TLS 1.3 Support
All editions of IPWorks include experimental support for TLS 1.3. This is available in both client and server side components and can be enabled by setting SSLEnabledProtocols. For instance:
component.Config("SSLEnabledProtocols=12288"); //TLS 1.3
When enabled the component will automatically set UseInternalSecurityAPI to True and will not rely on any system libraries. Support for TLS 1.3 is still experimental and additional algorithms and cipher support will be added in the future. TLS13SignatureAlgorithms, TLS13SupportedGroups, and TLS13KeyShareGroups settings control the supported signature algorithms and key exchange groups respectively.
The following SSLEnabledCipherSuites are supported and enabled by default:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
The following TLS13SignatureAlgorithms are supported and enabled by default:
- rsa_pss_sha256
- rsa_pss_sha384
- rsa_pss_sha512
- ecdsa_secp256r1_sha256
- ecdsa_secp384r1_sha384
- ecdsa_secp521r1_sha512
- rsa_pkcs1_sha256
- rsa_pkcs1_sha384
- rsa_pkcs1_sha512
The TLS13SupportedGroups controls the supported key exchange groups available for use with (EC)DHE during the key exchange. This list should not be modified in most cases. The following values are supported by default:
- ecdhe_secp256r1
- ecdhe_secp384r1
- ecdhe_secp521r1
- ffdhe_2048
- ffdhe_3072
- ffdhe_4096
- ffdhe_6144
- ffdhe_8192
- ecdhe_secp256r1 (default)
- ecdhe_secp384r1 (default)
- ecdhe_secp521r1
- ffdhe_2048 (default)
- ffdhe_3072 (default)
- ffdhe_4096
- ffdhe_6144
- ffdhe_8192
Additional features and supported platforms are coming soon.
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.