mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-12 01:14:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use GitHub table format

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-09-27 11:59:25 +02:00
parent def52c36e5
commit 023987feef
1 changed files with 60 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
docs/architecture/tls13-experimental.md
View File

@ -83,30 +83,32 @@ the handshake with an handshake_failure closure alert.
- Supported ClientHello extensions: - Supported ClientHello extensions:
MVP Prototype | Extension | MVP | Prototype (1) |
(for comparison) | ---------------------------- | ------- | ------------- |
| server_name | no | YES |
| max_fragment_length | no | YES |
| status_request | no | no |
| supported_groups | YES | YES |
| signature_algorithms | YES | YES |
| use_srtp | no | no |
| heartbeat | no | no |
| apln | no | YES |
| signed_certificate_timestamp | no | no |
| client_certificate_type | no | no |
| server_certificate_type | no | no |
| padding | no | no |
| key_share | YES | YES |
| pre_shared_key | no | YES |
| psk_key_exchange_modes | no | YES |
| early_data | no | YES |
| cookie | no | YES |
| supported_versions | YES | YES |
| certificate_authorities | no | no |
| post_handshake_auth | no | no |
| signature_algorithms_cert | no | no |
(1) This is just for comparison.
server_name no YES
max_fragment_length no YES
status_request no no
supported_groups YES YES
signature_algorithms YES YES
use_srtp no no
heartbeat no no
apln no YES
signed_certificate_timestamp no no
client_certificate_type no no
server_certificate_type no no
padding no no
key_share YES YES
pre_shared_key no YES
psk_key_exchange_modes no YES
early_data no YES
cookie no YES
supported_versions YES YES
certificate_authorities no no
post_handshake_auth no no
signature_algorithms_cert no no
- Supported groups: depends on the library configuration. - Supported groups: depends on the library configuration.
Potentially all ECDHE groups: Potentially all ECDHE groups:
@ -126,39 +128,42 @@ the handshake with an handshake_failure closure alert.
modify the configuration for TLS 1.2. Mbed TLS SSL/TLS related features are modify the configuration for TLS 1.2. Mbed TLS SSL/TLS related features are
not supported or not applicable to the TLS 1.3 MVP: not supported or not applicable to the TLS 1.3 MVP:
Supported Comment | Mbed TLS configuration option | Support |
MBEDTLS_SSL_ALL_ALERT_MESSAGES no | ---------------------------------------- | ------- |
MBEDTLS_SSL_ASYNC_PRIVATE no | MBEDTLS_SSL_ALL_ALERT_MESSAGES | no |
MBEDTLS_SSL_CONTEXT_SERIALIZATION no | MBEDTLS_SSL_ASYNC_PRIVATE | no |
MBEDTLS_SSL_DEBUG_ALL no | MBEDTLS_SSL_CONTEXT_SERIALIZATION | no |
MBEDTLS_SSL_ENCRYPT_THEN_MAC n/a | MBEDTLS_SSL_DEBUG_ALL | no |
MBEDTLS_SSL_EXTENDED_MASTER_SECRET n/a | MBEDTLS_SSL_ENCRYPT_THEN_MAC | n/a |
MBEDTLS_SSL_KEEP_PEER_CERTIFICATE no | MBEDTLS_SSL_EXTENDED_MASTER_SECRET | n/a |
MBEDTLS_SSL_RENEGOTIATION n/a | MBEDTLS_SSL_KEEP_PEER_CERTIFICATE | no |
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH no | MBEDTLS_SSL_RENEGOTIATION | n/a |
MBEDTLS_SSL_ALPN no | MBEDTLS_SSL_MAX_FRAGMENT_LENGTH | no |
| | |
| MBEDTLS_SSL_SESSION_TICKETS | no |
| MBEDTLS_SSL_EXPORT_KEYS | no (1) |
| MBEDTLS_SSL_SERVER_NAME_INDICATION | no |
| MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH | no |
| | |
| MBEDTLS_ECP_RESTARTABLE | no |
| MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED | no |
| | |
| MBEDTLS_KEY_EXCHANGE_PSK_ENABLED | n/a (2) |
| MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED | n/a |
| MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED | n/a |
| | |
| MBEDTLS_USE_PSA_CRYPTO | no |
MBEDTLS_SSL_SESSION_TICKETS no (1) Some support has already been upstreamed but it is incomplete.
MBEDTLS_SSL_EXPORT_KEYS no Incomplete support (2) Make sense in TLS 1.3 context but their current definition is TLS 1.2 only.
MBEDTLS_SSL_SERVER_NAME_INDICATION no
MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH no
MBEDTLS_ECP_RESTARTABLE no
MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED no
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED n/a Make sense in TLS 1.3
MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED n/a context but their current
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED n/a definition is TLS 1.2 only.
MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED n/a
MBEDTLS_KEY_EXCHANGE_RSA_ENABLED n/a
MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED n/a
MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED n/a
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED n/a
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED n/a
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED n/a
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED n/a
MBEDTLS_USE_PSA_CRYPTO no
Not in the plan yet but probably necessary for a viable client: Not in the plan yet but probably necessary for a viable client:
- server_name extension - server_name extension