[openssl-dev] TLSv1.3
Viktor Dukhovni
openssl-users at dukhovni.org
Sun May 8 16:21:06 UTC 2016
On Sun, May 08, 2016 at 12:15:56PM +0100, Alessandro Ghedini wrote:
> I know that I'm probably getting way ahead of myself here, but I thought it
> would be interesting to start looking into adding TLS 1.3 support to OpenSSL
> (for post 1.1.0 of course).
Even after 1.1.0, TLS 1.3 might not be the highest priority item
on the list. We still need to introduce a suitable read/write
buffer abstraction into OpenSSL and migrate all the code that
serializes and de-serializes data from pointer-arithmetic to
read, write, peek, rewind, clear, ...
operations on suitably abstracted "buffer with offset" objects.
In particular, the ASN.1 code needs to be updated to use safe buffer
management, and the SSL code needs to use a safe buffer API for
both reads and writes. More bits of libcrypto are likely in scope,
for example EVP.
Though much cleanup has already taken place in 1.1.0, we still need
to do more, and I would prefer to see TLS 1.3 rest on more solid
foundations.
--
Viktor.
More information about the openssl-dev
mailing list