Daiki Ueno

Introduction to the new API added for TLS 1.3 in crypto libraries.

Major crypto libraries have adopted TLS 1.3 since its final publication in last August. Those libraries are carefully designed so the applications can switch to the new protocol with minimal code modification. However, as TLS 1.3 also brings new concepts, such as post-handshake authentication and 0-RTT, the applications needs to use new API to take full advantage of the protocol. In this presentation, we will go through the new API functions added for TLS 1.3 in multiple crypto libraries, see pros and cons of their design choices, and discuss the best practice in using those new functions.

On a cloud computing environment it is often required to use a user's smart card on a remote server. That is, insert a smart card locally (windows or linux client), ssh to a server, and then utilize the smart card to 'sudo' application or to a TLS application, or to 'kinit' to obtain a kerberos ticket. Other operating systems such as windows provide this functionality via USB-pass-through. The purpose of this talk, is to describe where we are, and what we provide for that problem.