commit	3aa0c156016c5d1290ae5a03f4488264830ec4b1	[log] [tgz]
author	Kazuho Oku <kazuhooku@gmail.com>	Tue Nov 01 13:48:56 2016 +0900
committer	Kazuho Oku <kazuhooku@gmail.com>	Tue Nov 01 13:48:56 2016 +0900
tree	433e910cd55f55ad39afb7f9803e3c30bf50cf2b
parent	287e21a3ad13814d155249c033c4662e4e6d8958 [diff]

commit

3aa0c156016c5d1290ae5a03f4488264830ec4b1

[log] [tgz]

author

Kazuho Oku <kazuhooku@gmail.com>

Tue Nov 01 13:48:56 2016 +0900

committer

Kazuho Oku <kazuhooku@gmail.com>

Tue Nov 01 13:48:56 2016 +0900

tree

433e910cd55f55ad39afb7f9803e3c30bf50cf2b

parent

287e21a3ad13814d155249c033c4662e4e6d8958 [diff]

tree: 433e910cd55f55ad39afb7f9803e3c30bf50cf2b

README.md

picotls

Picotls is a TLS 1.3 implementation written in C.

At the moment, the library implements Draft 18 of the specification. List of supported features are as follows:

public-key exchange: P256
aead cipher: AES128-GCM-SHA256
server-certificates using RSA or ECDSA signatures
PSK and PSK-DHE
early-data

Primary goal of the project is to create a fast, tiny TLS 1.3 implementation that can be used with the HTTP/2 protocol stack and possibly the upcoming QUIC stack of the H2O HTTP/2 server.

The library only implements the communication protocol. Cryptographic operations are delegated to OpenSSL using callbacks. It would be easy to write binding to other crypto engines.

How to

Build using cmake:

% cmake
% make
% make check

Run the test server (at 127.0.0.1:8443):

% ./cli -c /path/to/certificate.pem -k /path/to/private-key.pem  127.0.0.1 8443

Connect to the test server:

% ./cli 127.0.0.1 8443

Using resumption:

% ./cli -s session-file 127.0.0.1 8443

The session-file is read-write. The cli server implements a single-entry session cache. The cli server sends NewSessionTicket when it first sends application data after receiving ClientFinished.

Using early-data:

% ./cli -s session-file -e 127.0.0.1 8443

When -e option is used, client first waits for user input, and then sends CLIENT_HELLO along with the early-data.

License

MIT