{"id":13812938,"url":"https://github.com/eduardsui/tlse","last_synced_at":"2025-05-14T22:31:17.994Z","repository":{"id":37733485,"uuid":"53135382","full_name":"eduardsui/tlse","owner":"eduardsui","description":"Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library","archived":false,"fork":false,"pushed_at":"2025-05-06T06:03:10.000Z","size":2699,"stargazers_count":618,"open_issues_count":18,"forks_count":94,"subscribers_count":29,"default_branch":"master","last_synced_at":"2025-05-06T07:27:17.487Z","etag":null,"topics":["tls"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eduardsui.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2016-03-04T12:54:20.000Z","updated_at":"2025-05-06T06:03:14.000Z","dependencies_parsed_at":"2022-07-18T01:16:54.522Z","dependency_job_id":"da4762b8-2277-41f5-a256-5db0ddddd0df","html_url":"https://github.com/eduardsui/tlse","commit_stats":{"total_commits":495,"total_committers":12,"mean_commits":41.25,"dds":0.4666666666666667,"last_synced_commit":"687c75de82e3c826ddb2464df2b12686f5c6f0d1"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eduardsui%2Ftlse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eduardsui%2Ftlse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eduardsui%2Ftlse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eduardsui%2Ftlse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eduardsui","download_url":"https://codeload.github.com/eduardsui/tlse/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254239535,"owners_count":22037721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["tls"],"created_at":"2024-08-04T04:00:58.256Z","updated_at":"2025-05-14T22:31:12.968Z","avatar_url":"https://github.com/eduardsui.png","language":"C","readme":"# TLSe\n\nSingle C file TLS 1.3, 1.2, 1.1 and 1.0(without the weak ciphers) implementation, using [libtomcrypt](https://github.com/libtom/libtomcrypt \"libtomcrypt\") as crypto library. It also supports DTLS 1.2 and 1.0. Before using tlse.c you may want to download and compile tomcrypt; alternatively you may use libtomcrypt.c (see Compiling).\n\nAs secondary features, it supports SRTP key exchange, encryption and decryption, DTLS-SRTP and WebRTC RTCPeerConnection without any dependencies (it can stream audio/video from your C server to a browser via WebRTC).\n\n**Note**: It does not implement 0-RTT. Client-side TLS 1.3 support is experimental.\n\nLike this project ? You may donate Bitcoin for this project at 14LqvMzFfaJ82C7wY5iavvTf9HPELYWsax\n\n![](https://raw.githubusercontent.com/eduardsui/edwork/master/bwallet.png)\n\n## Compiling\n\n### Manually\n----------\n\nSimple TLS client:\n`$ gcc tlshello.c -o tlshello -ltomcrypt -ltommath -DLTM_DESC`  \n\nFor debuging tls connections, the DEBUG flag must be set (-DDEBUG).\n\nSimple TLS server:\n`$ gcc tlsserverhello.c -o tlsserverhello -ltomcrypt -ltommath -DLTM_DESC`  \n\nThe entire library is a single c file that you just include in your source.\n\nThe library may also use the libtomcrypt.c amalgamation. In this case, the client may be compiled:\n\n`$ gcc tlshello.c -o tlshello -DTLS_AMALGAMATION`\n\nand the server:\n\n`$ gcc tlsserverhello.c -o tlsserverhello -DTLS_AMALGAMATION`\n\ntlse.h is optional (is safe to just include tlse.c). Alternatively, you may include tlse.h and add tlse.c to your makefile (useful when linking against C++).\n\nIf thread-safety is needed, you need to call `tls_init()` before letting any other threads in, and not use the same object from multiple threads without a mutex. Other than that, TLSe and libtomcrypt are thread-safe. Also, you may want to define LTC_PTHREAD if you're using libtomcrypt.\n\nTLSe supports KTLS on linux kernel 4.13 or higher. KTLS is a TLS implementation in the linux kernel. If TLS_RX is not defined, KTLS is send-only (you may use send/sendfile to send data, but you may not use recv). Also, the negotiation must be handled by TLSe. If KTLS support is needed, define WITH_KTLS (compile with -DWITH_KTLS). Note that is not clear which header should be included for linux structure, you may need to check these structures and constants: https://github.com/torvalds/linux/blob/master/Documentation/networking/tls.txt.\n\n### With cmake\n----------\n\n`$ mkdir build \u0026\u0026 cd build \u0026\u0026 cmake ../ -DTLSE_COMPILE_DEFINITIONS=\"TLS_AMALGAMATION\" -DBUILD_EXAMPLES=ON \u0026\u0026 cmake --build . --verbose`\n\n`TLSE_COMPILE_DEFINITIONS` may be given with a filler as semicolon-reparated values enclosed into double-quoted string\n\n## Usage\n----------\n\nYou just \n`#include \"tlse.c\"`\nin your code. Everything is a single file.\n\n## Features\n----------\n\nThe main feature of this implementation is the ability to serialize TLS context, via tls_export_context and re-import it, via tls_import_context in another pre-forked worker process (socket descriptor may be sent via sendmsg).\n\nFor now it supports TLS 1.2, TLS 1.1 + 1.0 (when TLS_LEGACY_SUPPORT is defined / default is on), RSA, ECDSA, DHE, ECDHE  ciphers:\n``TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256` and `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384``.\n\nThe following ciphers are supported but disabled by default:\n``TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384``. To enable these ciphers, TLSe must be compiled with ``-DNO_TLS_ROBOT_MITIGATION``. ROBOT attack is mitigated by default, but it is recommended to disable RSA encryption to avoid future vulnerabilities.\n\nTLSe now supports ChaCha20/Poly1305 ciphers: `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`,  `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256` and `TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256`. These ciphers are enabled by default.\n\nIt has a low level interface, efficient for non-blocking, asynchronous sockets, and a blocking, libssl-style interface.\n\nIt implements all that is needed for the TLS protocol version 1.2 and a pem/der parser. From tomcrypt it uses RSA, ECDSA and AES(GCM and CBC) encryption/decryption, SHA1, SHA256, SHA384, SHA512 and HMAC functions.\n\nNow it supports client certificate. To request a client certificate, call ``tls_request_client_certificate(TLSContext *)`` following ``tls_accept(TLSContext *)``.\n\nIt implements SNI extension (Server Name Indication). To get the SNI string call ``tls_sni(TLSContext *)``.\nIt also implements SCSV and ALPN (see ``tls_add_alpn(struct TLSContext *, const char *)`` and ``const char *tls_alpn(struct TLSContext *)``.\n\nThe library supports certificate validation by using ``tls_certificate_chain_is_valid``, ``tls_certificate_chain_is_valid_root``, ``tls_certificate_valid_subject`` and ``tls_certificate_is_valid``(checks not before/not after). Note that certificates fed to ``tls_certificate_chain_is_valid`` must be in correct order (certificate 2 signs certificate 1, certificate 3 signs certificate 2 and so on; also certificate 1 (first) is the certificate to be used in key exchange).\n\nThis library was written to be used by my other projects [Concept Applications Server](https://github.com/Devronium/ConceptApplicationServer \"Concept Application Server\") and [Concept Native Client](https://github.com/Devronium/ConceptClientQT \"Concept Client QT\")\n\n## Examples\n----------\n1. [examples/tlsclienthello.c](https://github.com/eduardsui/tlslayer/blob/master/examples/tlsclienthello.c) simple client example\n2. [examples/tlshelloworld.c](https://github.com/eduardsui/tlslayer/blob/master/examples/tlshelloworld.c) simple server example\n3. [examples/tlssimple.c](https://github.com/eduardsui/tlslayer/blob/master/examples/tlssimple.c) simple blocking client using libssl-ish API\n4. [examples/tlssimpleserver.c](https://github.com/eduardsui/tlslayer/blob/master/examples/tlssimpleserver.c) simple blocking server using libssl-ish API\n\nAfter compiling the examples, in the working directory, you should put fullchain.pem and privkey.pem in a directory called testcert for running the server examples. I've used [letsencrypt](https://github.com/letsencrypt/letsencrypt) for certificate generation (is free!).\n\n## Important security note\n----------\n\nNote that for DTLS, it doesn't implement a state machine, so using this DTLS implementation with UDP (server) may expose your server to DoS attack.\n\n## License\n----------\nPublic domain, BSD, MIT. Choose one.\n","funding_links":[],"categories":["Networking","C","内存分配","Secure Programming","Cryptography"],"sub_categories":["网络","Tokens","General"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feduardsui%2Ftlse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feduardsui%2Ftlse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feduardsui%2Ftlse/lists"}