TLS 1.3: Add support for version negotiation on server side #6867

ronald-cron-arm · 2023-01-03T09:58:36Z

Suggested enhancement

Add support for version negotiation on server side

As for the client side (already implemented) the version negotiation is all around the supported version extension. See section 4.2.1 for what should be done.

Regarding testing, as much as much possible in TLS tests (unit tests and ssl-opt.sh), we should exercise the negotiation and thus not forcing a TLS version on server side.

Justification

Mbed TLS needs this because this is an valuable feature of a TLS 1.3 and TLS 1.2 capable server.

Taowyoo · 2023-01-03T22:58:06Z

Thank you create this
This is also quite necessary in our use case.

ronald-cron-arm added enhancement component-tls component-tls13 size-m Estimated task size: medium (~1w) labels Jan 3, 2023

ronald-cron-arm self-assigned this Feb 9, 2023

ronald-cron-arm mentioned this issue Mar 15, 2023

TLS: TLS 1.2 / 1.3 version negotiation on server side #7288

Merged

3 tasks

daverodgman closed this as completed in #7288 Apr 6, 2023

Taowyoo mentioned this issue Jun 8, 2023

Upgrade mbedtls to 3.5.0-alpha.1+0b3de6f fortanix/rust-mbedtls#213

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TLS 1.3: Add support for version negotiation on server side #6867

TLS 1.3: Add support for version negotiation on server side #6867

ronald-cron-arm commented Jan 3, 2023 •

edited

Loading

Taowyoo commented Jan 3, 2023 •

edited

Loading

TLS 1.3: Add support for version negotiation on server side #6867

TLS 1.3: Add support for version negotiation on server side #6867

Comments

ronald-cron-arm commented Jan 3, 2023 • edited Loading

Suggested enhancement

Justification

Taowyoo commented Jan 3, 2023 • edited Loading

ronald-cron-arm commented Jan 3, 2023 •

edited

Loading

Taowyoo commented Jan 3, 2023 •

edited

Loading