Skip to content

refactor(otlp): deprecate tls feature in favor of explicit tls-ring and tls-aws-lc #3323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lalitb merged 1 commit into from
Feb 4, 2026
Merged

refactor(otlp): deprecate tls feature in favor of explicit tls-ring and tls-aws-lc #3323

lalitb merged 1 commit into from
Feb 4, 2026
+21 −14

Conversation

@noahdormann
Copy link
Contributor

@noahdormann noahdormann commented Jan 22, 2026
edited
Loading

The generic tls feature currently enables tonic/tls-ring, which implicitly selects the ring rustls crypto provider.
This makes it difficult or impossible for downstream users to use alternative rustls providers such as aws-lc, and can lead to feature unification conflicts when combined with other TLS-enabled dependencies.

This PR deprecates the generic tls feature and introduces explicit tls-ring and tls-aws-lc features, exposing both underlying tonic TLS options and allowing consumers to consistently select a single rustls crypto provider.

Motivation

Rustls 0.23 requires a single, unambiguous crypto provider (ring or aws-lc).
Because Cargo features are additive, the existing tls feature could silently force ring even when users explicitly opted into aws-lc elsewhere, resulting in runtime panics during TLS initialization.

Providing explicit TLS feature flags avoids this class of failure and aligns with tonic’s provider model.

Changes

  • Deprecate the existing tls feature
  • Introduce:
    • tls-ring → enables tonic/tls-ring
    • tls-aws-lc → enables tonic/tls-aws-lc
  • Update documentation to recommend selecting exactly one TLS feature

Migration

Users currently relying on tls should switch to one of:

features = ["tls-ring"]

or

features = ["tls-aws-lc"]

The deprecated tls feature remains temporarily for compatibility but should not be used in new configurations.

Caveat

The feature tls-roots and tls-webpki-roots can no longer explicitly enable tls. This could lead to issues with users that relied on this impicit feature map.

Merge requirement checklist

  • CONTRIBUTING guidelines followed
  • Unit tests added/updated (if applicable)
  • Appropriate CHANGELOG.md files updated for non-trivial, user-facing changes
  • Changes in public API reviewed (if applicable)

@noahdormann noahdormann requested a review from a team as a code owner January 22, 2026 13:24
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Jan 22, 2026
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

  • ✅ login: noahdormann / name: Noah Dormann (b27be42)

@noahdormann noahdormann mentioned this pull request Jan 22, 2026
Open
@codecov
Copy link

codecov bot commented Jan 22, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.4%. Comparing base (e5f602e) to head (b27be42).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@          Coverage Diff          @@
##            main   #3323   +/-   ##
=====================================
  Coverage   81.4%   81.4%           
=====================================
  Files        128     128           
  Lines      23742   23742           
=====================================
+ Hits       19328   19332    +4     
+ Misses      4414    4410    -4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@cijothomas cijothomas requested a review from lalitb January 30, 2026 01:04
lalitb
lalitb reviewed Feb 3, 2026
View reviewed changes
lalitb
lalitb reviewed Feb 3, 2026
View reviewed changes
Copy link
Member

@lalitb lalitb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, with updated changelog

@lalitb lalitb mentioned this pull request Feb 3, 2026
Closed
4 tasks
@noahdormann
refactor: deprecate tls feature in favor of tls-ring and `tls-aws…
b27be42 
…-lc`

The generic `tls` feature enabled `tonic/tls-ring`, which made it
harder to use alternative rustls crypto providers (e.g. aws-lc).

This change deprecates `tls` and introduces explicit `tls-ring` and
`tls-aws-lc` features so both underlying tonic features are exposed.
@noahdormann
Copy link
Contributor Author

noahdormann commented Feb 4, 2026

@lalitb Thank you for your review. I have amended the commit with the updated changelog.

@lalitb lalitb merged commit 1b7ad3f into open-telemetry:main Feb 4, 2026
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lalitb lalitb lalitb approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@noahdormann @lalitb