TLS 1.3 features in GnuTLS

The new Transport Layer Security (TLS) version, 1.3, changed the way old features should be handled and added new features to the ones that can be implemented by libraries.
The goal of the work is to study cryptographic features used in the real world and to implement some selected features in the GnuTLS library.

New or changed features include:

  • limits on number of resumptions or age of session
  • EdDSA over PKCS#11
  • x25519 and x448 for Elliptic Curve Diffie Hellman (ECDH)
  • signature_algorithms_cert extension
  • Deterministic ECDSA
  • Certificate Transparency