-
Notifications
You must be signed in to change notification settings - Fork 595
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Usage of static ProtocolVersion in handshakes #49
Comments
Also see RFC v1.2: https://tools.ietf.org/html/rfc5246#section-6.2.1 under Confused. |
For TLS1.3 the key thing to note is that
This is going to be much more of an issue for TLS1.1 support -- so I'm leaving it open. |
I see, thanks for clarification. But shouldn't this be v1.0 in case of TLS v1.3? https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-5.2 says:
|
On the wire its 1.0, but internally its 1.3. The translation happens in the message encryption/decryption functions. |
This adds support for verification of ed25519 certificates according to RFC 8410. Implements #49. The test certificate was generated using OpenSSL 1.1.1a, using the following commands (CA.pl is distributed with OpenSSL): openssl genpkey -algorithm ed25519 -outform pem -out root_key.pem openssl req -new -x509 -days 9999 -extensions v3_ca -key root_key.pem \ -inform pem -outform pem -out root_ed25519.pem echo root_ed25519.pem | CA.pl -newca openssl genpkey -algorithm ed25519 -outform pem -out client_key.pem openssl req -new -key client_key.pem -inform pem -outform pem \ -out client_ed25519_csr.pem openssl ca -keyfile ./root_key.pem -days 999 -notext -in \ client_ed25519_csr.pem -out client_ed25519.pem I agree to license my contributions to each file under the terms given at the top of each file I changed.
I noted that the protocol version 1.2 is hard coded in a lot of code for the handshaking (e.g. https://github.com/ctz/rustls/blob/master/src/client_hs.rs#L931).
This looks a bit odd (I'd expect this version to be
sess.common.negotiated_version
as soon asSeverHello
) is transmitted - so I just want to check with you guys if this is ok or it's a bug.The text was updated successfully, but these errors were encountered: