pico-sdk icon indicating copy to clipboard operation
pico-sdk copied to clipboard
verified publisher icon raspberrypi

Enable TLS1.3

Open martijnvwezel opened this issue 1 month ago • 2 comments

Fixes #2710

Added these files to get TLS1.3 actually working: handshake/session handling + data transfer, and the crypto the PSA bits TLS1.3 needs.

TLS1.3 flow

  • ssl_tls13_client.c — client-side TLS1.3 handshake & state machine (connect, key schedule, etc).
  • ssl_tls13_server.c — server-side TLS1.3 handshake & state machine (accept, resume, keys).
  • ssl_tls13_generic.c — shared TLS1.3 code used by client+server (common handshake steps, key derivation, cipher handling).

Needed crypto stuffc for TLS1.3

  • psa_crypto_driver_wrappers_no_static.c — PSA driver wrapper glue so mbedtls can call platform crypto implementations without static binding.
  • psa_crypto_ffdh.c — finite-field Diffie-Hellman PSA glue (for any non-ECC FFDH needs).
  • psa_crypto_pake.c — PAKE support via PSA (if you need password-authenticated key exchange helpers).
  • psa_util.c — helper utils for PSA integration (common conversions, checks).
  • sha3.c — SHA-3 family implementation — some profiles / ciphersuites or future proofing.

martijnvwezel avatar Oct 29 '25 12:10 martijnvwezel

Awesome, we were having the same issue

fedailyuseinexperiencedata avatar Oct 29 '25 12:10 fedailyuseinexperiencedata

What is the eta for this merge?

martijnED avatar Nov 30 '25 17:11 martijnED