Implement TLS v1.3, including X25519 and Ed25519, especially within X509 certs.

[catbref]

Now that TLS v1.3 has been approved by the IETF can it be implemented into BC please?

Note that section 9.1 "Mandatory-to-Implement Cipher Suites" states that "A TLS-compliant application [...] SHOULD support key exchange with X25519 [RFC7748]."

You have some X25519-related code already and I can submit a pull request for most of the Ed25519/X509 aspect however I am new to the BC codebase so it would need serious reviewing.

[peterdettman]

Work on Ed25519 is under way and TLS 1.3 is beginning shortly.

[lapo-luchini]

There is something regarding Ed25519 in open-keychain#2.
Edit: whoops, I noticed only later that the person opening it is the same that opened this one.

[catbref]

Yes, and I've just now submitted a pull-request with code based on the above but reworked for more seamless integration with bcgit:master.
I'm not claiming my pull-request is good-to-go but could help save a bit of time.
One issue is that there could be duplication of X25519/Ed25519 math code.

[vikram919]

@catbref

One issue is that there could be duplication of X25519/Ed25519 math code.

?

[catbref]

There's existing X25519 math code under core/src/main/java/org/bouncycastle/math/ec/rfc7748
and in pull request #347 fresh math code for Ed25519 which might end up duplicating some of the above.

I understand that there's a possible path to/from Ed25519/X25519 keys but that's beyond my skills.

[peterdettman]

Closing as TLS 1.3 is in place now.

We do not yet enable it for the "TLS" SSLContext though; you currently need to use "TLSv1.3" explicitly, or else enable it on the individual sockets/engines, or use jdk.tls.client.protocols/jdk.tls.server.protocols system properties.

Relative to TLS 1.2, it is currently missing session resumption. Relative to the full TLS 1.3 spec it is missing several of the new features, e.g. early data, half-close. Specific issues can be raised for these, although they are not likely to be on our roadmap for this year.