37 lines
1.2 KiB
Markdown
37 lines
1.2 KiB
Markdown
|
Experimental TLS 1.3 develpoments
|
||
|
|
=================================
|
||
|
|
|
||
|
|
Overview
|
||
|
|
--------
|
||
|
|
|
||
|
|
Mbed TLS doesn't support the TLS 1.3 protocol yet, but a prototype is in development.
|
||
|
|
Stable parts of this prototype that can be independently tested are being successively
|
||
|
|
upstreamed under the guard of the following macro:
|
||
|
|
|
||
|
|
```
|
||
|
|
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
|
||
|
|
```
|
||
|
|
|
||
|
|
This macro will likely be renamed to `MBEDTLS_SSL_PROTO_TLS1_3` once a minimal viable
|
||
|
|
implementation of the TLS 1.3 protocol is available.
|
||
|
|
|
||
|
|
See the [documentation of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`](../../include/mbedtls/config.h)
|
||
|
|
for more information.
|
||
|
|
|
||
|
|
Status
|
||
|
|
------
|
||
|
|
|
||
|
|
The following lists which parts of the TLS 1.3 prototype have already been upstreamed
|
||
|
|
together with their level of testing:
|
||
|
|
|
||
|
|
* TLS 1.3 record protection mechanisms
|
||
|
|
|
||
|
|
The record protection routines `mbedtls_ssl_{encrypt|decrypt}_buf()` have been extended
|
||
|
|
to support the modified TLS 1.3 record protection mechanism, including modified computation
|
||
|
|
of AAD, IV, and the introduction of a flexible padding.
|
||
|
|
|
||
|
|
Those record protection routines have unit tests in `test_suite_ssl` alongside the
|
||
|
|
tests for the other record protection routines.
|
||
|
|
|
||
|
|
TODO: Add some test vectors from RFC 8448.
|