-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for ECDHE-PSK-AES-GCM/CCM ciphersuites #1729
Labels
component-tls
enhancement
good-first-issue
Good for newcomers
help-wanted
This issue is not being actively worked on, but PRs welcome.
historical-reviewing
Currently reviewing (for legacy PR/issues)
Comments
This is now RFC 8442. +1 for this feature. |
tom-daubney-arm
added
historical-reviewing
Currently reviewing (for legacy PR/issues)
historical-reviewed
Reviewed & agreed to keep legacy PR/issue
and removed
historical-reviewed
Reviewed & agreed to keep legacy PR/issue
labels
Nov 8, 2022
Not sure if this will help bump the priority, but our Gramine project would like this feature to be added to mbedTLS: #8170 (comment) |
mpg
added
help-wanted
This issue is not being actively worked on, but PRs welcome.
good-first-issue
Good for newcomers
labels
Jul 1, 2024
I've added the labels "help-wanted" and "good-first-issue" to indicate that we would welcome a PR for this, and it should not require deep knowledge of the library to achieve. Here's an outline of steps
(And of course see CONTRIBUTING.md.) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
component-tls
enhancement
good-first-issue
Good for newcomers
help-wanted
This issue is not being actively worked on, but PRs welcome.
historical-reviewing
Currently reviewing (for legacy PR/issues)
Description
Enhancement\Feature Request
Add support for the new ciphersuites with ECDHE-PSK key exchange and AEAD encryption from RFC 8442.
Justification - why does the library need this feature?
ECDHE-PSK key exchange can be interesting in a number of constrained scenarios including IoT. It is currently supported by Mbed TLS but the only ciphersuites defined with it use NULL, RC4 or CBC-mode encryption, all of which are deprecated or have issues. The draft adds ciphersuites based on ECDHE-PSK and modern AEAD algorithms such as AES-GCM and AES-CCM.
Support for these ciphersuites would be easy to add to Mbed TLS as we already have all the building blocks.
The text was updated successfully, but these errors were encountered: