GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → thekuwayama → tttls1.3

thekuwayama / tttls1.3

Licence: MIT license
TLS 1.3 implementation in Ruby (Tiny Trial TLS1.3 aka tttls1.3)

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

tls13

Projects that are alternatives of or similar to tttls1.3

Tlsfuzzer
SSL and TLS protocol test suite and fuzzer
Stars: ✭ 335 (+2292.86%)
Mutual labels:  tls13
Nginx Ee
Automated Nginx compilation from sources with additional modules support. Compatible with WordOps, EasyEngine & Plesk
Stars: ✭ 132 (+842.86%)
Mutual labels:  tls13
Sslyze
Fast and powerful SSL/TLS scanning library.
Stars: ✭ 2,623 (+18635.71%)
Mutual labels:  tls13
Lsquic
LiteSpeed QUIC and HTTP/3 Library
Stars: ✭ 727 (+5092.86%)
Mutual labels:  tls13
Wolfssl
wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
Stars: ✭ 1,098 (+7742.86%)
Mutual labels:  tls13
Swifttls
A TLS implementation in Swift
Stars: ✭ 144 (+928.57%)
Mutual labels:  tls13
xquic
XQUIC Library released by Alibaba is a cross-platform implementation of QUIC and HTTP/3 protocol.
Stars: ✭ 943 (+6635.71%)
Mutual labels:  tls13
tls13-sm-spec
IETF Internet-Draft (I-D) of Chinese cipher suites in TLSv1.3 and related documentation.
Stars: ✭ 25 (+78.57%)
Mutual labels:  tls13
Tlslite Ng
TLS implementation in pure python, focused on interoperability testing
Stars: ✭ 119 (+750%)
Mutual labels:  tls13
Haproxy
HAProxy Load Balancer's development branch (mirror of git.haproxy.org)
Stars: ✭ 2,463 (+17492.86%)
Mutual labels:  tls13
Docker Nginx Http3
Alpine Linux image with Nginx 1.19.4 (mainline) with HTTP/3 (QUIC), TLSv1.3, 0-RTT, brotli, NJS support, and 10 MB size. All built on the bleeding edge for max performance. Built on the edge, for the edge.
Stars: ✭ 820 (+5757.14%)
Mutual labels:  tls13
Katwebx
An extremely fast static web server and reverse proxy for the modern web.
Stars: ✭ 39 (+178.57%)
Mutual labels:  tls13
Algernon
🎩 Small self-contained pure-Go web server with Lua, Markdown, HTTP/2, QUIC, Redis and PostgreSQL support
Stars: ✭ 1,880 (+13328.57%)
Mutual labels:  tls13
Illustrated Tls13
The Illustrated TLS 1.3 Connection: Every byte explained
Stars: ✭ 372 (+2557.14%)
Mutual labels:  tls13
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (+914.29%)
Mutual labels:  tls13
Wolfmqtt
wolfMQTT is a small, fast, portable MQTT client implementation, including support for TLS 1.3.
Stars: ✭ 316 (+2157.14%)
Mutual labels:  tls13
Atls
A light TLS implementation used for learning: TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 GMSSL 1.1(国密SSL) based on libcrypto.so.
Stars: ✭ 134 (+857.14%)
Mutual labels:  tls13
mos-tls-tunnel
Archived. Check this out https://github.com/IrineSistiana/simple-tls
Stars: ✭ 21 (+50%)
Mutual labels:  tls13
idris2-tls
A portable idris2 implementation of TLS
Stars: ✭ 25 (+78.57%)
Mutual labels:  tls13
V2ray Websocket Tls Web Setup Script
V2Ray-WebSocket ws +TLS 1.3 +Web 搭建/管理脚本
Stars: ✭ 155 (+1007.14%)
Mutual labels:  tls13
View All Similar Projects ➔

tttls1.3

Gem Version Actions Status Maintainability

tttls1.3 is Ruby implementation of TLS 1.3 protocol.

tttls1.3 uses openssl for crypto and X.509 operations.

It is the purpose of this project to understand the TLS 1.3 protocol and implement the TLS 1.3 protocol using Ruby. Backward compatibility and performance are not objective. This gem should not be used for production software.

Features

Client

tttls1.3 provides client API with the following features:

  • Simple 1-RTT Handshake
  • HelloRetryRequest
  • Resumed 0-RTT Handshake (with PSK from NST)

NOT supports certificate with OID RSASSA-PSS, X25519, X448, FFDHE, AES-CCM, Client Authentication, Post-Handshake Authentication, KeyUpdate and external PSKs.

Server

tttls1.3 provides server API with the following features:

  • Simple 1-RTT Handshake
  • HelloRetryRequest

NOT supports certificate with OID RSASSA-PSS, X25519, X448, FFDHE, AES-CCM, Client Authentication, Post-Handshake Authentication, KeyUpdate, external PSKs and Resumed 0-RTT Handshake.

Getting started

tttls1.3 gem is available at rubygems.org. You can install with:

$ gem install tttls1.3

This implementation provides only minimal API, so your code is responsible for the application layer. Roughly, this works as follows:

require 'tttls1.3'

socket = YourTransport.new
client = TTTLS13::Client.new(socket, YOUR_HOSTNAME)
client.connect

client.write(YOUR_MESSAGE)
client.read
client.close
require 'tttls1.3'

socket = YourTransport.new
server = TTTLS13::Server.new(
  socket.accept,
  crt_file: '/path/to/crt/file',
  key_file: '/path/to/key/file'
)
server.accept

server.read
server.write(YOUR_MESSAGE)
server.close

Here are some examples of HTTPS.

Settings

Client

tttls1.3 client is configurable using keyword arguments.

key type default value description
:ca_file String nil Path to the additional root CA certificate files. If not needed to add, set nil.
:cipher_suites Array of TTTLS13::CipherSuite constant TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256 List of cipher suites offered in ClientHello.
:signature_algorithms Array of TTTLS13::SignatureScheme constant ECDSA_SECP256R1_SHA256, ECDSA_SECP384R1_SHA384, ECDSA_SECP521R1_SHA512, RSA_PSS_RSAE_SHA256, RSA_PSS_RSAE_SHA384, RSA_PSS_RSAE_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512 List of signature algorithms offered in ClientHello extensions.
:signature_algorithms_cert Array of TTTLS13::SignatureScheme constant nil List of certificate signature algorithms offered in ClientHello extensions. You can set this to signal the difference between the signature algorithm and :signature_algorithms.
:supported_groups Array of TTTLS13::NamedGroup constant SECP256R1, SECP384R1, SECP521R1 List of named groups offered in ClientHello extensions.
:key_share_groups Array of TTTLS13::NamedGroup constant nil List of named groups offered in KeyShareClientHello. In default, KeyShareClientHello has only a KeyShareEntry of most preferred named group in :supported_groups. You can set this to send KeyShareClientHello that has multiple KeyShareEntry.
:alpn Array of String nil List of application protocols offered in ClientHello extensions. If not needed to be present, set nil.
:process_new_session_ticket Proc nil Proc that processes received NewSessionTicket. Its 3 arguments are TTTLS13::Message::NewSessionTicket, resumption master secret and cipher suite. If not needed to process NewSessionTicket, set nil.
:ticket String nil The ticket for PSK.
:resumption_master_secret String nil The resumption master secret.
:psk_cipher_suite TTTLS13::CipherSuite constant nil The cipher suite for PSK.
:ticket_nonce String nil The ticket_nonce for PSK.
:ticket_age_add String nil The ticket_age_add for PSK.
:ticket_timestamp Integer nil The ticket_timestamp for PSK.
:record_size_limit Integer nil The record_size_limit offerd in ClientHello extensions. If not needed to be present, set nil.
:check_certificate_status Boolean false If needed to check certificate status, set true.
:process_certificate_status Proc TTTLS13::Client.method(:softfail_check_certificate_status) Proc(or Method) that checks received OCSPResponse. Its 3 arguments are OpenSSL::OCSP::Response, end-entity certificate(OpenSSL::X509::Certificate) and certificates chain(Array of Certificate) used for verification and it returns Boolean.
:compress_certificate_algorithms Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant ZLIB The compression algorithms are supported for compressing the Certificate message.
:compatibility_mode Boolean true If needed to send ChangeCipherSpec, set true.
:sslkeylogfile String nil If needed to log SSLKEYLOGFILE, set the file path.
:loglevel Logger constant Logger::WARN If needed to print verbose, set Logger::DEBUG.

Server

tttls1.3 server is configurable using keyword arguments.

key type default value description
:crt_file String nil Path to the certificate file. This is a required setting.
:chain_files Array of String nil Paths to the itermediate certificate files.
:key_file String nil Path to the private key file. This is a required setting.
:cipher_suites Array of TTTLS13::CipherSuite constant TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256 List of supported cipher suites.
:signature_algorithms Array of TTTLS13::SignatureScheme constant ECDSA_SECP256R1_SHA256, ECDSA_SECP384R1_SHA384, ECDSA_SECP521R1_SHA512, RSA_PSS_RSAE_SHA256, RSA_PSS_RSAE_SHA384, RSA_PSS_RSAE_SHA512, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512 List of supported signature algorithms.
:supported_groups Array of TTTLS13::NamedGroup constant SECP256R1, SECP384R1, SECP521R1 List of supported named groups.
:alpn Array of String nil List of supported application protocols. If not needed to check this extension, set nil.
:process_ocsp_response Proc nil Proc that gets OpenSSL::OCSP::Response. If not needed to staple OCSP::Response, set nil.
:compress_certificate_algorithms Array of TTTLS13::Message::Extension::CertificateCompressionAlgorithm constant ZLIB The compression algorithms are supported for compressing the Certificate message.
:compatibility_mode Boolean true If needed to send ChangeCipherSpec, set true.
:sslkeylogfile String nil If needed to log SSLKEYLOGFILE, set the file path.
:loglevel Logger constant Logger::WARN If needed to print verbose, set Logger::DEBUG.

License

The gem is available as open source under the terms of the MIT License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].