diff --git a/examples/specs/iana_registries/tls-parameters.xml b/examples/specs/iana_registries/tls-parameters.xml
index 59c304282..658485ed2 100644
--- a/examples/specs/iana_registries/tls-parameters.xml
+++ b/examples/specs/iana_registries/tls-parameters.xml
@@ -5,7 +5,7 @@
Transport Layer Security (TLS) Parameters
Transport Layer Security (TLS)
2005-08-23
- 2021-06-02
+ 2023-07-19
@@ -27,7 +27,9 @@
Requests for assignments from the registry's Specification
Required range should be sent to the mailing list described in
-RFC 8447, Section 17.
+RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
The role of the designated expert is described in .
The designated expert ensures that the specification is
@@ -118,17 +120,17 @@ protocol versions prior to 1.3.
Y
-
+
67
gost_sign256
Y
-
+
-
+
68
gost_sign512
Y
-
+
69-223
@@ -146,12 +148,14 @@ protocol versions prior to 1.3.
TLS Cipher Suites
-
+
Yoav Nir, Rich Salz, Nick Sullivan
Specification Required
- Registration requests should be sent to the mailing list
-described in RFC 8447, Section 17.
-
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
+
Cryptographic algorithms and parameters will be broken or
weakened over time. Blindly implementing cipher suites listed here
is not advised. Implementers and users need to check that the
@@ -192,7 +196,7 @@ For widespread experiments, temporary reservations are available.
Any TLS cipher suite that is specified for use with DTLS MUST
define limits on the use of the associated AEAD function that
preserves margins for both confidentiality and integrity,
-as specified in .
+as specified in Section 4.5.3 of .
0x00,0x00
@@ -249,7 +253,7 @@ as specified in .
Y
N
- SC-tls-des-idea-ciphers-to-historic
+ status-change-tls-des-idea-ciphers-to-historic
0x00,0x08
@@ -264,7 +268,7 @@ as specified in .
Y
N
- SC-tls-des-idea-ciphers-to-historic
+ status-change-tls-des-idea-ciphers-to-historic
0x00,0x0A
@@ -286,7 +290,7 @@ as specified in .
Y
N
- SC-tls-des-idea-ciphers-to-historic
+ status-change-tls-des-idea-ciphers-to-historic
0x00,0x0D
@@ -308,7 +312,7 @@ as specified in .
Y
N
- SC-tls-des-idea-ciphers-to-historic
+ status-change-tls-des-idea-ciphers-to-historic
0x00,0x10
@@ -330,7 +334,7 @@ as specified in .
Y
N
- SC-tls-des-idea-ciphers-to-historic
+ status-change-tls-des-idea-ciphers-to-historic
0x00,0x13
@@ -352,7 +356,7 @@ as specified in .
Y
N
- SC-tls-des-idea-ciphers-to-historic
+ status-change-tls-des-idea-ciphers-to-historic
0x00,0x16
@@ -388,7 +392,7 @@ as specified in .
Y
N
- SC-tls-des-idea-ciphers-to-historic
+ status-change-tls-des-idea-ciphers-to-historic
0x00,0x1B
@@ -1319,8 +1323,22 @@ widely deployed implementations
IESG Action 2018-08-16
+
+ 0x13,0x06
+ TLS_AEGIS_256_SHA384
+ Y
+ N
+
+
+
+ 0x13,0x07
+ TLS_AEGIS_128L_SHA256
+ Y
+ N
+
+
- 0x13,0x06-FF
+ 0x13,0x08-FF
Unassigned
@@ -2808,72 +2826,72 @@ widely deployed implementations
N
-
+
0xC0,0xB4
TLS_SHA256_SHA256
Y
N
-
+
-
+
0xC0,0xB5
TLS_SHA384_SHA384
Y
N
-
+
0xC0,0xB6-FF
Unassigned
-
+
0xC1,0x00
TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC
N
N
-
+
-
+
0xC1,0x01
TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC
N
N
-
+
-
+
0xC1,0x02
TLS_GOSTR341112_256_WITH_28147_CNT_IMIT
N
N
-
+
0xC1,0x03
TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L
N
N
-
+
0xC1,0x04
TLS_GOSTR341112_256_WITH_MAGMA_MGM_L
N
N
-
+
0xC1,0x05
TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S
N
N
-
+
0xC1,0x06
TLS_GOSTR341112_256_WITH_MAGMA_MGM_S
N
N
-
+
0xC1,0x07-FF
@@ -3085,14 +3103,14 @@ widely deployed implementations
TLS ContentType
-
+
Standards Action
-
+
0-19
Unassigned (Requires coordination; see
- )
+ )
-
+
20
@@ -3124,17 +3142,17 @@ widely deployed implementations
Y
-
+
25
- tls12_cid (TEMPORARY - registered 2019-07-02, extension registered 2020-07-28, expires 2021-07-02)
+ tls12_cid
Y
-
+
26
ACK
Y
-
+
27-31
@@ -3144,14 +3162,14 @@ widely deployed implementations
32-63
Reserved
-
+
-
+
64-255
Unassigned (Requires coordination; see
- )
+ )
-
+
@@ -3269,10 +3287,10 @@ widely deployed implementations
decrypt_error
Y
-
+
52
- the too_many_cids_requested
- Y
+ too_many_cids_requested
+ Y
53-59
@@ -3458,17 +3476,17 @@ widely deployed implementations
Y
-
+
9
- RequestConnectionId
+ request_connection_id
Y
-
+
-
+
10
- NewConnectionId
+ new_connection_id
Y
-
+
11
@@ -3503,8 +3521,14 @@ widely deployed implementations
Y
Used in TLS versions prior to 1.3.
+
+ 17
+ client_certificate_request
+ Y
+ Used in TLS versions prior to 1.3.
+
- 17-19
+ 18-19
Unassigned
@@ -3584,8 +3608,10 @@ widely deployed implementations
Specification Required
Finite Field Diffie-Hellman groups
- Registration requests should be sent to the mailing list
-described in RFC 8447, Section 17.
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
Renamed from "EC Named Curve Registry"
@@ -3848,54 +3874,54 @@ expected level of security.
N
-
+
34
GC256A
Y
N
-
+
-
+
35
GC256B
Y
N
-
+
-
+
36
GC256C
Y
N
-
+
-
+
37
GC256D
Y
N
-
+
-
+
38
GC512A
Y
N
-
+
-
+
39
GC512B
Y
N
-
+
-
+
40
GC512C
Y
N
-
+
41
@@ -4020,7 +4046,27 @@ expected level of security.
- 23131-27241
+ 23131-25496
+ Unassigned
+
+
+ 25497
+ X25519Kyber768Draft00
+ Y
+ N
+
+ Pre-standards version of Kyber768
+
+
+ 25498
+ SecP256r1Kyber768Draft00
+ Y
+ N
+
+ Combining secp256r1 ECDH with pre-standards version of Kyber768
+
+
+ 25499-27241
Unassigned
@@ -4169,8 +4215,10 @@ expected level of security.
Specification Required
Yoav Nir, Rich Salz, Nick Sullivan
- Registration requests should be sent to the mailing list
-described in RFC 8447, Section 17.
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
0
@@ -4204,8 +4252,10 @@ described in RFC 8447, Section 17.
Specification Required
Yoav Nir, Rich Salz, Nick Sullivan
- Registration requests should be sent to the mailing list
-described in RFC 8447, Section 17.
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
0
@@ -4298,7 +4348,9 @@ described in RFC 8447, Section 17.
Requests for assignments from the registry's Specification
Required range should be sent to the mailing list described in
-RFC 8447, Section 17.
+RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
0-63
@@ -4325,6 +4377,7 @@ Required range should be sent to the mailing list described in
TLS SignatureAlgorithm
+
Yoav Nir, Rich Salz, Nick Sullivan
0-63
@@ -4340,7 +4393,9 @@ Required range should be sent to the mailing list described in
Requests for assignments from the registry's Specification
Required range should be sent to the mailing list described in
-RFC 8447, Section 17.
+RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
The values in this registry are only applicable to (D)TLS
protocol versions prior to 1.3. (D)TLS 1.3 and later versions'
@@ -4398,17 +4453,19 @@ provide the expected level of security.
Reserved
-
+
64
gostr34102012_256
Y
-
+
+
-
+
65
gostr34102012_512
Y
-
+
+
66-223
@@ -4420,6 +4477,13 @@ provide the expected level of security.
Reserved for Private Use
+ These values were allocated from the Reserved state due to a
+misunderstanding of the difference between Reserved and Unallocated
+that went undetected for a long time. Additional allocations from
+the Reserved state are not expected, and the TLS SignatureScheme
+registry is suitable for use for new allocations instead of this
+registry.
+
@@ -4427,6 +4491,7 @@ provide the expected level of security.
TLS HashAlgorithm
+
Yoav Nir, Rich Salz, Nick Sullivan
0-63
@@ -4442,7 +4507,9 @@ provide the expected level of security.
Requests for assignments from the registry's Specification
Required range should be sent to the mailing list described in
-RFC 8447, Section 17.
+RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
The values in this registry are only applicable to (D)TLS
protocol versions prior to 1.3. (D)TLS 1.3 and later versions'
@@ -4517,8 +4584,10 @@ provide the expected level of security.
Specification Required
Yoav Nir, Rich Salz, Nick Sullivan
- Registration requests should be sent to the mailing list
-described in RFC 8447, Section 17.
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
(1) These entries are reserved and MUST NOT be used for the
purpose described in , in order to avoid confusion
@@ -4684,11 +4753,90 @@ cases.
N
3GPP TS 33.501
-
+
EXPORTER-ACE-MQTT-Sign-Challenge
N
N
-
+
+
+
+ EXPORTER_EAP_TLS_Key_Material
+ N
+ Y
+
+
+
+ EXPORTER_EAP_TLS_Method-Id
+ N
+ Y
+
+
+
+ EXPORTER-BBF-USP-Record
+ N
+ N
+ TR-369
+
+
+
+ EXPORTER-client authenticator handshake context
+ Y
+ Y
+
+
+
+ EXPORTER-server authenticator handshake context
+ Y
+ Y
+
+
+
+ EXPORTER-client authenticator finished key
+ Y
+ Y
+
+
+
+ EXPORTER-server authenticator finished key
+ Y
+ Y
+
+
+
+ EXPORTER-Channel-Binding
+ Y
+ Y
+
+
+
+ EXPORTER: teap session key seed
+ N
+ Y
+
+
+
+ EXPORTER: Inner Methods Compound Keys
+ N
+ Y
+
+
+
+ EXPORTER: Session Key Generating Function
+ N
+ Y
+
+
+
+ EXPORTER: Extended Session Key Generating Function
+ N
+ Y
+
+
+
+ TEAPbindkey@ietf.org
+ N
+ Y
+
@@ -4711,7 +4859,9 @@ cases.
Requests for assignments from the registry's Specification
Required range should be sent to the mailing list described in
-RFC 8447, Section 17.
+RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
0
@@ -4776,8 +4926,10 @@ Required range should be sent to the mailing list described in
Expert Review
Yoav Nir, Rich Salz, Nick Sullivan
- Registration requests should be sent to the mailing list
-described in RFC 8447, Section 17.
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
0
@@ -4811,8 +4963,10 @@ described in RFC 8447, Section 17.
Expert Review
Yoav Nir, Rich Salz, Nick Sullivan
- Registration requests should be sent to the mailing list
-described in RFC 8447, Section 17.
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
0
@@ -4845,8 +4999,10 @@ described in RFC 8447, Section 17.
Specification Required
Yoav Nir, Rich Salz, Nick Sullivan
- Registration requests should be sent to the mailing list
-described in RFC 8447, Section 17.
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
Cryptographic algorithms and parameters will be broken or
weakened over time. Blindly implementing signature schemes
@@ -4866,11 +5022,12 @@ For widespread experiments, temporary reservations are available.
-
+
0x0201
rsa_pkcs1_sha1
- Y
+ N
+
0x0202
@@ -4878,11 +5035,12 @@ For widespread experiments, temporary reservations are available.
-
+
0x0203
ecdsa_sha1
- Y
+ N
+
0x0204-0x0400
@@ -5032,43 +5190,43 @@ For widespread experiments, temporary reservations are available.
0x0709
gostr34102012_256a
N
-
+
0x070A
gostr34102012_256b
N
-
+
0x070B
gostr34102012_256c
N
-
+
0x070C
gostr34102012_256d
N
-
+
0x070D
gostr34102012_512a
N
-
+
0x070E
gostr34102012_512b
N
-
+
0x070F
gostr34102012_512c
N
-
+
0x0710-0x07FF
@@ -5153,7 +5311,24 @@ For widespread experiments, temporary reservations are available.
- 0x081D-0x08FF
+ 0x081D-0x083F
+ Unassigned
+
+
+
+ 0x0840
+ Reserved for backward compatibility
+ N
+
+
+
+ 0x0841
+ Reserved for backward compatibility
+ N
+
+
+
+ 0x0842-0x08FF
Unassigned
@@ -7865,8 +8040,10 @@ For widespread experiments, temporary reservations are available.
Specification Required
Yoav Nir, Rich Salz, Nick Sullivan
- Registration requests should be sent to the mailing list
-described in RFC 8447, Section 17.
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
If an item is not marked as "Recommended", it does not
necessarily mean that it is flawed; rather, it indicates that
@@ -7904,8 +8081,56 @@ should not be taken as an endorsement of the key exchange mode.
+
+
+ TLS KDF Identifiers
+
+ Rich Salz, Nick Sullivan
+
+ 0x0000-0xfeff
+ Specification Required
+
+
+ 0xff00-0xffff
+ Private Use
+
+ Registration requests should be sent to the mailing list described
+in RFC 8447, Section 17. If approved, designated experts should
+notify IANA within three weeks. For assistance, please contact
+iana@iana.org.
+
+
+ 0x0000
+ Reserved
+
+
+
+ 0x0001
+ HKDF_SHA256
+
+
+
+ 0x0002
+ HKDF_SHA384
+
+
+
+ 0x0003-0xfeff
+ Unassigned
+
+
+ 0xff00-0xffff
+ Reserved for Private Use
+
+
+
+
+ Broadband Forum
+ mailto:help&broadband-forum.org
+ 2022-03-25
+
Miguel Angel Reina Ortega
mailto:MiguelAngel.ReinaOrtega&etsi.org
diff --git a/examples/specs/tls_parameters.rflx b/examples/specs/tls_parameters.rflx
index 05d9ae2ab..58b750391 100644
--- a/examples/specs/tls_parameters.rflx
+++ b/examples/specs/tls_parameters.rflx
@@ -1,7 +1,7 @@
-- AUTOMATICALLY GENERATED. DO NOT EDIT.
--- Generation date: 2022-10-05
+-- Generation date: 2023-08-24
-- Transport Layer Security (TLS) Parameters
--- Registry last updated on 2021-06-02
+-- Registry last updated on 2023-07-19
package Tls_Parameters is
@@ -35,11 +35,11 @@ package Tls_Parameters is
Ecdsa_Fixed_Ecdh => 66,
-- dtls = Y
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
Gost_Sign256 => 67,
-- dtls = Y
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
Gost_Sign512 => 68)
with Size => 8, Always_Valid;
@@ -85,7 +85,7 @@ package Tls_Parameters is
-- dtls = Y
-- rec = N
-- Ref: rfc5469
- -- xref = SC-tls-des-idea-ciphers-to-historic
+ -- xref = status-change-tls-des-idea-ciphers-to-historic
TLS_RSA_WITH_IDEA_CBC_SHA => 16#0007#,
-- dtls = Y
@@ -96,7 +96,7 @@ package Tls_Parameters is
-- dtls = Y
-- rec = N
-- Ref: rfc5469
- -- xref = SC-tls-des-idea-ciphers-to-historic
+ -- xref = status-change-tls-des-idea-ciphers-to-historic
TLS_RSA_WITH_DES_CBC_SHA => 16#0009#,
-- dtls = Y
@@ -112,7 +112,7 @@ package Tls_Parameters is
-- dtls = Y
-- rec = N
-- Ref: rfc5469
- -- xref = SC-tls-des-idea-ciphers-to-historic
+ -- xref = status-change-tls-des-idea-ciphers-to-historic
TLS_DH_DSS_WITH_DES_CBC_SHA => 16#000C#,
-- dtls = Y
@@ -128,7 +128,7 @@ package Tls_Parameters is
-- dtls = Y
-- rec = N
-- Ref: rfc5469
- -- xref = SC-tls-des-idea-ciphers-to-historic
+ -- xref = status-change-tls-des-idea-ciphers-to-historic
TLS_DH_RSA_WITH_DES_CBC_SHA => 16#000F#,
-- dtls = Y
@@ -144,7 +144,7 @@ package Tls_Parameters is
-- dtls = Y
-- rec = N
-- Ref: rfc5469
- -- xref = SC-tls-des-idea-ciphers-to-historic
+ -- xref = status-change-tls-des-idea-ciphers-to-historic
TLS_DHE_DSS_WITH_DES_CBC_SHA => 16#0012#,
-- dtls = Y
@@ -160,7 +160,7 @@ package Tls_Parameters is
-- dtls = Y
-- rec = N
-- Ref: rfc5469
- -- xref = SC-tls-des-idea-ciphers-to-historic
+ -- xref = status-change-tls-des-idea-ciphers-to-historic
TLS_DHE_RSA_WITH_DES_CBC_SHA => 16#0015#,
-- dtls = Y
@@ -188,7 +188,7 @@ package Tls_Parameters is
-- dtls = Y
-- rec = N
-- Ref: rfc5469
- -- xref = SC-tls-des-idea-ciphers-to-historic
+ -- xref = status-change-tls-des-idea-ciphers-to-historic
TLS_DH_Anon_WITH_DES_CBC_SHA => 16#001A#,
-- dtls = Y
@@ -814,6 +814,16 @@ package Tls_Parameters is
-- xref = IESG Action 2018-08-16
TLS_AES_128_CCM_8_SHA256 => 16#1305#,
+ -- dtls = Y
+ -- rec = N
+ -- Ref: draft-irtf-cfrg-aegis-aead-00
+ TLS_AEGIS_256_SHA384 => 16#1306#,
+
+ -- dtls = Y
+ -- rec = N
+ -- Ref: draft-irtf-cfrg-aegis-aead-00
+ TLS_AEGIS_128L_SHA256 => 16#1307#,
+
-- dtls = Y
-- rec = N
-- Ref: rfc7507
@@ -1722,47 +1732,47 @@ package Tls_Parameters is
-- dtls = Y
-- rec = N
- -- Ref: draft-camwinget-tls-ts13-macciphersuites
+ -- Ref: rfc9150
TLS_SHA256_SHA256 => 16#C0B4#,
-- dtls = Y
-- rec = N
- -- Ref: draft-camwinget-tls-ts13-macciphersuites
+ -- Ref: rfc9150
TLS_SHA384_SHA384 => 16#C0B5#,
-- dtls = N
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC => 16#C100#,
-- dtls = N
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC => 16#C101#,
-- dtls = N
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
TLS_GOSTR341112_256_WITH_28147_CNT_IMIT => 16#C102#,
-- dtls = N
-- rec = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L => 16#C103#,
-- dtls = N
-- rec = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
TLS_GOSTR341112_256_WITH_MAGMA_MGM_L => 16#C104#,
-- dtls = N
-- rec = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S => 16#C105#,
-- dtls = N
-- rec = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
TLS_GOSTR341112_256_WITH_MAGMA_MGM_S => 16#C106#,
-- dtls = Y
@@ -1843,11 +1853,11 @@ package Tls_Parameters is
Heartbeat => 24,
-- dtls = Y
- -- Ref: draft-ietf-tls-dtls-connection-id
- Tls12_Cid_TEMPORARY_Registered_2019_07_02_Extension_Registered_2020_07_28_Expires_2021_07_02 => 25,
+ -- Ref: rfc9146
+ Tls12_Cid => 25,
-- dtls = Y
- -- Ref: RFC-ietf-tls-dtls13-43
+ -- Ref: rfc9147
ACK => 26)
with Size => 8, Always_Valid;
@@ -1913,8 +1923,8 @@ package Tls_Parameters is
Decrypt_Error => 51,
-- dtls = Y
- -- Ref: RFC-ietf-tls-dtls13-43
- The_Too_Many_Cids_Requested => 52,
+ -- Ref: rfc9147
+ Too_Many_Cids_Requested => 52,
-- dtls = Y
-- Ref: rfc8446
@@ -1990,12 +2000,12 @@ package Tls_Parameters is
Encrypted_Extensions => 8,
-- dtls = Y
- -- Ref: RFC-ietf-tls-dtls13-43
- RequestConnectionId => 9,
+ -- Ref: rfc9147
+ Request_Connection_Id => 9,
-- dtls = Y
- -- Ref: RFC-ietf-tls-dtls13-43
- NewConnectionId => 10,
+ -- Ref: rfc9147
+ New_Connection_Id => 10,
-- dtls = Y
-- Ref: rfc8446
@@ -2009,6 +2019,11 @@ package Tls_Parameters is
-- Ref: rfc8446
Certificate_Verify => 15,
+ -- dtls = Y
+ -- Ref: rfc9261
+ -- comment = Used in TLS versions prior to 1.3.
+ Client_Certificate_Request => 17,
+
-- dtls = Y
-- Ref: rfc8446
Finished => 20,
@@ -2200,37 +2215,37 @@ package Tls_Parameters is
-- dtls = Y
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
GC256A => 34,
-- dtls = Y
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
GC256B => 35,
-- dtls = Y
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
GC256C => 36,
-- dtls = Y
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
GC256D => 37,
-- dtls = Y
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
GC512A => 38,
-- dtls = Y
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
GC512B => 39,
-- dtls = Y
-- rec = N
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: rfc9189
GC512C => 40,
-- dtls = N
@@ -2263,6 +2278,18 @@ package Tls_Parameters is
-- Ref: rfc7919
Ffdhe8192 => 260,
+ -- dtls = Y
+ -- rec = N
+ -- Ref: draft-tls-westerbaan-xyber768d00-02
+ -- comment = Pre-standards version of Kyber768
+ X25519Kyber768Draft00 => 25497,
+
+ -- dtls = Y
+ -- rec = N
+ -- Ref: draft-kwiatkowski-tls-ecdhe-kyber-01
+ -- comment = Combining secp256r1 ECDH with pre-standards version of Kyber768
+ SecP256r1Kyber768Draft00 => 25498,
+
-- dtls = Y
-- rec = N
-- Ref: rfc8422
@@ -2344,11 +2371,13 @@ package Tls_Parameters is
Ed448_8 => 8,
-- dtls = Y
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: 1
+ -- Ref: rfc9189
Gostr34102012_256 => 64,
-- dtls = Y
- -- Ref: draft-smyshlyaev-tls12-gost-suites
+ -- Ref: 1
+ -- Ref: rfc9189
Gostr34102012_512 => 65)
with Size => 8, Always_Valid;
@@ -2437,12 +2466,14 @@ package Tls_Parameters is
with Size => 8, Always_Valid;
type TLS_SignatureScheme is
- (-- recommended = Y
+ (-- recommended = N
-- Ref: rfc8446
+ -- Ref: rfc9155
Rsa_Pkcs1_Sha1 => 16#0201#,
- -- recommended = Y
+ -- recommended = N
-- Ref: rfc8446
+ -- Ref: rfc9155
Ecdsa_Sha1 => 16#0203#,
-- recommended = Y
@@ -2502,31 +2533,31 @@ package Tls_Parameters is
Sm2sig_Sm3 => 16#0708#,
-- recommended = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
Gostr34102012_256a => 16#0709#,
-- recommended = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
Gostr34102012_256b => 16#070A#,
-- recommended = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
Gostr34102012_256c => 16#070B#,
-- recommended = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
Gostr34102012_256d => 16#070C#,
-- recommended = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
Gostr34102012_512a => 16#070D#,
-- recommended = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
Gostr34102012_512b => 16#070E#,
-- recommended = N
- -- Ref: draft-smyshlyaev-tls13-gost-suites
+ -- Ref: rfc9367
Gostr34102012_512c => 16#070F#,
-- recommended = Y
@@ -2584,4 +2615,12 @@ package Tls_Parameters is
Psk_Dhe_Ke => 1)
with Size => 8, Always_Valid;
+ type TLS_KDF_Identifiers is
+ (-- Ref: rfc5869
+ HKDF_SHA256 => 16#0001#,
+
+ -- Ref: rfc5869
+ HKDF_SHA384 => 16#0002#)
+ with Size => 16, Always_Valid;
+
end Tls_Parameters;