Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: tls 1.3 compliant implementation #1

Open
15 of 42 tasks
viztea opened this issue Sep 25, 2022 · 0 comments
Open
15 of 42 tasks

feat: tls 1.3 compliant implementation #1

viztea opened this issue Sep 25, 2022 · 0 comments
Assignees
@viztea
Labels
help wanted Extra attention is needed
Milestone
v1.0

Comments

@viztea
Copy link
Collaborator

viztea commented Sep 25, 2022
edited
Loading

QUIC embeds the TLS 1.3 handshake protocol for improved security and fewer round-trips

Resources

RFCs:

Implementations:

TODO:

  • Handshake Protocol
    • Client Hello
    • Server Hello
  • Extensions
    • (mandatory) supported_versions
    • (mandatory) cookie
    • (mandatory) signture_algorithms
    • (mandatory) signature_algorithms_cert
    • (mandatory) supported_groups
    • (mandatory) key_share
    • (mandatory) sever_name
    • application_layer_protocol_negotiation
    • certificate_authorities
    • psk_key_exchange_modes
  • Cryptography
    • Cipher Suites
      • (mandatory) TLS_AES_128_GCM_SHA256
        • jvm
        • linux
      • (should) TLS_AES_256_GCM_SHA384
        • jvm
        • linux
      • (should) TLS_CHACHA20_POLY1305_SHA256
        • jvm
        • linux
    • Signature Algorithms
      • rsa_pkcs1_sha256 (must for certificates)
        • jvm
        • linux
      • rsa_pss_rsae_sha256 (must for certificates and CertificateVerify)
        • jvm
        • linux
      • ecdsa_secp256r1_sha256
        • jvm
        • linux
    • Key Exchange Algorithms
      • (mandatory)secp256r1
        • jvm
        • linux
      • (should) x25519
        • jvm
        • linux

In order to actually implement TLS we need to have a cryptography library. The following could be used

  • JVM - could use javax crypto or bouncycastle
  • Linux X64 - could possibly use BoringSSL or WolfSSL

However, I'm currently working on porting Bouncycastle to Kotlin for Multiplatform cryptography.

Note: this todo list is a work in progress, I still need to fully research what I need for a working implementation
@viztea viztea self-assigned this Sep 25, 2022
@viztea viztea added this to the v1.0 milestone Sep 25, 2022
@viztea viztea added the help wanted Extra attention is needed label Sep 25, 2022
@viztea viztea changed the title feat: implement tls 1.3 feat: tls 1.3 compliant implementation Sep 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@viztea viztea

Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
v1.0
Development

No branches or pull requests
1 participant
@viztea