Add TLS 1.3 CLI client and strengthen session state, I/O and key-update handling by blackshirt · Pull Request #8 · blackshirt/tls13

blackshirt · 2026-06-15T03:53:54Z

Provide a simple command-line TLS 1.3 client to connect, send application data or an HTTP GET and inspect session tickets.
Improve session lifecycle correctness by validating TLS state transitions and enforcing expected states when parsing messages.
Implement missing post-handshake behaviors such as KeyUpdate handling and ticket collection, and make SNI/compatibility options configurable.

Add a full-featured CLI in main.v with argument parsing (--connect, --servername, --message, --http, --no-read, --read-all, --no-tickets, --compat) and a convenience tls13.dial flow that performs handshake and exposes Session for application I/O.
Extend Options with server_name and compat and thread server_name/SNI into ClientHello creation; add host_from_address, application_payload, usage, and parse_args helpers.
Implement connection convenience and I/O APIs in session code: dial, connected, read_application_data, and improved write_application_data, plus ticket collection via tickets() usage in client run-loop.
Harden handshake and post-handshake parsing: add require_tls_state checks, replace ad-hoc change_tls_state with validated can_transition_tls_state/transition_tls_state (preserving a panic-on-invalid change_tls_state), verify server Finished verify_data, and pack/send KeyUpdate correctly.
Implement key-update secret rotation helpers update_server_application_traffic_secret and update_client_application_traffic_secret, update client behavior to respond to KeyUpdate requests, and adjust state transitions after key updates.

Fix main CLI argument parsing

877e097

blackshirt added the codex label Jun 15, 2026 — with ChatGPT Codex Connector

Provide feedback