-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merging TLS 1.3 #283
Merging TLS 1.3 #283
Conversation
Could you clarify what the test suite does?
|
The test is for full handshake (1RTT) only at this moment. |
Yes, working on the test suite first would be useful to dive in this large piece. I think I have progress regarding the version incompatibilities. It looks there is a bug when connecting TLS13-enabled client with a SSL3-only server. This works better and starts to test more version combinations: https://gist.github.com/ocheron/5b8ddfa47f2f5216bcea13213ebee688 Two test cases are still failing:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added some comments and questions in the code, please find also global comments here:
hourglass
can be a better choice thantime
to avoid floating-point conversion (hourglass is already used in the test suite and indirectly in x509 packages)- new modules should have header and export lists
Client and Server:
- often there is a sequence of calls encodeHandshake13, updateHandshakeDigest, addHandshakeMessage. This should be captured as a common utility, for example in module Sending13.
- intersection with availableGroups is not needed as this contain all possible values now. Some of it can use availableECGroups instead, but FFDHE is probably not complex to add.
SimpleClient and SimpleServer:
- there should be an option --tls13, but not as default until features still missing are added (and TLS13 is default in library too)
Test cases for four handshakes were added. |
Renegotiation does not exist in TLS 1.3 as you may know.
I don't know key usage. How can I learn it? |
The requirement is listed in RFC 8446 section 4.4.2.2: The certificate MUST allow the key to be used for signing (i.e., the digitalSignature bit MUST be set if the Key Usage extension is present) More is in RFC 5280 section 4.2.1.3. The test case about server key usage can be generalized to TLS13 easily. For client key usage, this is not currently possible because client authentication is not implemented. |
Done. |
Intersections are deleted. |
It appeared that this is an awesome idea. Thanks! |
Done. |
Done. |
I think that I did everything I can. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added a few more comments about the new changes.
Also did you look at my patch for SSLv3 / RSA encryption?
Do you mean this one? https://gist.github.com/ocheron/5b8ddfa47f2f5216bcea13213ebee688 If so, I'm now trying to resolve the two test failures. |
Your patch was applied and the bug of renego has been fixed. |
I'm now trying to implement client authentication to fix CI. |
Great, I think this is already a major achievement and we can merge without client authentication. |
OK. I modified the test to skip TLS 1.3 and merged this PR to |
This is the final difference for TLS 1.3.
I don't intend to merge this PR directly.
Rather, I would like to ask reviewers to give comments.
This is a jumbo patch. I have no idea on how to divide this into smaller pieces.
Comments are welcome.
Meanwhile, I will try to resolve
fixme
s.