Google Git
Sign in
pigweed / third_party / github / h2o / picotls / 9608603a10fd0fa84da33bebf315e407274d6d9b
commit9608603a10fd0fa84da33bebf315e407274d6d9b[log] [tgz]
authorKazuho Oku <kazuhooku@gmail.com>Tue Sep 28 10:51:54 2021 +0900
committerGitHub <noreply@github.com>Tue Sep 28 10:51:54 2021 +0900
treeabe9f3a1dc1aa8ba5428dbfd5257a520e182a5d1
parent9accdf4af580e2ad883c929f8ca7a4cc58f15379 [diff]
parent1c83c7698b33ffbccd97e6806aa09061e8025e5d [diff]
Merge pull request #365 from h2o/i110/add-quicint-max

define PTLS_QUICINT_MAX and PTLS_QUICINT_LONGEST_STR
tree: abe9f3a1dc1aa8ba5428dbfd5257a520e182a5d1
  1. cmake/
  2. deps/
  3. fuzz/
  4. include/
  5. lib/
  6. misc/
  7. picotls.xcodeproj/
  8. picotlsvs/
  9. src/
  10. t/
  11. .clang-format
  12. .gitignore
  13. .gitmodules
  14. .travis.yml
  15. appveyor.yml
  16. CMakeLists.txt
  17. picotls-probes.d
  18. README.md
  19. WindowsPort.md
README.md

picotls

Build Status

Picotls is a TLS 1.3 (RFC 8446) protocol stack written in C, with the following features:

Primary goal of the project is to create a fast, tiny, low-latency TLS 1.3 implementation that can be used with the HTTP/2 protocol stack and the upcoming QUIC stack of the H2O HTTP/2 server.

The TLS protocol implementation of picotls is licensed under the MIT license.

License and the cryptographic algorithms supported by the crypto bindings are as follows:

BindingLicenseKey ExchangeCertificateAEAD cipher
minicryptoCC0 / 2-clause BSDsecp256r1, x25519ECDSA (secp256r1)1AES-128-GCM, chacha20-poly1305
OpenSSLOpenSSLsecp256r1, secp384r1, secp521r1, x25519RSA, ECDSA (secp256r1, secp384r1, secp521r1), ed25519AES-128-GCM, AES-256-GCM, chacha20-poly1305

Note 1: Minicrypto binding is capable of signing a handshake using the certificate's key, but cannot verify a signature sent by the peer.

Building picotls

If you have cloned picotls from git then ensure that you have initialised the submodules:

% git submodule init
% git submodule update

Build using cmake:

% cmake .
% make
% make check

A dedicated documentation for using picotls with Visual Studio can be found in WindowsPort.md.

Developer documentation

Developer documentation should be available on the wiki.

Using the cli command

Run the test server (at 127.0.0.1:8443):

% ./cli -c /path/to/certificate.pem -k /path/to/private-key.pem  127.0.0.1 8443

Connect to the test server:

% ./cli 127.0.0.1 8443

Using resumption:

% ./cli -s session-file 127.0.0.1 8443

The session-file is read-write. The cli server implements a single-entry session cache. The cli server sends NewSessionTicket when it first sends application data after receiving ClientFinished.

Using early-data:

% ./cli -s session-file -e 127.0.0.1 8443

When -e option is used, client first waits for user input, and then sends CLIENT_HELLO along with the early-data.

License

The software is provided under the MIT license. Note that additional licences apply if you use the minicrypto binding (see above).