-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support TLS1.3 and ShangMi Ciphersuites. #35
Conversation
examples/tlcp_server/main.go
Outdated
if err != nil { | ||
log.Println(err) | ||
return nil, err | ||
} | ||
|
||
err = ctx.SetCipherList("ECC-SM2-SM4-CBC-SM3") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
密码套件设置应该来自于命令行参数,这里为啥设置成ECC-SM2-SM4-CBC-SM3,对于TLS协议不生效
examples/tlcp_client/main.go
Outdated
if signCertFile != "" { | ||
signCertPEM, err := os.ReadFile(signCertFile) | ||
if err != nil { | ||
if cipherSuites == "TLS_SM4_GCM_SM3" || cipherSuites == "TLS_SM4_CCM_SM3" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
应该根据协议版本来判断,而不是密码套件,TLS 1.3中不止TLS_SM4_GCM_SM3和TLS_SM4_CCM_SM3这2个密码套件,如果协议版本号大于等于TLS 1.3,使用SetCipherSuites(),否则使用SetCipherList()。
examples/tlcp_server/main.go
Outdated
if err != nil { | ||
log.Println(err) | ||
return nil, err | ||
} | ||
|
||
if cipherSuites == "TLS_SM4_GCM_SM3" || cipherSuites == "TLS_SM4_CCM_SM3" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
同上
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Refactoring and Code Cleanup: Improved code readability by renaming variables to follow Go naming conventions and adding comments for clarity.
TLSv1.3 Support: Added constructors and tests for TLSv1.3 connections, including specific cipher suite configurations.
ShangMi Ciphersuit Support: Added tests for ShangMi Ciphersuit with TLS1.3.
Testing Enhancements: Introduced new tests for various SSL/TLS scenarios, including full-duplex renegotiation and handling a large number of connections.
Version Handling: Updated SSL version constants and methods to support TLSv1.3, and added functionality to set minimum and maximum protocol versions.
Example Updates: Modified example server and client to support dynamic TLS version selection via command-line arguments.