This is an updated version of the TCL TLS package. It is kept in sync with the main repo at https://core.tcl-lang.org/tcltls/index.

The main and tls-2.0 branch contain the v2.0 release. The crypto branch is the start of a cryptography package using OpenSSL. This is now planned for v2.1. See below for versions tested.

Links to current release:

• Release source: /uv/tcltls-2.0-src.tar.gz
• Windows library: /uv/tcltls-2.0-win64-msvc.zip

Tested with:

• TCL 8.6.14 and 9.0.3
• OpenSSL 1.1.1w, 3.0.18, 3.1.8, 3.2.6, 3.3.5, 3.4.3, 3.5.4, and 3.6.0
• Windows 7, Windows 10, Msys64, OpenSuSE Linux Leap 15.6 and 16.0, FreeBSD, MacOS with MacPorts

Status of planned changes:

TLS 2.0 (completed)

• Replaced build system with a new TEA compliant build system for Unix and windows.
• Restructured repo and fixed missing TCL Config files.
• Added TCL 9.0 support.
• OpenSSL 3 compatibility updates.
• Added more certificate and connection status.
• Add missing TLS 1.3 functionality, cipher suites, SNI, ALPN, etc.
• Error handing improvements, more connect status via callbacks.
• Fixed OpenSSL 3.0 unexpected EOF issue.
• When -require 1 is used, will auto validate server certificate.
• Fixed IO test cases.
• Fixed many open tickets on sourceforge and core.tcl.tk sites.
• Use of the Windows system certificate store as a source of trusted root certificates on OpenSSL 3.2 and later.
• Replaced set DH build args and file with auto select.
• Replaced process of including tls.tcl file in shared library with cross-platform compatible methods.
• Disable TLS 1 and 1.1 by default.
• Use -require 1 as default, when certificates are available.

TLS 2.1 (in work)

• Cryptography functions: digest/hash, MACs, Key Derivation Functions, random, and symmetric encryption. done
• Cryptography functions: Asymmetric encryption, AEAD.
• Key functions: key gen (rsa, dsa, ec), key info, sign file, verify file.
• Certificate functions: x509 info, x509 create, CSR.
• Server functions.
• Session resumption.
• Restore LibreSSL compatibility.
• OpenSSL 3.2 changes: new ciphers Ed25519ctx, Ed25519ph, Ed448ph, deterministic ECDSA, and Brainpool Standard Curves; etc.

TLS 2.2 - breaking changes (future work)

• Remove SSL 2 and 3? code.

• OpenSSL 3.0 API updates.
• UDP, DTLS, HTTP 3 support.
• QUIC support.