TLSv1.3 from scratch
Pia Andrews Conservatory | Sun 24 Jan 4:40 p.m.–5:25 p.m.
Presented by
-
Joel is a computer scientist with more than 20 years of industry experience, including more than five years working as a Site Reliability Engineer with Google Australia. Over the years he has been is involved in various open source projects, including being an OpenBSD developer for over 10 years, a founder and lead developer for the LibreSSL project and a developer with the Go programming language. Joel has also spent time in academia and holds a PhD in Computer Science.
Abstract
Following the publication of RFC 8446 in August 2018, the LibreSSL project wanted to add support for TLSv1.3. However, rather than shoehorning it into the existing code used by the TLSv1.2 stack, it was decided that the slower approach of developing a new TLS stack from scratch would be preferable. Over the course of a year or so, three people worked for approximately six weeks to produce a TLS stack consisting of just under 7,000 lines of C code.
This talk will look at the design decisions made and approaches taken while implementing a TLS stack from scratch. We'll discuss the challenges of fitting new code into an existing long standing API, along with various problems encountered due to assumptions made in existing open source software, particularly failure modes triggered by changes in API behaviour. Interoperability will be covered, along with approaches to testing complex protocols. We'll also look at some of the pitfalls and implementation complexities that originate from the RFC.
Following the publication of RFC 8446 in August 2018, the LibreSSL project wanted to add support for TLSv1.3. However, rather than shoehorning it into the existing code used by the TLSv1.2 stack, it was decided that the slower approach of developing a new TLS stack from scratch would be preferable. Over the course of a year or so, three people worked for approximately six weeks to produce a TLS stack consisting of just under 7,000 lines of C code. This talk will look at the design decisions made and approaches taken while implementing a TLS stack from scratch. We'll discuss the challenges of fitting new code into an existing long standing API, along with various problems encountered due to assumptions made in existing open source software, particularly failure modes triggered by changes in API behaviour. Interoperability will be covered, along with approaches to testing complex protocols. We'll also look at some of the pitfalls and implementation complexities that originate from the RFC.