Lines Matching +full:no +full:- +full:tls

1 TLS 1.3 support
5 --------
7 Mbed TLS provides a minimum viable implementation of the TLS 1.3 protocol
8 defined in the "MVP definition" section below. The TLS 1.3 support enablement
11 The development of the TLS 1.3 protocol is based on the TLS 1.3 prototype
20 --------------
22 - Overview
24   - The TLS 1.3 MVP implements only the client side of the protocol.
26   - The TLS 1.3 MVP supports ECDHE key establishment.
28   - The TLS 1.3 MVP does not support DHE key establishment.
30   - The TLS 1.3 MVP does not support pre-shared keys, including any form of
32     data (0-RTT data).
34   - The TLS 1.3 MVP supports the authentication of the server by the client
36     of TLS 1.3 authentication messages, this means that the TLS 1.3 MVP
40   - The TLS 1.3 MVP does not support the handling of server HelloRetryRequest
46   - If the TLS 1.3 MVP receives a HelloRetryRequest or a CertificateRequest
51 - Supported cipher suites: depends on the library configuration. Potentially
56 - Supported ClientHello extensions:
59   | ---------------------------- | ------- | ------------- |
61   | max_fragment_length          | no      | YES           |
62   | status_request               | no      | no            |
65   | use_srtp                     | no      | no            |
66   | heartbeat                    | no      | no            |
67   | apln                         | no      | YES           |
68   | signed_certificate_timestamp | no      | no            |
69   | client_certificate_type      | no      | no            |
70   | server_certificate_type      | no      | no            |
71   | padding                      | no      | no            |
73   | pre_shared_key               | no      | YES           |
74   | psk_key_exchange_modes       | no      | YES           |
75   | early_data                   | no      | YES           |
76   | cookie                       | no      | YES           |
78   | certificate_authorities      | no      | no            |
79   | post_handshake_auth          | no      | no            |
80   | signature_algorithms_cert    | no      | no            |
94       currently promoted by Mbed TLS as this applies to TLS 1.2 as well, and
100   (3) The MVP proposes only TLS 1.3 and does not support version negotiation.
101       Out-of-protocol fallback is supported though if the Mbed TLS library
102       has been built to support both TLS 1.3 and TLS 1.2: just set the
105       re-initiate a server handshake.
107 - Supported groups: depends on the library configuration.
113 - Supported signature algorithms (both for certificates and CertificateVerify):
123 - Supported versions: only TLS 1.3, version negotiation is not supported.
125 - Compatibility with existing SSL/TLS build options:
127   The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the
128   sense that when enabling the TLS 1.3 MVP in the library there is no need to
129   modify the configuration for TLS 1.2. Mbed TLS SSL/TLS related features are
130   not supported or not applicable to the TLS 1.3 MVP:
132   | Mbed TLS configuration option            | Support |
133   | ---------------------------------------- | ------- |
134   | MBEDTLS_SSL_ALL_ALERT_MESSAGES           | no      |
135   | MBEDTLS_SSL_ASYNC_PRIVATE                | no      |
136   | MBEDTLS_SSL_CONTEXT_SERIALIZATION        | no      |
137   | MBEDTLS_SSL_DEBUG_ALL                    | no      |
140   | MBEDTLS_SSL_KEEP_PEER_CERTIFICATE        | no      |
142   | MBEDTLS_SSL_MAX_FRAGMENT_LENGTH          | no      |
144   | MBEDTLS_SSL_SESSION_TICKETS              | no      |
145   | MBEDTLS_SSL_EXPORT_KEYS                  | no (1)  |
146   | MBEDTLS_SSL_SERVER_NAME_INDICATION       | no      |
147   | MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH       | no      |
149   | MBEDTLS_ECP_RESTARTABLE                  | no      |
150   | MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED     | no      |
164   | MBEDTLS_USE_PSA_CRYPTO                   | no      |
167   (2) Key exchange configuration options for TLS 1.3 will likely to be
172 - Quality considerations
173   - Standard Mbed TLS review bar
174   - Interoperability testing with OpenSSL and GnuTLS. Test with all the
176   - Negative testing against OpenSSL/GnuTLS servers with which the
178     MVP: TLS 1.2 or 1.1 server, server sending an HelloRetryRequest message in
184 ----------------------------
186 The following summarizes which parts of the TLS 1.3 prototype remain to be
189 - Ephemeral only handshake on client side: client authentication,
192 - Ephemeral only handshake server side.
194 - Pre-shared keys, session resumption and 0-RTT data (both client and server
197 - New TLS Message Processing Stack (MPS)
199   The TLS 1.3 prototype is developed alongside a rewrite of the TLS messaging layer,
200   encompassing low-level details such as record parsing, handshake reassembly, and
204   - Layer 1 (Datagram handling)
205   - Layer 2 (Record handling)
206   - Layer 3 (Message handling)
207   - Layer 4 (Retransmission State Machine)
208   - Reader  (Abstracted pointer arithmetic and reassembly logic for incoming data)
209   - Writer  (Abstracted pointer arithmetic and fragmentation logic for outgoing data)
214   - Reader ([`library/mps_reader.h`](../../library/mps_reader.h))
217 Coding rules checklist for TLS 1.3
218 ----------------------------------
220 The following coding rules are aimed to be a checklist for TLS 1.3 upstreaming
223 (https://tls.mbed.org/kb/development/mbedtls-coding-standards). They have been
225 PR upstreaming the first part of TLS 1.3 ClientHello writing code.
227 TLS 1.3 specific coding rules:
229   - TLS 1.3 specific C modules, headers, static functions names are prefixed
233   - TLS 1.3 specific exported functions, structures and types are
236   - Use TLS1_3 in TLS 1.3 specific macros.
238   - The names of macros and variables related to a field or structure in the
239     TLS 1.3 specification should contain as far as possible the field name as
251   - Regarding vectors that are represented by a length followed by their value
254     - Use `<vector name>_len` for the name of a variable used to compute the
256       vector as defined in the TLS 1.3 specification.
258     - Use `p_<vector_name>_len` for the name of a variable intended to hold
261     - Use `<vector_name>` for the name of a variable intended to hold the
264     - Use `<vector_name>_end` for the name of a variable intended to hold
267     Those idioms should lower the risk of mis-using one of the address in place
278   - Where applicable, use:
279     - the macros to extract a byte from a multi-byte integer MBEDTLS_BYTE_{0-8}.
280     - the macros to write in memory in big-endian order a multi-byte integer
282     - the macros to read from memory a multi-byte integer in big-endian order
284     - the macro to check for space when writing into an output buffer
286     - the macro to check for data when reading from an input buffer
293     The three first types, MBEDTLS_BYTE_{0-8}, MBEDTLS_PUT_UINT{8|16|32|64}_BE
299     reduce the risk of error in the non-completely-trivial arithmetic to
311   - To mitigate what happened here
314     pointer in functions parsing TLS 1.3 data, and for the writing pointer in
316     name `p` has been chosen as it was already widely used in TLS code.
318   - When an TLS 1.3 structure is written or read by a function or as part of
320     it is in the TLS 1.3 specification.
324   - We prefer grouping "related statement lines" by not adding blank lines
342   - Use macros for constants that are used in different functions, different
345     writing TLS handshake message) there is no need to define a macro for it.
349   - When declaring a pointer the dereferencing operator should be prepended to
354   - Maximum line length is 80 characters.
358     - string literals can extend beyond 80 characters as we do not want to
361     - A line can be more than 80 characters by a few characters if just looking
371   - When in successive lines, functions and macros parameters should be aligned
382   - When a function's parameters span several lines, group related parameters