Continuing the discussion from P2P and proxy settings:
I don’t think we can exclude Iroh 0.35 because it is used for “add second device” feature that is not optional. We generally don’t want users to handle backups .tar files manually when possible.
Another huge dependency is OpenSSL, it can be excluded and replaced with Rustls. We currently maintain OpenSSL for compatibility with nauta.cu which has self-signed TLS certificate and algorithms that Rustls refuses to support at all (RSA1024 and SHA1 IIRC). It is used when “strict TLS” is off. However it will still be a problem for users who use such servers and likely not help with packaging efforts because non-vendored OpenSSL is already packaged in all distros.