adds support to tls 1.3

Author: moisesguimaraes

examples/client.py

@@ -53,8 +53,8 @@ def build_arg_parser():
     )
 
     parser.add_argument(
-        "-v", metavar="version", type=int, choices=[0, 1, 2, 3], default=3,
-        help="SSL version [0-3], SSLv3(0) - TLS1.2(3)), default 3"
+        "-v", metavar="version", type=int, choices=[0, 1, 2, 3, 4], default=4,
+        help="SSL version [0-4] (SSLv3, TLSv1, TLSv1.1, TLSv1.2, SSLv23)"
     )
 
     parser.add_argument(
@@ -95,7 +95,8 @@ def get_method(index):
         wolfssl.PROTOCOL_SSLv3,
         wolfssl.PROTOCOL_TLSv1,
         wolfssl.PROTOCOL_TLSv1_1,
-        wolfssl.PROTOCOL_TLSv1_2
+        wolfssl.PROTOCOL_TLSv1_2,
+        wolfssl.PROTOCOL_SSLv23
     )[index]
 
 

examples/server.py

@@ -48,8 +48,8 @@ def build_arg_parser():
     )
 
     parser.add_argument(
-        "-v", metavar="version", type=int, choices=[0, 1, 2, 3], default=3,
-        help="SSL version [0-3], SSLv3(0) - TLS1.2(3)), default 3"
+        "-v", metavar="version", type=int, choices=[0, 1, 2, 3, 4], default=4,
+        help="SSL version [0-4] (SSLv3, TLSv1, TLSv1.1, TLSv1.2, SSLv23)"
     )
 
     parser.add_argument(
@@ -95,7 +95,8 @@ def get_method(index):
         wolfssl.PROTOCOL_SSLv3,
         wolfssl.PROTOCOL_TLSv1,
         wolfssl.PROTOCOL_TLSv1_1,
-        wolfssl.PROTOCOL_TLSv1_2
+        wolfssl.PROTOCOL_TLSv1_2,
+        wolfssl.PROTOCOL_SSLv23
     )[index]
 
 

src/wolfssl/_build_ffi.py

@@ -57,11 +57,15 @@
     /**
      * SSL/TLS Method functions
      */
-    void* wolfSSLv23_server_method(void);
-    void* wolfSSLv23_client_method(void);
+    void* wolfTLSv1_1_server_method(void);
+    void* wolfTLSv1_1_client_method(void);
+
     void* wolfTLSv1_2_server_method(void);
     void* wolfTLSv1_2_client_method(void);
 
+    void* wolfSSLv23_server_method(void);
+    void* wolfSSLv23_client_method(void);
+
     /**
      * SSL/TLS Context functions
      */

src/wolfssl/_build_wolfssl.py

@@ -115,6 +115,10 @@ def make_flags(prefix):
 
     # lib only
     flags.append("--disable-shared")
+    flags.append("--disable-examples")
+
+    # tls 1.3
+    flags.append("--enable-tls13")
 
     return " ".join(flags)
 

src/wolfssl/_methods.py

@@ -63,7 +63,9 @@ def __init__(self, protocol, server_side):
             raise ValueError("this protocol is not supported")
 
         elif protocol == PROTOCOL_TLSv1_1:
-            raise ValueError("this protocol is not supported")
+            self.native_object =                                     \
+                _lib.wolfTLSv1_1_server_method() if server_side else \
+                _lib.wolfTLSv1_1_client_method()
 
         elif protocol == PROTOCOL_TLSv1_2:
             self.native_object =                                     \

tests/conftest.py

@@ -44,6 +44,12 @@ def ssl_provider(request):
     return request.param
 
 
-@pytest.fixture
-def ssl_context(ssl_provider):
-    return ssl_provider.SSLContext(ssl_provider.PROTOCOL_SSLv23)
+@pytest.fixture(
+    params=["TLSv1.1", "TLSv1.2", "SSLv23"])
+def ssl_context(ssl_provider, request):
+    if request.param == "TLSv1.1":
+        return ssl_provider.SSLContext(ssl_provider.PROTOCOL_TLSv1_1)
+    if request.param == "TLSv1.2":
+        return ssl_provider.SSLContext(ssl_provider.PROTOCOL_TLSv1_2)
+    if request.param == "SSLv23":
+        return ssl_provider.SSLContext(ssl_provider.PROTOCOL_SSLv23)

tests/test_methods.py

@@ -30,15 +30,15 @@
 
 
 @pytest.fixture(
-    params=[-1, PROTOCOL_SSLv3, PROTOCOL_TLSv1, PROTOCOL_TLSv1_1],
-    ids=["invalid", "SSLv3", "TLSv1", "TLSv1_1"])
+    params=[-1, PROTOCOL_SSLv3, PROTOCOL_TLSv1],
+    ids=["invalid", "SSLv3", "TLSv1"])
 def unsupported_method(request):
     yield request.param
 
 
 @pytest.fixture(
-    params=[PROTOCOL_SSLv23, PROTOCOL_TLS, PROTOCOL_TLSv1_2],
-    ids=["SSLv23", "TLS", "TLSv1_2"])
+    params=[PROTOCOL_SSLv23, PROTOCOL_TLS, PROTOCOL_TLSv1_1, PROTOCOL_TLSv1_2],
+    ids=["SSLv23", "TLS", "TLSv1_1", "TLSv1_2"])
 def supported_method(request):
     yield request.param