Hi! Since my last update I worked on the cryptography module. Using the openssl EVP interface, via the deimos bindings, I created some methods for the generation of public/private key pairs and the shared key. I also implemented the signature validation, according to the TLS 1.3 spec, needed if the other peer provides a certificate.
Working on this offered me the opportunity to learn about concepts like hybrid encryption and forward secrecy (even with unauthorized access to the private key of the peer's certificate, past messages cannot be decrypted thanks to the use of ephemeral public/private key pairs during the handshake phase).
Suggestions are welcome! Thanks!