TLS 1.3 Support
All editions of IPWorks include support for TLS 1.3. This is available in both client and server side components and can be enabled by setting SSLEnabledProtocols. For instance:
component.Config("SSLEnabledProtocols=12288"); //TLS 1.3
When enabled the component will automatically set UseInternalSecurityAPI to True and will not rely on any system libraries. The TLS13SignatureAlgorithms, TLS13SupportedGroups, and TLS13KeyShareGroups settings control the supported signature algorithms and key exchange groups respectively.
The following SSLEnabledCipherSuites are supported and enabled by default:
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
The following TLS13SignatureAlgorithms are supported and enabled by default:
- ed25519
- ed448
- ecdsa_secp256r1_sha256
- ecdsa_secp384r1_sha384
- ecdsa_secp521r1_sha512
- rsa_pkcs1_sha256
- rsa_pkcs1_sha384
- rsa_pkcs1_sha512
- rsa_pss_sha256
- rsa_pss_sha384
- rsa_pss_sha512
The TLS13SupportedGroups control the supported key exchange groups available for use with (EC)DHE during the key exchange. This list should not be modified in most cases. The following values are supported by default:
- ecdhe_x25519
- ecdhe_x448
- ecdhe_secp256r1
- ecdhe_secp384r1
- ecdhe_secp521r1
- ffdhe_2048
- ffdhe_3072
- ffdhe_4096
- ffdhe_6144
- ffdhe_8192
- ecdhe_x25519 (default)
- ecdhe_x448
- ecdhe_secp256r1 (default)
- ecdhe_secp384r1 (default)
- ecdhe_secp521r1
- ffdhe_2048 (default)
- ffdhe_3072 (default)
- ffdhe_4096
- ffdhe_6144
- ffdhe_8192
We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.