yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add an overview section

Browse source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-09-27 15:36:29 +02:00
parent 847c3580b8
commit f164b6a7ff
1 changed files with 28 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
docs/architecture/tls13-experimental.md
View file

@ -71,12 +71,34 @@ together with their level of testing:
MVP definition MVP definition
-------------- --------------
The TLS 1.3 MVP implements only the client side of the protocol. - Overview
The TLS 1.3 MVP does not support the handling of server HelloRetryRequest and
CertificateRequest messages. If it receives one of those messages, it aborts - The TLS 1.3 MVP implements only the client side of the protocol.
the handshake with an handshake_failure closure alert and the
`mbedtls_ssl_handshake()` returns in error with the - The TLS 1.3 MVP supports ECDHE key establishment.
`MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` error code.
- The TLS 1.3 MVP does not support DHE key establishment.
- The TLS 1.3 MVP does not support pre-shared keys, including any form of
session resumption. This implies that it does not support sending early
data (0-RTT data).
- The TLS 1.3 MVP supports the authentication of the server by the client
but does not support authentication of the client by the server. In terms
of TLS 1.3 authentication messages, this means that the TLS 1.3 MVP
supports the processing of the Certificate and CertificateVerify messages
but not of the CertificateRequest message.
- The TLS 1.3 MVP does not support the handling of server HelloRetryRequest
message. In practice, this means that the handshake will fail if the MVP
does not provide in its ClientHello the shared secret associated to the
group selected by the server for key establishement. For more information,
see the comment associated to the `key_share` extension below.
- If the TLS 1.3 MVP receives a HelloRetryRequest or a CertificateRequest
message, it aborts the handshake with an handshake_failure closure alert
and the `mbedtls_ssl_handshake()` returns in error with the
`MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE` error code.
- Supported cipher suites: depends on the library configuration. Potentially - Supported cipher suites: depends on the library configuration. Potentially
all of them: all of them: