|
Name |
|
Date |
Size |
#Lines |
LOC |
| .. | | 10-Feb-2022 | - |
| .github/workflows/ | H | 10-Feb-2022 | - | 77 | 67 |
| cmake/ | H | 10-Feb-2022 | - | 41 | 39 |
| deps/ | H | 10-Feb-2022 | - | 61,329 | 53,437 |
| fuzz/ | H | 10-Feb-2022 | - | 336 | 248 |
| include/ | H | 10-Feb-2022 | - | 2,269 | 1,115 |
| lib/ | H | 10-Feb-2022 | - | 11,528 | 9,144 |
| misc/ | H | 10-Feb-2022 | - | 165 | 92 |
| picotls.xcodeproj/ | H | 10-Feb-2022 | - | 1,401 | 1,386 |
| picotlsvs/ | H | 10-Feb-2022 | - | 5,495 | 5,001 |
| src/ | H | 10-Feb-2022 | - | 241 | 202 |
| t/ | H | 10-Feb-2022 | - | 4,459 | 3,638 |
| .clang-format | H A D | 10-Feb-2022 | 168 | 8 | 7 |
| .gitignore | H A D | 10-Feb-2022 | 397 | 33 | 32 |
| .gitmodules | H A D | 10-Feb-2022 | 93 | 4 | 3 |
| README.md | H A D | 10-Feb-2022 | 3.1 KiB | 86 | 65 |
| WindowsPort.md | H A D | 10-Feb-2022 | 1.2 KiB | 35 | 21 |
| appveyor.yml | H A D | 10-Feb-2022 | 551 | 26 | 21 |
| picotls-probes.d | H A D | 10-Feb-2022 | 1.5 KiB | 30 | 7 |
README.md
1picotls
2===
3
4[![CI](https://github.com/h2o/picotls/actions/workflows/ci.yml/badge.svg)](https://github.com/h2o/picotls/actions/workflows/ci.yml)
5
6Picotls is a [TLS 1.3 (RFC 8446)](https://tools.ietf.org/html/rfc8446) protocol stack written in C, with the following features:
7* support for three crypto engines
8 * "OpenSSL" backend using libcrypto for crypto and X.509 operations
9 * "minicrypto" backend using [cifra](https://github.com/ctz/cifra) for most crypto and [micro-ecc](https://github.com/kmackay/micro-ecc) for secp256r1
10 * ["fusion" AES-GCM engine, optimized for QUIC and other protocols that use short AEAD blocks](https://github.com/h2o/picotls/pull/310)
11* support for PSK, PSK-DHE resumption using 0-RTT
12* API for dealing directly with TLS handshake messages (essential for QUIC)
13* supported extensions:
14 * RFC 7250 (raw public keys)
15 * RFC 8879 (certificate compression)
16 * Encrypted SNI (wg-draft-02)
17
18Primary goal of the project is to create a fast, tiny, low-latency TLS 1.3 implementation that can be used with the HTTP/2 protocol stack and the upcoming QUIC stack of the [H2O HTTP/2 server](https://h2o.examp1e.net).
19
20The TLS protocol implementation of picotls is licensed under the MIT license.
21
22License and the cryptographic algorithms supported by the crypto bindings are as follows:
23
24| Binding | License | Key Exchange | Certificate | AEAD cipher |
25|:-----:|:-----:|:-----:|:-----:|:-----:|
26| minicrypto | [CC0](https://github.com/ctz/cifra/) / [2-clause BSD](https://github.com/kmackay/micro-ecc) | secp256r1, x25519 | ECDSA (secp256r1)<sup>1</sup> | AES-128-GCM, chacha20-poly1305 |
27| OpenSSL | OpenSSL | secp256r1, secp384r1, secp521r1, x25519 | RSA, ECDSA (secp256r1, secp384r1, secp521r1), ed25519 | AES-128-GCM, AES-256-GCM, chacha20-poly1305 |
28
29Note 1: Minicrypto binding is capable of signing a handshake using the certificate's key, but cannot verify a signature sent by the peer.
30
31Building picotls
32---
33
34If you have cloned picotls from git then ensure that you have initialised the submodules:
35```
36% git submodule init
37% git submodule update
38```
39
40Build using cmake:
41```
42% cmake .
43% make
44% make check
45```
46
47A dedicated documentation for using picotls with Visual Studio can be found in [WindowsPort.md](WindowsPort.md).
48
49Developer documentation
50---
51
52Developer documentation should be available on [the wiki](https://github.com/h2o/picotls/wiki).
53
54Using the cli command
55---
56
57Run the test server (at 127.0.0.1:8443):
58```
59% ./cli -c /path/to/certificate.pem -k /path/to/private-key.pem 127.0.0.1 8443
60```
61
62Connect to the test server:
63```
64% ./cli 127.0.0.1 8443
65```
66
67Using resumption:
68```
69% ./cli -s session-file 127.0.0.1 8443
70```
71The session-file is read-write.
72The cli server implements a single-entry session cache.
73The cli server sends NewSessionTicket when it first sends application data after receiving ClientFinished.
74
75Using early-data:
76```
77% ./cli -s session-file -e 127.0.0.1 8443
78```
79When `-e` option is used, client first waits for user input, and then sends CLIENT_HELLO along with the early-data.
80
81License
82---
83
84The software is provided under the MIT license.
85Note that additional licences apply if you use the minicrypto binding (see above).
86