mint
mint copied to clipboard
bifurcation
A Minimal TLS 1.3 Implementation in Go
The PSK cipher suite in early data must match the previously established symmetric cipher. From the latest spec (12): 6.3.2.5. Early Data Indication The client specifies the cryptographic configuration for...
Resumption needs to cover the following: - Attempt to resume a connection when the server has expired the session ticket - Attempt to resume a connection when the server does...
If a Read fails on EOF with 0 byte in line 25, it will append the previous buffer again. Solution would be to use `response += string(buffer[:read])`
Right now, most of the API is private (starts with a lower-case letter). We should consider whether it would be useful to expose more lower-layer primitives, e.g., to facilitate testing...
Currently, non-ApplicationData messages after the handshake are ignored. We need to do something with them.
Once we have the ability to configure certificates, we will need to implement the certificate selection algorithm defined in the spec, using SNI, signature_algorithms, and supported_groups.