Add comments about key_share and supported_versions support

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-27 13:27:21 +02:00 · 2021-09-27 13:27:21 +02:00 · 3160d70049
commit 3160d70049
parent 85e51083d8
1 changed files with 15 additions and 4 deletions
--- a/docs/architecture/tls13-experimental.md
+++ b/docs/architecture/tls13-experimental.md
@ -99,18 +99,31 @@ the handshake with an handshake_failure closure alert and the
  | client_certificate_type      | no      | no            |
  | server_certificate_type      | no      | no            |
  | padding                      | no      | no            |
-  | key_share                    | YES     | YES           |
+  | key_share                    | YES (2) | YES           |
  | pre_shared_key               | no      | YES           |
  | psk_key_exchange_modes       | no      | YES           |
  | early_data                   | no      | YES           |
  | cookie                       | no      | YES           |
-  | supported_versions           | YES     | YES           |
+  | supported_versions           | YES (3) | YES           |
  | certificate_authorities      | no      | no            |
  | post_handshake_auth          | no      | no            |
  | signature_algorithms_cert    | no      | no            |

  (1) This is just for comparison.

+  (2) The MVP sends one shared secret corresponding to the configured preferred
+      group. The preferred group is the group of the first curve in the list of
+      allowed curves as defined by the configuration. By default, it is the
+      mandatory group as defined by section 9.1 of the specification,
+      `secp256r1`. The list of allowed curves can be set through the
+      `mbedtls_ssl_conf_curves()` API.
+
+  (3) The MVP proposes only TLS 1.3 and does not support version negociation.
+      Out-of-protocol fallback is supported though if the Mbed TLS library
+      has been built to support both TLS 1.3 and TLS 1.2: just set the
+      maximum of the minor version of the SSL configuration to
+      MBEDTLS_SSL_MINOR_VERSION_3 (`mbedtls_ssl_conf_min_version()` API) and
+      re-initiate a server handshake.

 - Supported groups: depends on the library configuration.
  Potentially all ECDHE groups:
@ -121,8 +134,6 @@ the handshake with an handshake_failure closure alert and the
  ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512,
  rsa_pss_rsae_sha256.

- Supported versions: only TLS 1.3
-
 - Support of Mbed TLS SSL/TLS related (not DTLS) features:

  The TLS 1.3 MVP is compatible with all TLS 1.2 configuration options in the