- 13 12月, 2014 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NKurt Roeckx <kurt@openssl.org>
-
- 20 11月, 2014 1 次提交
-
-
由 Emilia Kasper 提交于
once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. (Because the first CCS would latch the correct keys and subsequent CCS messages would have to be encrypted, a MitM attacker cannot exploit this, though.) Thanks to Joeri de Ruiter for reporting this issue. Reviewed-by: NMatt Caswell <matt@openssl.org>
-
- 16 7月, 2014 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Use same logic when determining when to expect a client certificate for both TLS and DTLS. PR#3452
-
- 09 1月, 2014 2 次提交
-
-
由 Daniel Kahn Gillmor 提交于
DHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEDH should probably be deprecated at some point, though.
-
由 Daniel Kahn Gillmor 提交于
ECDHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEECDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEECDH should probably be deprecated at some point, though.
-
- 02 11月, 2013 1 次提交
-
-
由 Robin Seggelmann 提交于
PR: 2808 With DTLS/SCTP the SCTP extension SCTP-AUTH is used to protect DATA and FORWARD-TSN chunks. The key for this extension is derived from the master secret and changed with the next ChangeCipherSpec, whenever a new key has been negotiated. The following Finished then already uses the new key. Unfortunately, the ChangeCipherSpec and Finished are part of the same flight as the ClientKeyExchange, which is necessary for the computation of the new secret. Hence, these messages are sent immediately following each other, leaving the server very little time to compute the new secret and pass it to SCTP before the finished arrives. So the Finished is likely to be discarded by SCTP and a retransmission becomes necessary. To prevent this issue, the Finished of the client is still sent with the old key. (cherry picked from commit 9fb523adce6fd6015b68da2ca8e4ac4900ac2be2)
-
- 14 8月, 2013 1 次提交
-
-
由 Michael Tuexen 提交于
This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation.
-
- 09 4月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Check for Suite B support using method flags instead of version numbers: anything supporting TLS 1.2 cipher suites will also support Suite B. Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
-
由 Dr. Stephen Henson 提交于
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
-
- 28 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add DTLS1.2 support for cached records when computing handshake macs instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the equivalent TLS 1.2 code to DTLS).
-
- 26 3月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing.
-
由 Dr. Stephen Henson 提交于
Extend DTLS method creation macros to support version numbers and encryption methods. Update existing code.
-
- 18 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Revise DTLS code. There was a *lot* of code duplication in the DTLS code that generates records. This makes it harder to maintain and sometimes a TLS update is omitted by accident from the DTLS code. Specifically almost all of the record generation functions have code like this: some_pointer = buffer + HANDSHAKE_HEADER_LENGTH; ... Record creation stuff ... set_handshake_header(ssl, SSL_MT_SOMETHING, message_len); ... write_handshake_message(ssl); Where the "Record creation stuff" is identical between SSL/TLS and DTLS or in some cases has very minor differences. By adding a few fields to SSL3_ENC to include the header length, some flags and function pointers for handshake header setting and handshake writing the code can cope with both cases. Note: although this passes "make test" and some simple DTLS tests there may be some minor differences in the DTLS code that have to be accounted for.
-
- 01 4月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time).
-
- 06 3月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock.
-
- 27 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
certificate chain instead of an X509 structure. This makes it easier to enhance code in future and the chain output functions have access to the CERT_PKEY structure being used.
-
- 01 1月, 2012 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.
-
- 25 12月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Add SCTP support for DTLS (RFC 6083).
-
- 27 10月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix for ECC keys and DTLS.
-
- 05 9月, 2011 2 次提交
-
-
由 Bodo Möller 提交于
-
由 Bodo Möller 提交于
Submitted by: Adam Langley
-
- 20 7月, 2011 2 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS sequence number bug
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Fix DTLS HelloVerifyRequest Timer bug
-
- 25 5月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 06 5月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
signature algorithms extension and correct signature format for server key exchange. All ciphersuites should now work on the server but no client support and no client certificate support yet.
-
- 04 4月, 2011 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Don't change state when answering DTLS ClientHello.
-
- 26 8月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de> Support for abbreviated handshakes when renegotiating.
-
- 02 2月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Make session tickets work with DTLS.
-
- 01 2月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Typo in PR#1949 bug, oops!
-
- 27 1月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: steve@openssl.org More robust fix and workaround for PR#1949. Don't try to work out if there is any write pending data as this can be unreliable: always flush.
-
- 20 1月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Better fix for PR#2144
-
- 17 1月, 2010 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: steve@openssl.org Fix DTLS connection so new_session is reset if we read second client hello: new_session is used to detect renegotiation.
-
- 09 12月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 08 12月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Add extension support to DTLS code mainly using existing implementation for TLS.
-
- 02 12月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
-
- 10 9月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org DTLS listen support.
-
- 05 9月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Approved by: steve@openssl.org Fix DTLS cookie management bugs.
-
- 05 6月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 01 6月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 16 5月, 2009 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-