Last year saw the formal release of the TLS 1.3 protocol, the replacement for the long-serving TLS 1.2. Although TLS 1.2 is fundamentally sound, many issues arose. Years of work by IETF specialists have produced RFC 8446; this improves on TLS 1.2 in many ways, giving greatly improved security, privacy, and performance.
The main improvements in TLS 1.3 are these:
- It no longer uses TLS 1.2 algorithms that were found to be vulnerable - only the most secure algorithms are used.
- It encrypts more of the negotiation handshake, providing more privacy for data exchanges. This helps protect the participants' identities and makes traffic analysis difficult.
- Forward secrecy is enabled by default. This means that any compromising of long term secrets used by TLS 1.3 does not allow decryption of data communicated while those secrets were being used. This means current communications stay secure even if future communications get compromised.
- To improve performance, it cuts a complete round trip from the connection establishment handshake. In many use cases, new TLS 1.3 connections are established in one round trip between client and server.
The main features of HCC's TLS 1.3 are these:
- Conforms to the HCC Advanced Embedded Framework.
- Designed for integration with both RTOS and non-RTOS based systems.
- MISRA-compliant. A full MISRA compliance report is provided.
- Designed for microcontrollers, ensuring a low memory footprint.
- Typically uses a standard Sockets interface, allowing easy integration with many embedded applications.
- Conforms to RFC 8446.
- Encrypted handshake and data exchange using certificate verification.
- Encrypted handshake and data exchange using Pre-Shared Key (PSK) verification.
- Session resumption and encrypted data exchange using PSK when first session established via certificate verification.
- Session resumption and encrypted data exchange using PSK when first session is established via PSK verification.
- Supports HMAC using HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for data encryption.
- Supports TLS 1.3 with four possible interfaces: HCC's Native TCP/HCC's or other vendor's BSD Sockets/Windows Sockets (Winsock)/RAW interface.
- Supports Authenticated Encryption with Associated Data (AEAD). HCC supports all five cipher suites recommended for TLS 1.3 by the RFC. These are:
- TLS_AES_128_GCM_SHA256 (mandatory)
- Uses HKDF to encrypt handshake/application after ClientHello/ServerHello.
- Supports Elliptic Curve Diffie-Hellman (ECDHE) key share for these curves:
- Supports the following signature lists:
- rsa_pss_rsae_sha256 (both certificate and certificateVerify). This is mandatory.
- rsa_pkcs1_sha256 (as per RFC - certificate only)
- rsa_pkcs1_sha384 (as per RFC - certificate only)
- rsa_pkcs1_sha512 (as per RFC - certificate only)
- rsa_pkcs1_sha1 (legacy)
- ecdsa_sha1 (legacy)