commit | 8a67c857c9a8db88a1aa2bd0bd7958fda71acac7 | [log] [tgz] |
---|---|---|
author | Kazuho Oku <kazuhooku@gmail.com> | Thu Nov 21 16:38:16 2024 +0900 |
committer | GitHub <noreply@github.com> | Thu Nov 21 16:38:16 2024 +0900 |
tree | 15f607e45ed410b1fce9bda097ba447ca6e61635 | |
parent | e7d65c7e7389ea0807d62ae730486532ef655b30 [diff] | |
parent | b0f76730b7e943927a7e4118233df1ab6fefd354 [diff] |
Merge pull request #550 from h2o/kazuho/keyex-invalid-input [add test] returned output should be clean when given invalid input
Picotls is a TLS 1.3 (RFC 8446) protocol stack written in C, with the following features:
picotls is designed to be fast, tiny, and low-latency, with the primary user being the H2O HTTP/2 server for serving HTTP/1, HTTP/2, and HTTP/3 over QUIC.
The TLS protocol implementation of picotls is licensed under the MIT license.
License and the cryptographic algorithms supported by the crypto bindings are as follows:
Binding | License | Key Exchange | Certificate | AEAD cipher |
---|---|---|---|---|
minicrypto | CC0 / 2-clause BSD | secp256r1, x25519 | ECDSA (secp256r1)1 | AES-128-GCM, chacha20-poly1305, AEGIS-128L (using libaegis), AEGIS-256 (using libaegis) |
OpenSSL | OpenSSL | secp256r1, secp384r1, secp521r1, x25519 | RSA, ECDSA (secp256r1, secp384r1, secp521r1), ed25519 | AES-128-GCM, AES-256-GCM, chacha20-poly1305, AEGIS-128L (using libaegis), AEGIS-256 (using libaegis) |
Note 1: Minicrypto binding is capable of signing a handshake using the certificate's key, but cannot verify a signature sent by the peer.
If you have cloned picotls from git then ensure that you have initialised the submodules:
% git submodule init % git submodule update
Build using cmake:
% cmake . % make % make check
A dedicated documentation for using picotls with Visual Studio can be found in WindowsPort.md.
Developer documentation should be available on the wiki.
Run the test server (at 127.0.0.1:8443):
% ./cli -c /path/to/certificate.pem -k /path/to/private-key.pem 127.0.0.1 8443
Connect to the test server:
% ./cli 127.0.0.1 8443
Using resumption:
% ./cli -s session-file 127.0.0.1 8443
The session-file is read-write. The cli server implements a single-entry session cache. The cli server sends NewSessionTicket when it first sends application data after receiving ClientFinished.
Using early-data:
% ./cli -s session-file -e 127.0.0.1 8443
When -e
option is used, client first waits for user input, and then sends CLIENT_HELLO along with the early-data.
The software is provided under the MIT license. Note that additional licences apply if you use the minicrypto binding (see above).
Please report vulnerabilities to h2o-vuln@googlegroups.com. See SECURITY.md for more information.