mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-18 19:27:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Amend supported groups and signatures based on spec 9.1 section

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2021-09-27 13:36:33 +02:00
parent 3160d70049
commit c3b510f096
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/architecture/tls13-experimental.md
View File

@ -126,13 +126,22 @@ the handshake with an handshake_failure closure alert and the
re-initiate a server handshake.
- Supported groups: depends on the library configuration.
Potentially all ECDHE groups:
secp256r1, secp384r1, secp521r1(0x0019), x25519, x448.
Minimally (as defined in section 9.1 of the TLS 1.3 specification):
secp256r1 and x25519.
- Supported signature algorithms: depends on the library configuration.
Potentially:
ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512,
rsa_pss_rsae_sha256.
Furthermore, depending on the library configuration, potentially:
secp384r1 and secp521r1.
Finite field groups (DHE) are not supported.
- Supported signature algorithms(both for certificates and CertificateVerify):
Minimally (as defined in section 9.1 of the TLS 1.3 specification):
rsa_pkcs1_sha256, rsa_pss_rsae_sha256 and ecdsa_secp256r1_sha256
Furthermore, depending on the library configuration, potentially:
ecdsa_secp384r1_sha384 and ecdsa_secp521r1_sha512
- Supported versions: only TLS 1.3, version negotiation is not supported.
- Support of Mbed TLS SSL/TLS related (not DTLS) features: