4 commits

Author	SHA1	Message	Date
Sergey Frolov	109af06ea2	Adapt uTLS for new TLS 1.3 code	2018-12-05 15:12:21 -07:00
Filippo Valsorda	dc9021e679	crypto/tls: implement TLS 1.3 PSK authentication (client side) ... Also check original certificate validity when resuming TLS 1.0–1.2. Will refuse to resume a session if the certificate is expired or if the original connection had InsecureSkipVerify and the resumed one doesn't. Support only PSK+DHE to protect forward secrecy even with lack of a strong session ticket rotation story. Tested with NSS because s_server does not provide any way of getting the same session ticket key across invocations. Will self-test like TLS 1.0–1.2 once server side is implemented. Incorporates CL 128477 by @santoshankr. Fixes #24919 Updates #9671 Change-Id: Id3eaa5b6c77544a1357668bf9ff255f3420ecc34 Reviewed-on: https://go-review.googlesource.com/c/147420 Reviewed-by: Adam Langley <agl@golang.org>	2018-11-12 20:43:23 +00:00
Filippo Valsorda	2c3ff7ba06	crypto/tls: implement TLS 1.3 client handshake (base) ... Implement a basic TLS 1.3 client handshake, only enabled if explicitly requested with MaxVersion. This CL intentionally leaves for future CLs: - PSK modes and resumption - client authentication - post-handshake messages - downgrade protection - KeyLogWriter support Updates #9671 Change-Id: Ieb6130fb6f25aea4f0d39e3a2448dfc942e1de7a Reviewed-on: https://go-review.googlesource.com/c/146559 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>	2018-11-02 22:07:02 +00:00
Filippo Valsorda	3fdae13d6a	crypto/tls: implement TLS 1.3 cryptographic computations ... Vendors golang.org/x/crypto/hkdf at e84da0312774c21d64ee2317962ef669b27ffb41 Updates #9671 Change-Id: I2610c4a66756e2a6f21f9823dcbe39edd9c9ea21 Reviewed-on: https://go-review.googlesource.com/c/145298 Reviewed-by: Adam Langley <agl@golang.org>	2018-11-02 21:54:52 +00:00