Enable TLS1.3 for evaluation

Hello,

I am currently using nordic connect sdk version v3.0.2 which seems to be the latest release on github. I am using https client example. As per the requirements we would like to evaluate use of TLS 1.3. The project is being built for nrf5340/cpuapp/ns with TFM. It looks like when NRF_SECURITY configuration is enabled by default due to use of TFM. And under the hood it looks like this NRF_SECURITY config generates a default mbedtls configuration header(nrf-config.h) that overrides any MBEDTLS configuration specified at app level. This means even though we enable CONFIG_MBEDTLS_TLS_VERSION_1_3 the protocol is not enabled for the example.

Can you please provide information on how to evaluate tls 1.3 with this platform as it is important for our customer to evaluate this platform.

Best Regards,

Arjun

Parents

0 Amanda Hsieh 3 days ago

Hi,

Could you take a look at the psa_tls sample? It can support TLS 1.3 for nrf5340/cpuapp/ns.

You can use this command to build the sample:
west build -T ./sample.psa_tls.tls_1_3_client.ecdsa.cc3xx_oberon -b nrf5340dk/nrf5340/cpuapp/ns

Then you can check the EXTRA_CONF_FILE specified under that test scenario to see the configuration needed.

Regards,
Amanda H.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Arjun-Prasad 16 hours ago in reply to Amanda Hsieh

Hi,

Thank you for quick response. That helps but I had to change the wpa supplicant crypto implementation backend from HOSTAP_CRYPTO_ALT_LEGACY_PSA to HOSTAP_CRYPTO_ALT_PSA. This is because it looks like the config HOSTAP_CRYPTO_ALT_LEGACY_PSA forces a default mbdetls config file nrf_security/configs/legacy_crypto_config.h.template. This does not enable TLS1.3. But now the problem is I cannot use WPA3 it looks like. Is there any examples where I can enable TLS1.3 and WPA3. This is a requirement for our customer to evaluate the possibility of the platform and benchmark. Any help is appreciated.

Best Regards,

Arjun
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Arjun-Prasad 16 hours ago in reply to Amanda Hsieh

Hi,

Thank you for quick response. That helps but I had to change the wpa supplicant crypto implementation backend from HOSTAP_CRYPTO_ALT_LEGACY_PSA to HOSTAP_CRYPTO_ALT_PSA. This is because it looks like the config HOSTAP_CRYPTO_ALT_LEGACY_PSA forces a default mbdetls config file nrf_security/configs/legacy_crypto_config.h.template. This does not enable TLS1.3. But now the problem is I cannot use WPA3 it looks like. Is there any examples where I can enable TLS1.3 and WPA3. This is a requirement for our customer to evaluate the possibility of the platform and benchmark. Any help is appreciated.

Best Regards,

Arjun
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data