Last year saw the formal release of the TLS 1.3 protocol, the replacement for the long-serving TLS 1.2. Although TLS 1.2 is fundamentally sound, many issues arose. Years of work by IETF specialists have produced RFC 8446; this improves on TLS 1.2 in many ways, giving greatly improved security, privacy, and performance.
The main improvements in TLS 1.3 are these:
- It no longer uses TLS 1.2 algorithms that were found to be vulnerable - only the most secure algorithms are used.
- It encrypts more of the negotiation handshake, providing more privacy for data exchanges. This helps protect the participants' identities and makes traffic analysis difficult.
- Forward secrecy is enabled by default. This means that any compromising of long term secrets used by TLS 1.3 does not allow decryption of data communicated while those secrets were being used. This means current communications stay secure even if future communications get compromised.
- To improve performance, it cuts a complete round trip from the connection establishment handshake. In many use cases, new TLS 1.3 connections are established in one round trip between client and server.
The main features of HCC's TLS 1.3 are these:
- Conforms to the HCC Advanced Embedded Framework.
- Designed for integration with both RTOS and non-RTOS based systems.
- MISRA-compliant. A full MISRA compliance report is provided.
- Designed for microcontrollers, ensuring a low memory footprint.
- Typically uses a standard Sockets interface, allowing easy integration with many embedded applications.
- Conforms to RFC 8446.
- Can be downgraded to TLS 1.2 if required.
- Encrypted handshake and data exchange using Certificate verification.
- Encrypted handshake and data exchange using Pre-shared Key (PSK) verification.
- Session resumption and encrypted data exchange using PSK when first session established via certificate verification or PSK verification.
- Supports HMAC using HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for data encryption.
- Supports TLS 1.3 with TCP/Sockets/Winsock.
- Supports Authenticated Encryption with Associated Data (AEAD). HCC supports all five cipher suites intended for TLS 1.3. These are:
- Handshake/applications are encrypted after ClientHello/ServerHello using HKDF.
- Elliptic Curve Diffie-Hellman (ECDHE) key share is supported for the curves secp256r1, secp384r1 and secp521r1.
- Supports the following signature lists:
- rsa_pkcs1_sha256 (certificate only)
- rsa_pkcs1_sha384 (certificate only)
- rsa_pkcs1_sha512 (certificate only)
- rsa_pkcs1_sha1 (legacy)
- ecdsa_sha1 (legacy)