Merge branch 'ingela/ssl/initial-tls-1.3-functions'

* ingela/ssl/initial-tls-1.3-functions:
  ssl: Initial cipher suites adoption for TLS-1.3
  ssl: Add new TLS-1.3 Alerts
  ssl: Add initial TLS 1.3 hanshake encode/decode support

12 files changed, 464 insertions, 17 deletions

diff --git a/lib/ssl/src/Makefile b/lib/ssl/src/Makefile
index 9987990443..af36d04a99 100644
--- a/lib/ssl/src/Makefile
+++ b/lib/ssl/src/Makefile
@@ -70,6 +70,7 @@ MODULES= \
 	ssl_config \
 	ssl_connection \
 	tls_handshake \
+	tls_handshake_1_3\
 	dtls_handshake\
 	ssl_handshake\
 	ssl_manager \
@@ -92,8 +93,9 @@ MODULES= \
 INTERNAL_HRL_FILES = \
 	ssl_alert.hrl ssl_cipher.hrl \
 	tls_connection.hrl dtls_connection.hrl ssl_connection.hrl \
-        ssl_handshake.hrl tls_handshake.hrl dtls_handshake.hrl ssl_api.hrl ssl_internal.hrl \
-        ssl_record.hrl tls_record.hrl dtls_record.hrl ssl_srp.hrl
+        ssl_handshake.hrl tls_handshake.hrl tls_handshake_1_3.hrl  dtls_handshake.hrl \
+	ssl_api.hrl ssl_internal.hrl \
+        ssl_record.hrl tls_record.hrl dtls_record.hrl ssl_srp.hrl 
 
 ERL_FILES= \
 	$(MODULES:%=%.erl) \
@@ -170,6 +172,7 @@ $(EBIN)/tls_connection.$(EMULATOR): ssl_internal.hrl tls_connection.hrl tls_reco
 $(EBIN)/dtls_connection.$(EMULATOR): ssl_internal.hrl dtls_connection.hrl dtls_record.hrl ssl_cipher.hrl dtls_handshake.hrl ssl_alert.hrl ../../public_key/include/public_key.hrl
 $(EBIN)/tls_handshake.$(EMULATOR): ssl_internal.hrl tls_record.hrl ssl_cipher.hrl tls_handshake.hrl ssl_alert.hrl ../../public_key/include/public_key.hrl
 $(EBIN)/tls_handshake.$(EMULATOR): ssl_internal.hrl ssl_connection.hrl ssl_record.hrl ssl_cipher.hrl ssl_handshake.hrl ssl_alert.hrl ../../public_key/include/public_key.hrl
+$(EBIN)/tls_handshake_1_3.$(EMULATOR): tls_handshake_1_3.hrl tls_handshake.hrl ssl_internal.hrl
 $(EBIN)/ssl_manager.$(EMULATOR): ssl_internal.hrl ssl_handshake.hrl ../../kernel/include/file.hrl
 $(EBIN)/ssl_record.$(EMULATOR):  ssl_internal.hrl ssl_record.hrl ssl_cipher.hrl ssl_handshake.hrl ssl_alert.hrl
 $(EBIN)/ssl_session.$(EMULATOR):  ssl_internal.hrl ssl_handshake.hrl
diff --git a/lib/ssl/src/dtls_handshake.hrl b/lib/ssl/src/dtls_handshake.hrl
index 50e92027d2..a16489bbd1 100644
--- a/lib/ssl/src/dtls_handshake.hrl
+++ b/lib/ssl/src/dtls_handshake.hrl
@@ -56,4 +56,11 @@
 	  fragment
 	 }).
 
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% RFC 7764  Datagram Transport Layer Security (DTLS) Extension to Establish Keys
+%% for the Secure Real-time Transport Protocol (SRTP)
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% Not supported
+-define(USE_SRTP, 14).
+
 -endif. % -ifdef(dtls_handshake).
diff --git a/lib/ssl/src/ssl.app.src b/lib/ssl/src/ssl.app.src
index f82b6aa7ee..17173d7c79 100644
--- a/lib/ssl/src/ssl.app.src
+++ b/lib/ssl/src/ssl.app.src
@@ -5,6 +5,7 @@
 	       %% TLS/SSL 
 	       tls_connection,
 	       tls_handshake,
+	       tls_handshake_1_3,
 	       tls_record,
 	       tls_socket,
 	       tls_v1,
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index 6460a57b11..166ffac1c0 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -488,9 +488,9 @@ cipher_suites(Base, Version) ->
     [ssl_cipher_format:suite_definition(Suite) || Suite <- supported_suites(Base, Version)].
 
 %%--------------------------------------------------------------------
--spec filter_cipher_suites([ssl_cipher_format:erl_cipher_suite()], 
+-spec filter_cipher_suites([ssl_cipher_format:erl_cipher_suite()] | [ssl_cipher_format:cipher_suite()], 
                            [{key_exchange | cipher | mac | prf, fun()}] | []) -> 
-                                  [ssl_cipher_format:erl_cipher_suite()].
+                                  [ssl_cipher_format:erl_cipher_suite() ] |  [ssl_cipher_format:cipher_suite()].
 %% Description: Removes cipher suites if any of the filter functions returns false
 %% for any part of the cipher suite. This function also calls default filter functions
 %% to make sure the cipher suite are supported by crypto.
diff --git a/lib/ssl/src/ssl_alert.erl b/lib/ssl/src/ssl_alert.erl
index 34e9797f1f..ed8156e0be 100644
--- a/lib/ssl/src/ssl_alert.erl
+++ b/lib/ssl/src/ssl_alert.erl
@@ -163,6 +163,8 @@ description_txt(?USER_CANCELED) ->
     "User Canceled";
 description_txt(?NO_RENEGOTIATION) ->
     "No Renegotiation";
+description_txt(?MISSING_EXTENSION) ->
+    "Missing extension";
 description_txt(?UNSUPPORTED_EXTENSION) ->
     "Unsupported Extension";
 description_txt(?CERTIFICATE_UNOBTAINABLE) ->
@@ -177,6 +179,8 @@ description_txt(?UNKNOWN_PSK_IDENTITY) ->
     "Unknown Psk Identity";
 description_txt(?INAPPROPRIATE_FALLBACK) ->
     "Inappropriate Fallback";
+description_txt(?CERTIFICATE_REQUIRED) ->
+    "Certificate required";
 description_txt(?NO_APPLICATION_PROTOCOL) ->
     "No application protocol";
 description_txt(Enum) ->
diff --git a/lib/ssl/src/ssl_alert.hrl b/lib/ssl/src/ssl_alert.hrl
index b23123905e..9b2322da17 100644
--- a/lib/ssl/src/ssl_alert.hrl
+++ b/lib/ssl/src/ssl_alert.hrl
@@ -29,6 +29,9 @@
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%% Alert protocol - RFC 2246 section 7.2
+%%% updated by RFC 8486 with
+%%% missing_extension(109),
+%%% certificate_required(116),
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 %% AlertLevel
@@ -100,12 +103,14 @@
 -define(INAPPROPRIATE_FALLBACK, 86).
 -define(USER_CANCELED, 90).
 -define(NO_RENEGOTIATION, 100).
+-define(MISSING_EXTENSION, 109).
 -define(UNSUPPORTED_EXTENSION, 110).
 -define(CERTIFICATE_UNOBTAINABLE, 111).
 -define(UNRECOGNISED_NAME, 112).
 -define(BAD_CERTIFICATE_STATUS_RESPONSE, 113).
 -define(BAD_CERTIFICATE_HASH_VALUE, 114).
 -define(UNKNOWN_PSK_IDENTITY, 115).
+-define(CERTIFICATE_REQUIRED, 116).
 -define(NO_APPLICATION_PROTOCOL, 120).
 
 -define(ALERT_REC(Level,Desc), #alert{level=Level,description=Desc,where={?FILE, ?LINE}}).
diff --git a/lib/ssl/src/ssl_cipher.erl b/lib/ssl/src/ssl_cipher.erl
index 863e7e4b3d..00e0ff7986 100644
--- a/lib/ssl/src/ssl_cipher.erl
+++ b/lib/ssl/src/ssl_cipher.erl
@@ -301,8 +301,11 @@ suites({3, Minor}) ->
 suites({_, Minor}) ->
     dtls_v1:suites(Minor).
 
-all_suites({3, 4}) ->
-    all_suites({3, 3});
+all_suites({3, 4} = Version) ->
+    Default = suites(Version),
+    Rest = ssl:filter_cipher_suites(chacha_suites(Version) ++ psk_suites(Version),
+                                    tls_v1:v1_3_filters()),
+    Default ++ Rest;
 all_suites({3, _} = Version) ->
     suites(Version)
         ++ chacha_suites(Version)
@@ -340,6 +343,8 @@ anonymous_suites({3, N}) ->
     srp_suites_anon() ++ anonymous_suites(N);
 anonymous_suites({254, _} = Version) ->
     dtls_v1:anonymous_suites(Version);
+anonymous_suites(4) ->
+    []; %% Raw public key negotiation may be used instead
 anonymous_suites(N)
   when N >= 3 ->
     psk_suites_anon(N) ++
@@ -374,6 +379,8 @@ anonymous_suites(N)  when N == 0;
 %%--------------------------------------------------------------------
 psk_suites({3, N}) ->
     psk_suites(N);
+psk_suites(4) ->
+    []; %% TODO Add new PSK, PSK_(EC)DHE suites
 psk_suites(N)
   when N >= 3 ->
     [
diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl
index 9cc6f570fc..cde1471f98 100644
--- a/lib/ssl/src/ssl_handshake.hrl
+++ b/lib/ssl/src/ssl_handshake.hrl
@@ -320,7 +320,7 @@
 	 }).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% Application-Layer Protocol Negotiation  RFC 7301
+%% RFC 7301 Application-Layer Protocol Negotiation  
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 -define(ALPN_EXT, 16).
@@ -340,7 +340,7 @@
 -record(next_protocol, {selected_protocol}).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% ECC Extensions RFC 4492 section 4 and 5
+%% ECC Extensions RFC 8422  section 4 and 5 (RFC 7919 not supported)
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 -define(ELLIPTIC_CURVES_EXT, 10).
@@ -367,10 +367,11 @@
 -define(NAMED_CURVE, 3).
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% Server name indication RFC 6066 section 3
+%% RFC 6066 Server name indication 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
--define(SNI_EXT, 16#0000).
+%% section 3
+-define(SNI_EXT, 0).
 
 %% enum { host_name(0), (255) } NameType;
 -define(SNI_NAMETYPE_HOST_NAME, 0).
@@ -379,8 +380,43 @@
           hostname = undefined
         }).
 
+%% Other possible values from RFC 6066, not supported
+-define(MAX_FRAGMENT_LENGTH, 1).
+-define(CLIENT_CERTIFICATE_URL, 2).
+-define(TRUSTED_CA_KEYS, 3).
+-define(TRUNCATED_HMAC, 4).
+-define(STATUS_REQUEST, 5).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% RFC 7250 Using Raw Public Keys in Transport Layer Security (TLS)
+%% and Datagram Transport Layer Security (DTLS)
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% Not supported
+-define(CLIENT_CERTIFICATE_TYPE, 19).            
+-define(SERVER_CERTIFICATE_TYPE, 20).         
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% RFC 6520 Transport Layer Security (TLS) and
+%% Datagram Transport Layer Security (DTLS) Heartbeat Extension
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% Not supported
+-define(HEARTBEAT, 15).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% RFC 6962 Certificate Transparency     
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% Not supported
+-define(SIGNED_CERTIFICATE_TIMESTAMP, 18).
+
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% RFC 7685  A Transport Layer Security (TLS) ClientHello Padding Extension
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%% Not supported
+-define(PADDING, 21).
+
+
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-%% Supported Versions TLS 1.3  section 4.2.1
+%% Supported Versions TLS 1.3  section 4.2.1 also affects TLS-1.2
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
 -define(SUPPORTED_VERSIONS_EXT, 43).
diff --git a/lib/ssl/src/tls_handshake.erl b/lib/ssl/src/tls_handshake.erl
index 6812d3b42a..1fccc216cb 100644
--- a/lib/ssl/src/tls_handshake.erl
+++ b/lib/ssl/src/tls_handshake.erl
@@ -362,7 +362,7 @@ do_hello(Version, Versions, CipherSuites, Hello, SslOpts, Info, Renegotiation) -
 
 
 %%--------------------------------------------------------------------
-enc_handshake(#hello_request{}, _Version) ->
+enc_handshake(#hello_request{}, {3, N}) when N < 4 ->
     {?HELLO_REQUEST, <<>>};
 enc_handshake(#client_hello{client_version = {Major, Minor},
 		     random = Random,
@@ -381,7 +381,8 @@ enc_handshake(#client_hello{client_version = {Major, Minor},
 		      ?BYTE(SIDLength), SessionID/binary,
 		      ?UINT16(CsLength), BinCipherSuites/binary,
 		      ?BYTE(CmLength), BinCompMethods/binary, ExtensionsBin/binary>>};
-
+enc_handshake(HandshakeMsg, {3, 4}) ->
+    tls_handshake_1_3:encode_handshake(HandshakeMsg);
 enc_handshake(HandshakeMsg, Version) ->
     ssl_handshake:encode_handshake(HandshakeMsg, Version).
 
@@ -404,7 +405,7 @@ get_tls_handshake_aux(Version, <<?BYTE(Type), ?UINT24(Length),
 get_tls_handshake_aux(_Version, Data, _, Acc) ->
     {lists:reverse(Acc), Data}.
 
-decode_handshake(_, ?HELLO_REQUEST, <<>>) ->
+decode_handshake({3, N}, ?HELLO_REQUEST, <<>>) when N < 4 ->
     #hello_request{};
 decode_handshake(_Version, ?CLIENT_HELLO, 
                  <<?BYTE(Major), ?BYTE(Minor), Random:32/binary,
@@ -421,6 +422,8 @@ decode_handshake(_Version, ?CLIENT_HELLO,
        compression_methods = Comp_methods,
        extensions = DecodedExtensions
       };
+decode_handshake({3, 4}, Tag, Msg) ->
+    tls_handshake_1_3:decode_handshake(Tag, Msg);
 decode_handshake(Version, Tag, Msg) ->
     ssl_handshake:decode_handshake(Version, Tag, Msg).
 
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
new file mode 100644
index 0000000000..b4c5f268b8
--- /dev/null
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -0,0 +1,149 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2007-2018. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%
+%% %CopyrightEnd%
+%%
+
+%%----------------------------------------------------------------------
+%% Purpose: Help funtions for handling the TLS 1.3 (specific parts of)
+%%% TLS handshake protocol
+%%----------------------------------------------------------------------
+
+-module(tls_handshake_1_3).
+
+-include("tls_handshake_1_3.hrl").
+-include("ssl_alert.hrl").
+-include("ssl_internal.hrl").
+-include_lib("public_key/include/public_key.hrl").
+
+%% Encode
+-export([encode_handshake/1, decode_handshake/2]).
+
+encode_handshake(#certificate_request_1_3{
+                    certificate_request_context = Context, 
+                    extensions = Exts})->
+    EncContext = encode_cert_req_context(Context),
+    BinExts = encode_extensions(Exts),
+    {?CERTIFICATE_REQUEST, <<EncContext/binary, BinExts/binary>>};
+encode_handshake(#certificate_1_3{
+                    certificate_request_context = Context, 
+                    entries = Entries}) ->
+    EncContext = encode_cert_req_context(Context),
+    EncEntries = encode_cert_entries(Entries),
+    {?CERTIFICATE, <<EncContext/binary, EncEntries/binary>>};
+encode_handshake(#encrypted_extensions{extensions = Exts})->
+    {?ENCRYPTED_EXTENSIONS, encode_extensions(Exts)};        
+encode_handshake(#new_session_ticket{
+                    ticket_lifetime = LifeTime,  
+                    ticket_age_add = Age,   
+                    ticket_nonce = Nonce,     
+                    ticket = Ticket,           
+                    extensions = Exts}) ->
+    TicketSize = byte_size(Ticket),
+    BinExts = encode_extensions(Exts),
+    {?NEW_SESSION_TICKET, <<?UINT32(LifeTime), ?UINT32(Age),
+                            ?BYTE(Nonce), ?UINT16(TicketSize), Ticket/binary,
+                            BinExts/binary>>};
+encode_handshake(#end_of_earyly_data{}) ->
+    {?END_OF_EARLY_DATA, <<>>};
+encode_handshake(#key_update{request_update = Update}) ->
+    {?KEY_UPDATE, <<?BYTE(Update)>>};
+encode_handshake(HandshakeMsg) ->
+    ssl_handshake:encode_handshake(HandshakeMsg, {3,4}).
+
+decode_handshake(?CERTIFICATE_REQUEST, <<?BYTE(0), ?UINT16(Size), EncExts:Size/binary>>) ->
+    Exts = decode_extensions(EncExts),
+    #certificate_request_1_3{
+       certificate_request_context = <<>>,
+       extensions = Exts};
+decode_handshake(?CERTIFICATE_REQUEST, <<?BYTE(CSize), Context:CSize/binary,
+                                         ?UINT16(Size), EncExts:Size/binary>>) ->
+    Exts = decode_extensions(EncExts),
+    #certificate_request_1_3{
+       certificate_request_context = Context,
+       extensions = Exts};
+decode_handshake(?CERTIFICATE, <<?BYTE(0), ?UINT24(Size), Certs:Size/binary>>) ->
+    CertList = decode_cert_entries(Certs),
+    #certificate_1_3{ 
+       certificate_request_context = <<>>,
+       entries = CertList
+      };
+decode_handshake(?CERTIFICATE, <<?BYTE(CSize), Context:CSize/binary,
+                                 ?UINT24(Size), Certs:Size/binary>>) ->
+    CertList = decode_cert_entries(Certs),
+    #certificate_1_3{ 
+       certificate_request_context = Context,
+       entries = CertList
+      };
+decode_handshake(?ENCRYPTED_EXTENSIONS, EncExts) ->
+    #encrypted_extensions{
+       extensions = decode_extensions(EncExts)
+      };
+decode_handshake(?NEW_SESSION_TICKET, <<?UINT32(LifeTime), ?UINT32(Age),
+                                        ?BYTE(Nonce), ?UINT16(TicketSize), Ticket:TicketSize/binary,
+                                        BinExts/binary>>) ->
+    Exts = decode_extensions(BinExts),
+    #new_session_ticket{ticket_lifetime = LifeTime,  
+                        ticket_age_add = Age,   
+                        ticket_nonce = Nonce,     
+                        ticket = Ticket,           
+                        extensions = Exts};
+decode_handshake(?END_OF_EARLY_DATA, _) ->
+    #end_of_earyly_data{};
+decode_handshake(?KEY_UPDATE, <<?BYTE(Update)>>) ->
+    #key_update{request_update = Update};
+decode_handshake(Tag, HandshakeMsg) ->
+    ssl_handshake:decode_handshake({3,4}, Tag, HandshakeMsg).
+
+%%--------------------------------------------------------------------
+%%% Internal functions
+%%--------------------------------------------------------------------
+encode_cert_req_context(<<>>) ->
+    <<?BYTE(0)>>;
+encode_cert_req_context(Bin) ->
+    Size = byte_size(Bin),
+    <<?BYTE(Size), Bin/binary>>.
+
+encode_cert_entries(Entries) ->
+    CertEntryList = encode_cert_entries(Entries, []),
+    Size = byte_size(CertEntryList),
+    <<?UINT24(Size), CertEntryList/binary>>.
+ 
+encode_cert_entries([], Acc) ->
+    iolist_to_binary(lists:reverse(Acc));
+encode_cert_entries([#certificate_entry{data = Data,
+                                        extensions = Exts} | Rest], Acc) ->
+    BinExts = encode_extensions(Exts),
+    Size = byte_size(Data),
+    encode_cert_entries(Rest, 
+                        [<<?UINT24(Size), Data/binary, BinExts/binary>> | Acc]).
+
+decode_cert_entries(Entries) ->
+    decode_cert_entries(Entries, []).
+
+decode_cert_entries(<<>>, Acc) ->
+    lists:reverse(Acc);
+decode_cert_entries(<<?UINT24(DSize), Data:DSize/binary, ?UINT24(Esize), BinExts:Esize/binary,
+                      Rest/binary>>, Acc) ->
+    Exts = decode_extensions(BinExts),
+    decode_cert_entries(Rest, [#certificate_entry{data = Data,
+                                                  extensions = Exts} | Acc]).
+
+encode_extensions(Exts)->
+    ssl_handshake:encode_hello_extensions(Exts).
+decode_extensions(Exts) ->
+    ssl_handshake:decode_hello_extensions(Exts).
diff --git a/lib/ssl/src/tls_handshake_1_3.hrl b/lib/ssl/src/tls_handshake_1_3.hrl
new file mode 100644
index 0000000000..b07fa967b5
--- /dev/null
+++ b/lib/ssl/src/tls_handshake_1_3.hrl
@@ -0,0 +1,230 @@
+%%
+%% %CopyrightBegin%
+%%
+%% Copyright Ericsson AB 2018-2018. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%%
+%%     http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%
+%% %CopyrightEnd%
+%%
+%%
+%%----------------------------------------------------------------------
+%% Purpose: Record and constant defenitions for the TLS-handshake protocol
+%% see RFC 8446. Also includes supported hello extensions.
+%%----------------------------------------------------------------------
+
+-ifndef(tls_handshake_1_3).
+-define(tls_handshake_1_3, true).
+
+%% Common to TLS-1.3 and previous TLS versions 
+%% Some defenitions may not exist in TLS-1.3 this is 
+%% handled elsewhere
+-include("tls_handshake.hrl"). 
+
+%% New handshake types in TLS-1.3 RFC 8446 B.3
+-define(NEW_SESSION_TICKET, 4).
+-define(END_OF_EARLY_DATA, 5).
+-define(ENCRYPTED_EXTENSIONS, 8).
+-define(KEY_UPDATE, 24).
+%% %% Not really a message but special way to handle handshake hashes
+%% %% when a "hello-retry-request" (special server_hello) is sent
+-define(MESSAGE_HASH, 254). 
+
+%% %%  RFC 8446 B.3.1. 
+%% %% New extension types in TLS-1.3 
+-define(PRE_SHARED_KEY, 41).                     
+-define(EARLY_DATA, 42).                          
+%%-define(SUPPORTED_VERSIONS, 43). %% Updates TLS 1.2 so defined in ssl_handshake.hrl                 
+-define(COOKIE, 44).                              
+-define(PSK_KEY_EXCHANGE_MODES, 45).              
+-define(CERTIFICATE_AUTHORITIES, 47).             
+-define(OID_FILTERS, 48).                         
+-define(POST_HANDSHAKE_AUTH, 49).                 
+-define(SIGNATURE_ALGORITHMS_CERT, 50).           
+-define(KEY_SHARE, 51).                           
+
+%%  RFC 8446 B.3.1
+-record(key_share_entry, {
+          group,  %NamedGroup
+          key_exchange %key_exchange<1..2^16-1>;
+         }).
+-record(key_share_client_hello, {
+          entries  %% KeyShareEntry client_shares<0..2^16-1>;
+         }).
+-record(key_share_hello_retry_request, {
+          selected_group  %%  NamedGroup
+         }).
+-record(key_share_server_hello, {
+          server_share  %% KeyShareEntry server_share;
+         }).
+
+-record(uncompressed_point_representation, {
+          legacy_form = 4, %     uint8 legacy_form = 4;
+          x,               %     opaque X[coordinate_length];
+          y                %     opaque Y[coordinate_length];
+         }).
+
+-define(PSK_KE, 0).
+-define(PSK_DHE_KE, 1).
+
+-record(psk_keyexchange_modes, {
+          ke_modes % ke_modes<1..255>
+         }).
+-record(empty, {
+         }).
+-record(early_data_indication, {
+          indication % uint32 max_early_data_size (new_session_ticket) | 
+          %% #empty{} (client_hello, encrypted_extensions)
+         }).
+-record(psk_identity, {
+          identity, %     opaque identity<1..2^16-1>
+          obfuscated_ticket_age %  uint32
+         }).
+-record(offered_psks, {
+          psk_identity,    %identities<7..2^16-1>;
+          psk_binder_entry %binders<33..2^16-1>,  opaque PskBinderEntry<32..255>
+         }).
+-record(pre_shared_keyextension,{ 
+          extension %OfferedPsks (client_hello) | uint16 selected_identity (server_hello)
+         }).
+
+%% RFC 8446 B.3.1.2.
+-record(cookie, {
+          cookie %cookie<1..2^16-1>;
+         }).
+
+%%% RFC 8446 B.3.1.3.  Signature Algorithm Extension
+%% Signature Schemes
+%% RSASSA-PKCS1-v1_5 algorithms
+-define(RSA_PKCS1_SHA256, 16#0401).
+-define(RSA_PKCS1_SHA384, 16#0501).
+-define(RSA_PKCS1_SHA512, 16#0601).
+
+%% ECDSA algorithms 
+-define(ECDSA_SECP256R1_SHA256, 16#0403).
+-define(ECDSA_SECP384R1_SHA384, 16#0503).
+-define(ECDSA_SECP521R1_SHA512, 16#0603).
+
+%% RSASSA-PSS algorithms with public key OID rsaEncryption 
+-define(RSA_PSS_RSAE_SHA256, 16#0804).
+-define(RSA_PSS_RSAE_SHA384, 16#0805).
+-define(RSA_PSS_RSAE_SHA512, 16#0806).
+
+%% EdDSA algorithms 
+-define(ED25519, 16#0807).
+-define(ED448, 16#0808).
+
+%% RSASSA-PSS algorithms with public key OID RSASSA-PSS 
+-define(RSA_PSS_PSS_SHA256, 16#0809).
+-define(RSA_PSS_PSS_SHA384, 16#080a).
+-define(RSA_PSS_PSS_SHA512, 16#080b).
+
+%% Legacy algorithms
+-define(RSA_PKCS1_SHA1, 16#201).
+-define(ECDSA_SHA1, 16#0203).
+
+-record(signature_scheme_list, {
+          signature_scheme_list
+         }).
+
+%%  RFC 8446 B.3.1.4.  Supported Groups Extension
+%% Elliptic Curve Groups (ECDHE)
+-define(SECP256R1, 16#0017). 
+-define(SECP384R1, 16#0018). 
+-define(SECP521R1, 16#0019).
+-define(X25519, 16#001D).
+-define(X448, 16#001E).
+
+%% RFC 8446 Finite Field Groups (DHE)
+-define(FFDHE2048, 16#0100).
+-define(FFDHE3072, 16#0101).
+-define(FFDHE4096, 16#0102). 
+-define(FFDHE6144, 16#0103).
+-define(FFDHE8192 ,16#0104).
+
+-record(named_group_list, {
+        named_group_list  %named_group_list<2..2^16-1>;
+         }).
+
+%%  RFC 8446 B.3.2 Server Parameters Messages
+%%  opaque DistinguishedName<1..2^16-1>;XS
+-record(certificate_authoritie_sextension, {
+          authorities  %DistinguishedName authorities<3..2^16-1>;
+         }).
+
+-record(oid_filter, {
+          certificate_extension_oid, % opaque certificate_extension_oid<1..2^8-1>;
+          certificate_extension_values % opaque certificate_extension_values<0..2^16-1>;
+         }).
+
+-record(oid_filter_extension, {
+          filters %OIDFilter filters<0..2^16-1>;
+         }).
+-record(post_handshake_auth, {
+         }).
+
+-record(encrypted_extensions, {
+          extensions  %extensions<0..2^16-1>;
+         }).
+
+-record(certificate_request_1_3, {
+          certificate_request_context, % opaque certificate_request_context<0..2^8-1>;
+          extensions %Extension extensions<2..2^16-1>;
+         }).
+
+%%  RFC 8446 B.3.3  Authentication Messages
+
+%% Certificate Type
+-define(X509, 0).
+-define(OpenPGP_RESERVED, 1).
+-define(RawPublicKey, 2).
+
+-record(certificate_entry, {
+          data,  
+          %% select (certificate_type) {
+          %%     case RawPublicKey:
+          %%       /* From RFC 7250 ASN.1_subjectPublicKeyInfo */
+          %%       opaque ASN1_subjectPublicKeyInfo<1..2^24-1>;
+
+          %%     case X509:
+          %%       opaque cert_data<1..2^24-1>;
+          %% };
+          extensions %% Extension extensions<0..2^16-1>;
+         }).
+
+-record(certificate_1_3, {
+          certificate_request_context, % opaque certificate_request_context<0..2^8-1>;
+          entries    % CertificateEntry certificate_list<0..2^24-1>;
+         }).
+
+%% RFC 8446 B.3.4. Ticket Establishment
+-record(new_session_ticket, {
+          ticket_lifetime,  %unit32
+          ticket_age_add,   %unit32
+          ticket_nonce,     %opaque ticket_nonce<0..255>;
+          ticket,           %opaque ticket<1..2^16-1>
+          extensions        %extensions<0..2^16-2>
+         }).
+
+%%  RFC 8446 B.3.5. Updating Keys
+-record(end_of_earyly_data, {
+         }).
+
+-define(UPDATE_NOT_REQUESTED, 0).
+-define(UPDATE_REQUESTED, 1).
+
+-record(key_update, {
+          request_update
+         }).
+
+-endif. % -ifdef(tls_handshake_1_3).
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 9bd82e4953..79d50684f1 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -32,7 +32,7 @@
 -export([master_secret/4, finished/5, certificate_verify/3, mac_hash/7, hmac_hash/3,
 	 setup_keys/8, suites/1, prf/5,
 	 ecc_curves/1, ecc_curves/2, oid_to_enum/1, enum_to_oid/1, 
-	 default_signature_algs/1, signature_algs/2]).
+	 default_signature_algs/1, signature_algs/2, v1_3_filters/0]).
 
 -type named_curve() :: sect571r1 | sect571k1 | secp521r1 | brainpoolP512r1 |
                        sect409k1 | sect409r1 | brainpoolP384r1 | secp384r1 |
@@ -247,10 +247,12 @@ suites(3) ->
      %% ?TLS_DH_DSS_WITH_AES_128_GCM_SHA256
     ] ++ suites(2);
 
-
 suites(4) ->
-    suites(3).
+    ssl:filter_cipher_suites(suites(3), v1_3_filters()).
 
+v1_3_filters() ->
+    [{mac, fun(aead) -> true; (_) -> false end}, 
+     {key_exchange, fun(dhe_dss) -> false;(rsa) -> false; (rsa_psk) -> false;(_) -> true end}].
 
 signature_algs({3, 4}, HashSigns) ->
     signature_algs({3, 3}, HashSigns);