0

picotls

TLS 1.3 implementation in C (master supports RFC8446 as well as draft-26, -27, -28)

Github 资源库
主要指标
  • 所有者: h2o/picotls
  • 平台:
  • 许可证:
  • 分类:
  • 主题:
  • 喜欢:
    0
      比较:

Github星跟踪图

picotls

Build Status

Picotls is a TLS 1.3 (RFC 8446) implementation written in C, with the following features:

  • support for two crypto engines
    • "OpenSSL" backend using libcrypto for crypto and X.509 operations
    • "minicrypto" backend using cifra for most crypto and micro-ecc for secp256r1
  • support for PSK, PSK-DHE resumption using 0-RTT
  • API for dealing directly with TLS handshake messages (essential for QUIC)

Primary goal of the project is to create a fast, tiny TLS 1.3 implementation that can be used with the HTTP/2 protocol stack and possibly the upcoming QUIC stack of the H2O HTTP/2 server.

The TLS protocol ipmlementation of picotls is licensed under the MIT license.

License and the cryptographic algorithms supported by the crypto bindings are as follows:, Binding, License, Key Exchange, Certificate, AEAD cipher, :-----:, :-----:, :-----:, :-----:, :-----:, minicrypto, CC0 / 2-clause BSD, secp256r1, x25519, ECDSA (P256)1, AES-128-GCM, chacha20-poly1305, OpenSSL, OpenSSL, secp256r1, secp384r1, secp521r1, x25519, RSA, ECDSA (P256), AES-128-GCM, chacha20-poly1305, Note 1: Minicrypto binding is capable of signing a handshake using the certificate's key, but cannot verify a signature sent by the peer.

Building picotls

If you have cloned picotls from git then ensure that you have initialised the submodules:

% git submodule init
% git submodule update

Build using cmake:

% cmake .
% make
% make check

A dedicated documentation for using picotls with Visual Studio can be found in WindowsPort.md.

Developer documentation

Developer documentation should be available on the wiki.

Using the cli command

Run the test server (at 127.0.0.1:8443):

% ./cli -c /path/to/certificate.pem -k /path/to/private-key.pem  127.0.0.1 8443

Connect to the test server:

% ./cli 127.0.0.1 8443

Using resumption:

% ./cli -s session-file 127.0.0.1 8443

The session-file is read-write.
The cli server implements a single-entry session cache.
The cli server sends NewSessionTicket when it first sends application data after receiving ClientFinished.

Using early-data:

% ./cli -s session-file -e 127.0.0.1 8443

When -e option is used, client first waits for user input, and then sends CLIENT_HELLO along with the early-data.

License

The software is provided under the MIT license.
Note that additional licences apply if you use the minicrypto binding (see above).

主要指标

概览
名称与所有者h2o/picotls
主编程语言C
编程语言CMake (语言数: 7)
平台
许可证
所有者活动
创建于2016-10-12 05:55:15
推送于2024-12-22 08:11:19
最后一次提交2024-12-22 17:11:19
发布数0
用户参与
星数566
关注者数39
派生数157
提交数2.3k
已启用问题?
问题数152
打开的问题数54
拉请求数327
打开的拉请求数22
关闭的拉请求数68
项目设置
已启用Wiki?
已存档?
是复刻?
已锁定?
是镜像?
是私有?