yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
mbedtls/docs/architecture/tls13-experimental.md
Hanno Becker 0c3bebfa15 Fix typo in header of TLS 1.3 experimental features document 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-06-02 06:32:43 +01:00

1.2 KiB
Raw Blame History

TLS 1.3 Experimental Developments

Overview

Mbed TLS doesn't support the TLS 1.3 protocol yet, but a prototype is in development. Stable parts of this prototype that can be independently tested are being successively upstreamed under the guard of the following macro:

MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL

This macro will likely be renamed to MBEDTLS_SSL_PROTO_TLS1_3 once a minimal viable implementation of the TLS 1.3 protocol is available.

See the documentation of MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL for more information.

Status

The following lists which parts of the TLS 1.3 prototype have already been upstreamed together with their level of testing:

  • TLS 1.3 record protection mechanisms

    The record protection routines mbedtls_ssl_{encrypt|decrypt}_buf() have been extended to support the modified TLS 1.3 record protection mechanism, including modified computation of AAD, IV, and the introduction of a flexible padding.

    Those record protection routines have unit tests in test_suite_ssl alongside the tests for the other record protection routines.

    TODO: Add some test vectors from RFC 8448.