neilxxxxx opened a new pull request, #3319:
URL: https://github.com/apache/brpc/pull/3319
### What problem does this PR solve?
Issue Number: resolve #
Problem Summary:
Previously, brpc only supported TLSv1.0/1.1/1.2 for SSL/TLS connections.
With the increasing industry adoption of TLSv1.3 (RFC 8446) and the
deprecation
of older TLS versions by major cloud services and browsers, there is a need
to add TLSv1.3 support in brpc to:
- Improve security with stronger cryptographic algorithms (e.g.,
ChaCha20-Poly1305, AES-256-GCM)
- Improve performance with reduced handshake round-trips (1-RTT and 0-RTT)
- Meet compliance requirements for modern security standards
### What is changed and the side effects?
Changed:
- Added TLSv1.3 support in SSL options
- Updated the underlying OpenSSL initialization and context configuration to
enable TLSv1.3 protocol methods when available
- Added related unit tests to verify TLSv1.3 handshake and data transmission
Side effects:
- Performance effects:
- Positive: TLSv1.3 reduces handshake latency from 2-RTT to 1-RTT,
and supports 0-RTT resumption for returning connections
- No negative performance impact on existing TLSv1.2 connections
- Breaking backward compatibility:
- No. TLSv1.3 support is opt-in. Existing configurations defaulting to
TLSv1.2 remain unchanged. Users must explicitly set the TLS version
to enable TLSv1.3.
---
### Check List:
- Please make sure your changes are compilable.
- When providing us with a new feature, it is best to add related tests.
- Please follow
`https://github.com/apache/brpc/blob/master/CODE_OF_CONDUCT.md`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
