commit	02f0ed67b5be1529b210416c888360f5cf2beec3	[log] [tgz]
author	Kazuho Oku <kazuhooku@gmail.com>	Tue Jan 09 11:00:15 2024 +0900
committer	Kazuho Oku <kazuhooku@gmail.com>	Tue Jan 09 11:00:15 2024 +0900
tree	9bd36ff416c098cc3cc1a0bd48923b1db7eb1bd4
parent	db6dd6652c83a1f28bc7843fa6619a80b7834f51 [diff]
parent	6da7ec9a405767e8f828a74fb784707b78e5539e [diff]

tree: 9bd36ff416c098cc3cc1a0bd48923b1db7eb1bd4

README.md

picotls

Picotls is a TLS 1.3 (RFC 8446) protocol stack written in C, with the following features:

support for three crypto engines
- “OpenSSL” backend using libcrypto for crypto and X.509 operations
- “minicrypto” backend using cifra for most crypto and micro-ecc for secp256r1
- “fusion” AES-GCM engine, optimized for QUIC and other protocols that use short AEAD blocks
- libaegis for the AEGIS AEADs
support for PSK, PSK-DHE resumption using 0-RTT
API for dealing directly with TLS handshake messages (essential for QUIC)
supported extensions:
- RFC 7250 (raw public keys)
- RFC 8879 (certificate compression)
- Encrypted Client Hello (wg-draft-15)

picotls is designed to be fast, tiny, and low-latency, with the primary user being the H2O HTTP/2 server for serving HTTP/1, HTTP/2, and HTTP/3 over QUIC.

The TLS protocol implementation of picotls is licensed under the MIT license.

License and the cryptographic algorithms supported by the crypto bindings are as follows:

Binding	License	Key Exchange	Certificate	AEAD cipher
minicrypto	CC0 / 2-clause BSD	secp256r1, x25519	ECDSA (secp256r1)1	AES-128-GCM, chacha20-poly1305, AEGIS-128L (using libaegis), AEGIS-256 (using libaegis)
OpenSSL	OpenSSL	secp256r1, secp384r1, secp521r1, x25519	RSA, ECDSA (secp256r1, secp384r1, secp521r1), ed25519	AES-128-GCM, AES-256-GCM, chacha20-poly1305, AEGIS-128L (using libaegis), AEGIS-256 (using libaegis)

Note 1: Minicrypto binding is capable of signing a handshake using the certificate's key, but cannot verify a signature sent by the peer.

Building picotls

If you have cloned picotls from git then ensure that you have initialised the submodules:

% git submodule init
% git submodule update

Build using cmake:

% cmake .
% make
% make check

A dedicated documentation for using picotls with Visual Studio can be found in WindowsPort.md.

Developer documentation

Developer documentation should be available on the wiki.

Using the cli command

Run the test server (at 127.0.0.1:8443):

% ./cli -c /path/to/certificate.pem -k /path/to/private-key.pem  127.0.0.1 8443

Connect to the test server:

% ./cli 127.0.0.1 8443

Using resumption:

% ./cli -s session-file 127.0.0.1 8443

The session-file is read-write. The cli server implements a single-entry session cache. The cli server sends NewSessionTicket when it first sends application data after receiving ClientFinished.

Using early-data:

% ./cli -s session-file -e 127.0.0.1 8443

When -e option is used, client first waits for user input, and then sends CLIENT_HELLO along with the early-data.

License

The software is provided under the MIT license. Note that additional licences apply if you use the minicrypto binding (see above).

Reporting Security Issues

Please report vulnerabilities to h2o-vuln@googlegroups.com. See SECURITY.md for more information.