Design and verification of the TLS 1.3 handshake state machine in LibreSSL

Cite

Related Material

Berkeley Software Distribution (BSD)

Buehler, Theo

Formal Metadata

Title

Design and verification of the TLS 1.3 handshake state machine in LibreSSL

Title of Series

The Technical BSD Conference 2019

Number of Parts

Author

Buehler, Theo

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/45319 (DOI)

Publisher

Berkeley Software Distribution (BSD)

Release Date

2019

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

The TLS 1.3 handshake is the protocol used for negotiating a TLS 1.3 connection between a client and a server. During the handshake the configuration for the session is agreed upon, ephemeral secrets are exchanged and the server is authenticated. This protocol is encoded in a state machine. After a general discussion of TLS and in particular a comparison of TLS 1.2 and TLS 1.3, this talk will review the TLS 1.3 handshake state machine and discuss its implementation in LibreSSL. Benefits and drawbacks of both the handshake protocol and LibreSSL's implementation will be discussed. We will also elaborate on the way we verify and guarantee our implementation's correctness using regression testing and other methods.