Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for DTLS 1.3 (DTLSv1.3) through SSLContext / SSLEngine #254

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Add support for DTLS 1.3 (DTLSv1.3) through SSLContext / SSLEngine #254

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
36a1057
JNI: add DTLS 1.3 to JNI-only layer
cconlon Oct 14, 2024
372ef97
JSSE: add initial SSLEngine support for DTLSv1.3
cconlon Oct 21, 2024
b00f14e
JNI/JSSE: wrap wolfSSL_DisableExtendedMasterSecret(), add support for…
cconlon Nov 15, 2024
c373b6b
JSSE: wait for wolfSSL_connect/accept() to return success before seei…
cconlon Nov 15, 2024
e82f837
JNI/JSSE: wrap wolfSSL_send_hrr_cookie() in WolfSSLSession.sendHrrCoo…
cconlon Nov 15, 2024
bda5d81
JNI/JSSE: wrap wolfSSL_dtls_get_drop_stats() for use in WolfSSLEngine…
cconlon Feb 5, 2025
8dfd9ae
JSSE: add DTLSv1.3 tests to SSLEngine JUnit test class
cconlon Feb 10, 2025
d245630
JNI: skip throwing Java exceptions from NativeLoggingCallback
cconlon Feb 12, 2025
8449b67
JNI/JSSE: wrap wolfSSL_set_SessionTicket_cb(), add session ticket cal…
cconlon Feb 13, 2025
5d37d5c
JSSE: fix SSLEngine client session storage, store when WolfSSLSession…
cconlon Feb 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -373,9 +373,12 @@ Additional instructions can be found on the wolfSSL.com website:

### JSSE Class Implementation Support

wolfJSSE extends or implements the following JSSE classes:
wolfJSSE extends or implements the following JSSE classes. Note that
SSLContext `DTLSv1.3` support is only supported through the `SSLEngine`
interface.

- javax.net.ssl.SSLContextSpi
- SSL, TLS, DEFAULT, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
- SSL, TLS, DEFAULT, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3, DTLSv1.3
- javax.net.ssl.KeyManagerFactorySpi
- PKIX, X509, SunX509
- javax.net.ssl.TrustManagerFactorySpi
Expand Down Expand Up @@ -531,6 +534,11 @@ are enabled in different ways depending on the JDK implementation. For
Oracle/OpenJDK and variants, this System property enables session tickets and
was added in Java 13. Should be set to "true" to enable.

**jdk.tls.useExtendedMasterSecret (boolean)** - Can be used to enable or
disable the use of the Extended Master Secret (EMS) extension. This extension
is enabled by default, unless explicitly disabled by setting this property to
false.

**wolfjsse.autoSNI (boolean)** - Controls automatic Server Name Indication (SNI)
extension setting based on hostname or peer address. When set to "true", enables
legacy behavior where SNI is automatically configured from hostname/peer information
Expand Down
14 changes: 11 additions & 3 deletions examples/Client.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,10 +222,15 @@ public void run(String[] args) {

/* sort out DTLS versus TLS versions */
if (doDTLS == 1) {
if (sslVersion == 3)
if (sslVersion == 4) {
sslVersion = -3;
}
else if (sslVersion == 3) {
sslVersion = -2;
else
}
else {
sslVersion = -1;
}
}

/* init library */
Expand Down Expand Up @@ -260,6 +265,9 @@ public void run(String[] args) {
case -2:
method = WolfSSL.DTLSv1_2_ClientMethod();
break;
case -3:
method = WolfSSL.DTLSv1_3_ClientMethod();
break;
default:
System.err.println("Bad SSL version");
System.exit(1);
Expand Down Expand Up @@ -786,7 +794,7 @@ void printUsage() {
System.out.println("-d\t\tDisable peer checks");
if (WolfSSL.isEnabledDTLS() == 1)
System.out.println("-u\t\tUse UDP DTLS, add -v 2 for DTLSv1 " +
"(default), -v 3 for DTLSv1.2");
"(default), -v 3 for DTLSv1.2, -v 4 for DTLSv1.3");
System.out.println("-iocb\t\tEnable test I/O callbacks");
System.out.println("-logtest\tEnable test logging callback");
if (WolfSSL.isEnabledOCSP() == 1) {
Expand Down
14 changes: 11 additions & 3 deletions examples/Server.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,10 +209,15 @@ public void run(String[] args) {

/* sort out DTLS versus TLS versions */
if (doDTLS == 1) {
if (sslVersion == 3)
if (sslVersion == 4) {
sslVersion = -3;
}
else if (sslVersion == 3) {
sslVersion = -2;
else
}
else {
sslVersion = -1;
}
}

/* init library */
Expand Down Expand Up @@ -247,6 +252,9 @@ public void run(String[] args) {
case -2:
method = WolfSSL.DTLSv1_2_ServerMethod();
break;
case -3:
method = WolfSSL.DTLSv1_3_ServerMethod();
break;
default:
System.err.println("Bad SSL version");
System.exit(1);
Expand Down Expand Up @@ -683,7 +691,7 @@ void printUsage() {
System.out.println("-s\t\tUse pre shared keys");
if (WolfSSL.isEnabledDTLS() == 1)
System.out.println("-u\t\tUse UDP DTLS, add -v 2 for DTLSv1 (default)" +
", -v 3 for DTLSv1.2");
", -v 3 for DTLSv1.2, -v 4 for DTLSv1.3");
System.out.println("-iocb\t\tEnable test I/O callbacks");
System.out.println("-logtest\tEnable test logging callback");
if (WolfSSL.isEnabledOCSP() == 1) {
Expand Down
Loading