TLS v1.3 Draft 21 Support in wolfSSL

The TLS v1.3 specification has been evolving over the year and is close to being finalized. Recently the code changes required to support Draft 21 were added to wolfSSL.

Most browsers and servers on the Internet are stuck on Draft 18. This maximizes interoperability and allows for collection of error rate statistics. wolfSSL is able to be compiled to support TLS v1.3 Draft 18 but also the latest draft version. The Draft 21 changes were quite minor but introduced one wire protocol change: a per-ticket nonce.

Resumption in TLS v1.3 is performed with session tickets. The ticket contains enough information to indicate to the server which session is being resumed. Most often the ticket contains self-encrypted session information. Alternatively, the ticket can be a reference into a session database that identifies the client.

Note that in previous drafts, on resumption, the Resumption Master Secret (RMS) from the original connection is used as the Pre-Shared Key (PSK). The PSK is used to derive the secrets for the new handshake. Therefore all handshakes resumed from the same ticket will have the same secrets unless (EC)DH is used.

Draft 21 adds a nonce to the NewSessionTicket message that is used, with the RMS, to securely derive a unique PSK for a resumption handshake. Multiple single-use resumption tickets can now be sent with the same database reference but a different nonce and be deleted on use. Each resumption ticket produces unique secrets and provides forward-secrecy protection if a PSK is compromised.

As noted above, there are not many other implementations of Draft 21 out there. Client and server interoperability testing with OpenSSL though was performed to ensure compatibility.

Most handshakes performed will be by resumption where possible as they are faster than a full handshake. Improving resumption security therefore is a big plus and makes using the latest updates of wolfSSL a must.

If you have any questions or issues with wolfSSL’s TLS 1.3 implementation, please email us at info@wolfssl.com, or our support team at support@wolfssl.com.