From 0c3d17abe079cf05ae49dbfd8c73aada70a615d3 Mon Sep 17 00:00:00 2001
From: Olaf Liebe <olaf.liebe@ollb.de>
Date: Fri, 28 Nov 2025 21:26:59 +0100
Subject: [PATCH 1/2] Extended TLS information available in HandshakeData

---
 quinn-proto/src/crypto/rustls.rs | 51 +++++++++++++++++++++-----------
 quinn/tests/post_quantum.rs      |  2 +-
 2 files changed, 35 insertions(+), 18 deletions(-)

diff --git a/quinn-proto/src/crypto/rustls.rs b/quinn-proto/src/crypto/rustls.rs
index 48891fd88f..600852f0ec 100644
--- a/quinn-proto/src/crypto/rustls.rs
+++ b/quinn-proto/src/crypto/rustls.rs
@@ -6,10 +6,8 @@ use bytes::BytesMut;
 #[cfg(feature = "ring")]
 use ring::aead;
 pub use rustls::Error;
-#[cfg(feature = "__rustls-post-quantum-test")]
-use rustls::NamedGroup;
 use rustls::{
-    self, CipherSuite,
+    self, CipherSuite, ProtocolVersion, NamedGroup, HandshakeKind,
     client::danger::ServerCertVerifier,
     pki_types::{CertificateDer, PrivateKeyDer, ServerName},
     quic::{Connection, HeaderProtectionKey, KeyChange, PacketKey, Secrets, Suite, Version},
@@ -61,19 +59,31 @@ impl crypto::Session for TlsSession {
         if !self.got_handshake_data {
             return None;
         }
-        Some(Box::new(HandshakeData {
-            protocol: self.inner.alpn_protocol().map(|x| x.into()),
-            server_name: match self.inner {
-                Connection::Client(_) => None,
-                Connection::Server(ref session) => session.server_name().map(|x| x.into()),
+
+        let data = match &self.inner {
+            Connection::Client(conn) => {
+                HandshakeData {
+                    protocol: conn.alpn_protocol().map(|x| x.into()),
+                    server_name: None,
+                    protocol_version: conn.protocol_version(),
+                    negotiated_cipher_suite: conn.negotiated_cipher_suite().map(|s| s.suite()),
+                    negotiated_key_exchange_group: conn.negotiated_key_exchange_group().map(|g| g.name()),
+                    handshake_kind: conn.handshake_kind(),
+                }
             },
-            #[cfg(feature = "__rustls-post-quantum-test")]
-            negotiated_key_exchange_group: self
-                .inner
-                .negotiated_key_exchange_group()
-                .expect("key exchange group is negotiated")
-                .name(),
-        }))
+            Connection::Server(conn) => {
+                HandshakeData {
+                    protocol: conn.alpn_protocol().map(|x| x.into()),
+                    server_name: conn.server_name().map(|x| x.into()),
+                    protocol_version: conn.protocol_version(),
+                    negotiated_cipher_suite: conn.negotiated_cipher_suite().map(|s| s.suite()),
+                    negotiated_key_exchange_group: conn.negotiated_key_exchange_group().map(|g| g.name()),
+                    handshake_kind: conn.handshake_kind(),
+                }
+            }
+        };
+
+        Some(Box::new(data))
     }
 
     /// For the rustls `TlsSession`, the `Any` type is `Vec<rustls::pki_types::CertificateDer>`
@@ -266,9 +276,16 @@ pub struct HandshakeData {
     ///
     /// Always `None` for outgoing connections
     pub server_name: Option<String>,
+    /// Retrieves the protocol version agreed with the peer
+    pub protocol_version: Option<ProtocolVersion>,
+    /// Retrieves the ciphersuite agreed with the peer.
+    pub negotiated_cipher_suite: Option<CipherSuite>,
     /// The key exchange group negotiated with the peer
-    #[cfg(feature = "__rustls-post-quantum-test")]
-    pub negotiated_key_exchange_group: NamedGroup,
+    pub negotiated_key_exchange_group: Option<NamedGroup>,
+    /// Which kind of handshake was performed.
+    /// This tells you whether the handshake was a resumption or not.
+    /// This will return `None` before it is known which sort of handshake occurred.
+    pub handshake_kind: Option<HandshakeKind>,
 }
 
 /// A QUIC-compatible TLS client configuration
diff --git a/quinn/tests/post_quantum.rs b/quinn/tests/post_quantum.rs
index 8983794b1a..de00abfc27 100644
--- a/quinn/tests/post_quantum.rs
+++ b/quinn/tests/post_quantum.rs
@@ -51,7 +51,7 @@ async fn check_post_quantum_key_exchange(min_mtu: u16) {
                 .downcast::<HandshakeData>()
                 .unwrap()
                 .negotiated_key_exchange_group,
-            NamedGroup::X25519MLKEM768
+            Some(NamedGroup::X25519MLKEM768)
         )
     });
 

From 8419f0f1b027527fabe9f6d3014d184db4417723 Mon Sep 17 00:00:00 2001
From: Olaf Liebe <olaf.liebe@ollb.de>
Date: Fri, 28 Nov 2025 22:17:56 +0100
Subject: [PATCH 2/2] Fix for the formatting lint

---
 quinn-proto/src/crypto/rustls.rs | 40 ++++++++++++++++----------------
 1 file changed, 20 insertions(+), 20 deletions(-)

diff --git a/quinn-proto/src/crypto/rustls.rs b/quinn-proto/src/crypto/rustls.rs
index 600852f0ec..6f65d12fc0 100644
--- a/quinn-proto/src/crypto/rustls.rs
+++ b/quinn-proto/src/crypto/rustls.rs
@@ -7,7 +7,7 @@ use bytes::BytesMut;
 use ring::aead;
 pub use rustls::Error;
 use rustls::{
-    self, CipherSuite, ProtocolVersion, NamedGroup, HandshakeKind,
+    self, CipherSuite, HandshakeKind, NamedGroup, ProtocolVersion,
     client::danger::ServerCertVerifier,
     pki_types::{CertificateDer, PrivateKeyDer, ServerName},
     quic::{Connection, HeaderProtectionKey, KeyChange, PacketKey, Secrets, Suite, Version},
@@ -61,26 +61,26 @@ impl crypto::Session for TlsSession {
         }
 
         let data = match &self.inner {
-            Connection::Client(conn) => {
-                HandshakeData {
-                    protocol: conn.alpn_protocol().map(|x| x.into()),
-                    server_name: None,
-                    protocol_version: conn.protocol_version(),
-                    negotiated_cipher_suite: conn.negotiated_cipher_suite().map(|s| s.suite()),
-                    negotiated_key_exchange_group: conn.negotiated_key_exchange_group().map(|g| g.name()),
-                    handshake_kind: conn.handshake_kind(),
-                }
+            Connection::Client(conn) => HandshakeData {
+                protocol: conn.alpn_protocol().map(|x| x.into()),
+                server_name: None,
+                protocol_version: conn.protocol_version(),
+                negotiated_cipher_suite: conn.negotiated_cipher_suite().map(|s| s.suite()),
+                negotiated_key_exchange_group: conn
+                    .negotiated_key_exchange_group()
+                    .map(|g| g.name()),
+                handshake_kind: conn.handshake_kind(),
+            },
+            Connection::Server(conn) => HandshakeData {
+                protocol: conn.alpn_protocol().map(|x| x.into()),
+                server_name: conn.server_name().map(|x| x.into()),
+                protocol_version: conn.protocol_version(),
+                negotiated_cipher_suite: conn.negotiated_cipher_suite().map(|s| s.suite()),
+                negotiated_key_exchange_group: conn
+                    .negotiated_key_exchange_group()
+                    .map(|g| g.name()),
+                handshake_kind: conn.handshake_kind(),
             },
-            Connection::Server(conn) => {
-                HandshakeData {
-                    protocol: conn.alpn_protocol().map(|x| x.into()),
-                    server_name: conn.server_name().map(|x| x.into()),
-                    protocol_version: conn.protocol_version(),
-                    negotiated_cipher_suite: conn.negotiated_cipher_suite().map(|s| s.suite()),
-                    negotiated_key_exchange_group: conn.negotiated_key_exchange_group().map(|g| g.name()),
-                    handshake_kind: conn.handshake_kind(),
-                }
-            }
         };
 
         Some(Box::new(data))