cloudflare · johnhurt · Jun 19, 2026
diff --git a/boring-sys/Cargo.toml b/boring-sys/Cargo.toml
@@ -75,6 +75,15 @@ allow-crl-extensions-bad-version = []
 # `BORING_BSSL{,_FIPS}_SOURCE_PATH`.
 underscore-wildcards = []
 
+# Restores the historical BoringSSL default of not enforcing RSA keyUsage
+# during TLS handshakes. BoringSSL 5.x changed `enforce_rsa_key_usage` to
+# `true`, making a client-side RSA leaf whose keyUsage does not include the
+# bit required by the negotiated cipher suite a fatal handshake error
+# (KEY_USAGE_BIT_INCORRECT). Enabling this feature applies a build-time
+# patch that sets the default back to `false`, so RSA keyUsage mismatches
+# are non-fatal. Non-RSA keyUsage enforcement is unaffected.
+relax-rsa-key-usage = []
+
 [build-dependencies]
 bindgen = { workspace = true }
 cmake = { workspace = true }

diff --git a/boring-sys/build/config.rs b/boring-sys/build/config.rs
@@ -22,6 +22,7 @@ pub(crate) struct Features {
     pub(crate) rpk: bool,
     pub(crate) underscore_wildcards: bool,
     pub(crate) allow_crl_extensions_bad_version: bool,
+    pub(crate) relax_rsa_key_usage: bool,
 }
 
 pub(crate) struct Env {
@@ -114,7 +115,9 @@ impl Config {
             );
         }
 
-        let features_with_patches_enabled = self.features.rpk || self.features.underscore_wildcards;
+        let features_with_patches_enabled = self.features.rpk
+            || self.features.underscore_wildcards
+            || self.features.relax_rsa_key_usage;
 
         let patches_required = features_with_patches_enabled && !self.env.assume_patched;
 
@@ -138,6 +141,7 @@ impl Features {
             rpk: cfg!(feature = "rpk"),
             underscore_wildcards: cfg!(feature = "underscore-wildcards"),
             allow_crl_extensions_bad_version: cfg!(feature = "allow-crl-extensions-bad-version"),
+            relax_rsa_key_usage: cfg!(feature = "relax-rsa-key-usage"),
         }
     }
 

diff --git a/boring-sys/build/main.rs b/boring-sys/build/main.rs
@@ -444,12 +444,14 @@ fn ensure_patches_applied(config: &Config) -> io::Result<()> {
         );
         return Ok(());
     } else if config.env.source_path.is_some()
-        && (config.features.rpk || config.features.underscore_wildcards)
+        && (config.features.rpk
+            || config.features.underscore_wildcards
+            || config.features.relax_rsa_key_usage)
     {
         panic!(
             "BORING_BSSL_ASSUME_PATCHED must be set when setting
                BORING_BSSL_SOURCE_PATH and using any of the following
-               features: rpk, underscore-wildcards"
+               features: rpk, underscore-wildcards, relax-rsa-key-usage"
         );
     }
 
@@ -485,6 +487,11 @@ fn ensure_patches_applied(config: &Config) -> io::Result<()> {
         apply_patch(config, "underscore-wildcards.patch")?;
     }
 
+    if config.features.relax_rsa_key_usage {
+        println!("cargo:warning=applying RSA key-usage enforcement relaxation patch");
+        apply_patch(config, "relax-rsa-key-usage-enforcement.patch")?;
+    }
+
     Ok(())
 }
 

diff --git a/boring-sys/patches/relax-rsa-key-usage-enforcement.patch b/boring-sys/patches/relax-rsa-key-usage-enforcement.patch
@@ -0,0 +1,30 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Kevin Bartlett Guthrie <kbg@cloudflare.com>
+Date: Wed, 10 Jun 2026 14:00:00 -0400
+Subject: [PATCH] Default enforce_rsa_key_usage to off
+
+BoringSSL 5.x flipped the SSL_CONFIG default for enforce_rsa_key_usage
+to true. As a client, this makes an RSA leaf whose keyUsage does not
+assert the bit required by the cipher suite a fatal handshake error
+(KEY_USAGE_BIT_INCORRECT) instead of the historical non-fatal behaviour.
+Many real upstream origins serve such certs; OpenSSL and the prior
+BoringSSL pin accepted them. There is no Rust API to relax this per
+connection. Restore the historical default (off) so RSA keyUsage
+mismatches are non-fatal again; non-RSA keyUsage enforcement is
+unaffected.
+---
+diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
+index 89702eaaf..4be64f8a5 100644
+--- a/ssl/ssl_lib.cc
++++ b/ssl/ssl_lib.cc
+@@ -575,7 +575,7 @@ SSL_CONFIG::SSL_CONFIG(SSL *ssl_arg)
+       signed_cert_timestamps_enabled(false),
+       ocsp_stapling_enabled(false),
+       channel_id_enabled(false),
+-      enforce_rsa_key_usage(true),
++      enforce_rsa_key_usage(false),
+       retain_only_sha256_of_client_certs(false),
+       handoff(false),
+       shed_handshake_config(false),
+-- 
+2.39.5