yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision

Browse source 
TLS1.3: Edit docs to explain not changing curve order.
This commit is contained in:
Dave Rodgman 2021-12-07 11:01:04 +00:00 committed by GitHub
commit d7c091060f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
docs/architecture/tls13-experimental.md
View file

@ -133,17 +133,23 @@ MVP definition
(1) This is just for comparison. (1) This is just for comparison.
(2) The MVP sends one shared secret corresponding to the configured preferred (2) The MVP sends only one shared secret corresponding to the configured
group. The preferred group is the group of the first curve in the list of preferred group. This could end up with connection failure if the
allowed curves as defined by the configuration. The allowed curves are server does not support our preferred curve, as the MVP does not implement
by default ordered as follow: `secp256r1`, `x25519`, `secp384r1` HelloRetryRequest. The preferred group is the group of the first curve in
and finally `secp521r1`. This default order is aligned with the the list of allowed curves as defined by the configuration. The allowed
list of mandatory-to-implement groups (in absence of an application curves are by default ordered as follows: `x25519`, `secp256r1`,
profile standard specifying otherwise) defined in section 9.1 of the `secp384r1` and finally `secp521r1`. Note that, in the absence of an
specification. The list of allowed curves can be changed through the application profile standard specifying otherwise, section 9.1 of the
`mbedtls_ssl_conf_curves()` API. specification rather promotes curve `secp256r1` to be supported over
curve `x25519`. The MVP would, however, rather keep the preference order
currently promoted by Mbed TLS as this applies to TLS 1.2 as well, and
changing the order only for TLS1.3 would be potentially difficult.
In the unlikely event a server does not support curve `x25519` but does
support curve `secp256r1`, curve `secp256r1` can be set as the preferred
curve through the `mbedtls_ssl_conf_curves()` API.
(3) The MVP proposes only TLS 1.3 and does not support version negociation. (3) The MVP proposes only TLS 1.3 and does not support version negotiation.
Out-of-protocol fallback is supported though if the Mbed TLS library Out-of-protocol fallback is supported though if the Mbed TLS library
has been built to support both TLS 1.3 and TLS 1.2: just set the has been built to support both TLS 1.3 and TLS 1.2: just set the
maximum of the minor version of the SSL configuration to maximum of the minor version of the SSL configuration to