Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Complete simplification of key share handling #310

Open
hanno-becker opened this issue Jul 25, 2021 · 0 comments
Open

Complete simplification of key share handling #310

hanno-becker opened this issue Jul 25, 2021 · 0 comments
Assignees
@yuhaoth

Comments

@hanno-becker
Copy link
Collaborator

  • Remove mbedtls_ssl_conf_key_shares_curves()
  • Remove ssl->conf->key_shares_curve_list
  • Introduce a getter ssl_tls13_get_key_share_group() which is used in ClientHello to obtain the ID of the group for which a key share should be generated.
  • As a first approximation, define ssl_tls13_get_key_share_group() as returning the first element of ssl->conf->curves.
  • As a refinement, add a field offered_key_share_group and a configuration function mbedtls_ssl_conf_tls13_default_group() which allows users to set a different group ID than curves[0] for the initial key share.
  • When we finalize support for HRRs requesting different groups, we can then re-set offered_key_share_group to whatever the server prefers, and the next ClientHello will use that.
@yuhaoth yuhaoth self-assigned this Jul 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuhaoth yuhaoth

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yuhaoth @hanno-becker