tls

It would be a nice addition to integrate Minimal windows service stub in Caddy (built for Windows).

At the moment, it is necessary to use for example NSSM to install Caddy as a service on Windows.

See how it becomes much more natural to [install the service and remove it in the case of another project (Gitea) with the Windows tools](https:

The API documentation for KEM decapsulation - EVP_PKEY_decapsulate - suggests that the function returns 0 or a negative value for failure.

However, most PQC KEMs such as those implemented by oqs-provider don't return an error code if decapsulation failed (e.g. due to mod

Right now in different places in the SE codebase there are references to /opt and then as well to /usr.

All SE code should reference one place only. Could someone please create a PR that fixes this.

This PR should also take PR #454 into consideration (no conflicts)

Describe the bug:

Which version are you referring to
3.1dev

We list not all RFCs in ~/doc/ which we refer to in testssl.sh.

List used RFCs: grep RFC -w ./testssl.sh | grep -v TLS_CIPHER | grep RFC | sed 's/^.*RFC/RFC/' | sort -u
List RFCs referred to: grep -w RFC doc/testssl.1

The recommendation is to set Cache-Control: private, no-store on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information out of a client's (unencrypted) HTTP cache. I'm not sure how relevant this is to the API context of step-ca though—I've never seen an HTTP client library that caches content. But I guess the poi

Problem:

A common pattern is:

GUARD(s2n_stuffer_skip_write(stuffer, bytes_to_write));
uint8_t* ptr = suffer->blob.data + stuffer->write_cursor - bytes_to_write;

which could be simplified.

Solution:

*ptr could be an *out parameter to s2n_stuffer_skip_write

• Does this change what S2N sends over the wire? No.
• Does this change any public APIs? No.