mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-09 12:40:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add comments about key_share and supported_versions support

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-09-27 13:27:21 +02:00
parent 85e51083d8
commit 3160d70049
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/architecture/tls13-experimental.md
View File

@ -99,18 +99,31 @@ the handshake with an handshake_failure closure alert and the
| client_certificate_type | no | no | | client_certificate_type | no | no |
| server_certificate_type | no | no | | server_certificate_type | no | no |
| padding | no | no | | padding | no | no |
| key_share | YES | YES | | key_share | YES (2) | YES |
| pre_shared_key | no | YES | | pre_shared_key | no | YES |
| psk_key_exchange_modes | no | YES | | psk_key_exchange_modes | no | YES |
| early_data | no | YES | | early_data | no | YES |
| cookie | no | YES | | cookie | no | YES |
| supported_versions | YES | YES | | supported_versions | YES (3) | YES |
| certificate_authorities | no | no | | certificate_authorities | no | no |
| post_handshake_auth | no | no | | post_handshake_auth | no | no |
| signature_algorithms_cert | no | no | | signature_algorithms_cert | no | no |
(1) This is just for comparison. (1) This is just for comparison.
(2) The MVP sends one shared secret corresponding to the configured preferred
group. The preferred group is the group of the first curve in the list of
allowed curves as defined by the configuration. By default, it is the
mandatory group as defined by section 9.1 of the specification,
`secp256r1`. The list of allowed curves can be set through the
`mbedtls_ssl_conf_curves()` API.
(3) The MVP proposes only TLS 1.3 and does not support version negociation.
Out-of-protocol fallback is supported though if the Mbed TLS library
has been built to support both TLS 1.3 and TLS 1.2: just set the
maximum of the minor version of the SSL configuration to
MBEDTLS_SSL_MINOR_VERSION_3 (`mbedtls_ssl_conf_min_version()` API) and
re-initiate a server handshake.
- Supported groups: depends on the library configuration. - Supported groups: depends on the library configuration.
Potentially all ECDHE groups: Potentially all ECDHE groups:
@ -121,8 +134,6 @@ the handshake with an handshake_failure closure alert and the
ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512,
rsa_pss_rsae_sha256. rsa_pss_rsae_sha256.
- Supported versions: only TLS 1.3
- Support of Mbed TLS SSL/TLS related (not DTLS) features: - Support of Mbed TLS SSL/TLS related (not DTLS) features:
The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the