration through environment variables
  • Support for multiple cipher suites (X25519, HKDF-SHA256, AES-128-GCM, ChaCha20-Poly1305)

Fixed

  • BREAKING: Key configuration format now includes required 2-byte length prefix per RFC 9458 Section 3.2
  • Proper handling of key expiration and cleanup
  • Correct OHTTP key configuration encoding with length prefixes
  • Memory safety and thread safety improvements

Technical Details

  • Built with Rust 2024 edition
  • Uses ohttp crate v0.7.1 for RFC 9458 compliance
  • Uses bhttp crate v0.7.1 for binary HTTP message handling
  • Comprehensive test suite with 28+ tests covering all major functionality
  • Production-ready error handling and logging

Dependencies

  • axum 0.7 for HTTP server framework
  • tokio 1.48 for async runtime
  • hyper 1.8 for HTTP implementation
  • reqwest 0.12 for backend HTTP client
  • ohttp 0.7.1 for OHTTP protocol implementation
  • bhttp 0.7.1 for binary HTTP messages
  • prometheus for metrics collection
  • tracing for structured logging
  • chrono for time handling

Security

  • HPKE-based encryption using industry-standard algorithms
  • Request size limits and validation
  • Origin-based access control
  • Rate limiting with configurable thresholds
  • Secure key rotation and management
  • Protection against replay attacks
  • Comprehensive input validation

Performance

  • Connection reuse between relay and gateway
  • Efficient binary HTTP message processing
  • Optimized cryptographic operations
  • Configurable timeouts and limits
  • Memory-efficient key storage

This is the first stable release suitable for production use in OHTTP deployments.