Support TLS1.3 and ShangMi Ciphersuites. #35
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dongbeiouba
requested changes
Oct 10, 2024
examples/tlcp_server/main.go
Outdated
| if err != nil { | ||
| log.Println(err) | ||
| return nil, err | ||
| } | ||
|
|
||
| err = ctx.SetCipherList("ECC-SM2-SM4-CBC-SM3") |
There was a problem hiding this comment.
密码套件设置应该来自于命令行参数,这里为啥设置成ECC-SM2-SM4-CBC-SM3,对于TLS协议不生效
ZBCccc
changed the title
ZBCccc
changed the title
dongbeiouba
requested changes
Oct 10, 2024
examples/tlcp_client/main.go
Outdated
| if signCertFile != "" { | ||
| signCertPEM, err := os.ReadFile(signCertFile) | ||
| if err != nil { | ||
| if cipherSuites == "TLS_SM4_GCM_SM3" || cipherSuites == "TLS_SM4_CCM_SM3" { |
There was a problem hiding this comment.
应该根据协议版本来判断,而不是密码套件,TLS 1.3中不止TLS_SM4_GCM_SM3和TLS_SM4_CCM_SM3这2个密码套件,如果协议版本号大于等于TLS 1.3,使用SetCipherSuites(),否则使用SetCipherList()。
examples/tlcp_server/main.go
Outdated
| if err != nil { | ||
| log.Println(err) | ||
| return nil, err | ||
| } | ||
|
|
||
| if cipherSuites == "TLS_SM4_GCM_SM3" || cipherSuites == "TLS_SM4_CCM_SM3" { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refactoring and Code Cleanup: Improved code readability by renaming variables to follow Go naming conventions and adding comments for clarity.
TLSv1.3 Support: Added constructors and tests for TLSv1.3 connections, including specific cipher suite configurations.
ShangMi Ciphersuit Support: Added tests for ShangMi Ciphersuit with TLS1.3.
Testing Enhancements: Introduced new tests for various SSL/TLS scenarios, including full-duplex renegotiation and handling a large number of connections.
Version Handling: Updated SSL version constants and methods to support TLSv1.3, and added functionality to set minimum and maximum protocol versions.
Example Updates: Modified example server and client to support dynamic TLS version selection via command-line arguments.