Enable TLS1.3 #2711

martijnvwezel · 2025-10-29T12:53:35Z

Added these files to get TLS1.3 actually working: handshake/session handling + data transfer, and the crypto the PSA bits TLS1.3 needs.

TLS1.3 flow

ssl_tls13_client.c — client-side TLS1.3 handshake & state machine (connect, key schedule, etc).
ssl_tls13_server.c — server-side TLS1.3 handshake & state machine (accept, resume, keys).
ssl_tls13_generic.c — shared TLS1.3 code used by client+server (common handshake steps, key derivation, cipher handling).

Needed crypto stuffc for TLS1.3

psa_crypto_driver_wrappers_no_static.c — PSA driver wrapper glue so mbedtls can call platform crypto implementations without static binding.
psa_crypto_ffdh.c — finite-field Diffie-Hellman PSA glue (for any non-ECC FFDH needs).
psa_crypto_pake.c — PAKE support via PSA (if you need password-authenticated key exchange helpers).
psa_util.c — helper utils for PSA integration (common conversions, checks).
sha3.c — SHA-3 family implementation — some profiles / ciphersuites or future proofing.

fedailyuseinexperiencedata · 2025-10-29T12:58:41Z

Awesome, we were having the same issue

Update CMakeLists.txt

58088e3

lurch linked an issue Oct 29, 2025 that may be closed by this pull request

Enable TLS1.3 #2710

Open

lurch added the mbedtls label Oct 29, 2025

Provide feedback