-
Notifications
You must be signed in to change notification settings - Fork 700
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ktls: add method to enable TLS1.3 #4331
Conversation
db5e81e
to
5dc64b9
Compare
api/unstable/ktls.h
Outdated
S2N_API int s2n_config_ktls_enable_tls13(struct s2n_config *config); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder if this should have "unsafe" in its name, like s2n_config_ktls_enable_unsafe_tls13. That way it'll be separate from automatically allowing TLS1.3 if we can detect that it's fully supported. But maybe we won't be able to detect that TLS1.3 is fully supported with the eventual patch, maybe applications will always need to manually enable it :/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm I kind of like having unsafe in the name more, but I'm fine with either. It does seem kind of confusing to have a normal-looking API to enable TLS 1.3 that you won't actually need to call to enable TLS 1.3 with the kernel patch (and shouldn't actually call if you think you have a kernel patch, in case you don't).
Not being able to detect TLS 1.3 support in the kernel seems pretty bad, and is something that should probably be addressed in the patch. In the case where it doesn't end up in the patch, it seems like it's still somewhat unsafe to enable TLS 1.3 unless the user is absolutely sure the patch is applied. So maybe the unsafe name would still apply in this case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like your argument for if the patch can't be automatically detected. Good point, that means that it remains unsafe :)
api/unstable/ktls.h
Outdated
S2N_API int s2n_config_ktls_enable_tls13(struct s2n_config *config); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm I kind of like having unsafe in the name more, but I'm fine with either. It does seem kind of confusing to have a normal-looking API to enable TLS 1.3 that you won't actually need to call to enable TLS 1.3 with the kernel patch (and shouldn't actually call if you think you have a kernel patch, in case you don't).
Not being able to detect TLS 1.3 support in the kernel seems pretty bad, and is something that should probably be addressed in the patch. In the case where it doesn't end up in the patch, it seems like it's still somewhat unsafe to enable TLS 1.3 unless the user is absolutely sure the patch is applied. So maybe the unsafe name would still apply in this case?
bebbbc3
to
2954dd9
Compare
Description of changes:
Last step for minimal TLS1.3 ktls support. Because TLS1.3 is dangerous without the KeyUpdate kernel patch, applications should deliberately enable it, separate from enabling ktls.
Hopefully this method will never make it out of the unstable API.
Call-outs:
I made this a config method, rather than a connection method, because it needs to be enabled before ktls is enabled. If I put it on the connection, there will be an ordering foot gun.
Testing:
Unit tests continue to pass with the new mechanism to enable TLS1.3.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.