Skip to content
forked from h2o/picotls

TLS 1.3 implementation in C (master supports RFC8446 as well as draft-26, -27, -28)

Notifications You must be signed in to change notification settings

uoenoplab/picotls

This branch is 153 commits behind h2o/picotls:master.

Folders and files

NameName
Last commit message
Last commit date
Nov 15, 2023
Nov 16, 2023
Feb 9, 2023
Aug 13, 2019
Feb 29, 2024
Feb 29, 2024
Dec 2, 2021
Dec 4, 2023
Dec 4, 2022
Feb 29, 2024
Sep 28, 2016
Jul 14, 2022
Sep 28, 2016
Nov 14, 2023
Aug 4, 2023
Sep 28, 2020
Nov 28, 2017
Mar 30, 2021
Dec 8, 2022

Repository files navigation

picotls

CI

Picotls is a TLS 1.3 (RFC 8446) protocol stack written in C, with the following features:

picotls is designed to be fast, tiny, and low-latency, with the primary user being the H2O HTTP/2 server for serving HTTP/1, HTTP/2, and HTTP/3 over QUIC.

The TLS protocol implementation of picotls is licensed under the MIT license.

License and the cryptographic algorithms supported by the crypto bindings are as follows:

Binding License Key Exchange Certificate AEAD cipher
minicrypto CC0 / 2-clause BSD secp256r1, x25519 ECDSA (secp256r1)1 AES-128-GCM, chacha20-poly1305, AEGIS-128L (using libaegis), AEGIS-256 (using libaegis)
OpenSSL OpenSSL secp256r1, secp384r1, secp521r1, x25519 RSA, ECDSA (secp256r1, secp384r1, secp521r1), ed25519 AES-128-GCM, AES-256-GCM, chacha20-poly1305, AEGIS-128L (using libaegis), AEGIS-256 (using libaegis)

Note 1: Minicrypto binding is capable of signing a handshake using the certificate's key, but cannot verify a signature sent by the peer.

Building picotls

If you have cloned picotls from git then ensure that you have initialised the submodules:

% git submodule init
% git submodule update

Build using cmake:

% cmake .
% make
% make check

A dedicated documentation for using picotls with Visual Studio can be found in WindowsPort.md.

Developer documentation

Developer documentation should be available on the wiki.

Using the cli command

Run the test server (at 127.0.0.1:8443):

% ./cli -c /path/to/certificate.pem -k /path/to/private-key.pem  127.0.0.1 8443

Connect to the test server:

% ./cli 127.0.0.1 8443

Using resumption:

% ./cli -s session-file 127.0.0.1 8443

The session-file is read-write. The cli server implements a single-entry session cache. The cli server sends NewSessionTicket when it first sends application data after receiving ClientFinished.

Using early-data:

% ./cli -s session-file -e 127.0.0.1 8443

When -e option is used, client first waits for user input, and then sends CLIENT_HELLO along with the early-data.

License

The software is provided under the MIT license. Note that additional licences apply if you use the minicrypto binding (see above).

Reporting Security Issues

Please report vulnerabilities to h2o-vuln@googlegroups.com. See SECURITY.md for more information.

About

TLS 1.3 implementation in C (master supports RFC8446 as well as draft-26, -27, -28)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 97.5%
  • CMake 1.3%
  • Perl 0.6%
  • DTrace 0.5%
  • Makefile 0.1%
  • PowerShell 0.0%