This is an updated version of the TCL TLS package.
The trunk branch contains all of the planned changed for the v1.8 release. The v2.0 branch has the option defaults changes for the v2.0 release. The crypto branch is the start of a cryptography package using OpenSSL. This is planned for v2.1. I only test with MS Windows, Linux, and BSD Unix using TCL 8.6 and TCL 9.0. So these should work. Since I only use OpenSSL, I likely broke compatibility with LibreSSL and others.
Links to current release:
- Release source: /uv/tcltls-2.0b1.tar.gz
- Windows library: /uv/tls2.0b1_win64_msvc.zip
Status of planned changes:
TLS 2.0 (done)
- Added more certificate and connection status
- Add missing TLS 1.3 functionality, Cipher suites, etc.
- Error handing improvements, more connect status via callbacks
- Fixed OpenSSL 3.0 unexpected EOF issue
- Fixed build system to be TEA compliant, restructured repo, and fixed missing TCL Config files
- Added TCL 9.0 support
- OpenSSL 3 compatibility updates
- Replaced set DH build args and file with auto select
- When -require 1 is used, will auto validate server certificate
- Fixed IO test cases open
- Fixed many open tickets on sourceforge and core.tcl.tk sites.
- Use of the Windows system certificate store as a source of trusted root certificates on OpenSSL 3.2.
- Replaced process of including tls.tcl file in shared library with cross-platform compatible methods.
- Disable TLS 1 and 1.1 by default
- Use -require 1 as default, when certificates are available
TLS 2.1 (in work)
- Cryptography functions: digest/hash, MACs, Key Derivation Functions, random, and symmetric encryption done
- Cryptography functions: Asymmetric encryption, AEAD
- Key functions: key gen (rsa, dsa, ec), key info, sign file, verify file
- Certificate functions: x509 info, x509 create, CSR
- Server functions
- Session resumption
- Restore LibreSSL compatibility
- OpenSSL 3.2 changes: new ciphers Ed25519ctx, Ed25519ph, Ed448ph, deterministic ECDSA, and Brainpool Standard Curves; etc.
TLS 2.2 - breaking changes (future work)
Remove SSL 2 and 3? code
- OpenSSL 3.0 API updates
- UDP, DTLS, HTTP 3 support
- QUIC support