1. 06 2月, 2015 2 次提交
  2. 03 2月, 2015 3 次提交
  3. 29 1月, 2015 1 次提交
  4. 28 1月, 2015 1 次提交
  5. 22 1月, 2015 3 次提交
  6. 13 1月, 2015 1 次提交
  7. 07 1月, 2015 1 次提交
  8. 06 1月, 2015 2 次提交
  9. 05 1月, 2015 1 次提交
  10. 17 12月, 2014 1 次提交
  11. 16 12月, 2014 1 次提交
  12. 09 12月, 2014 1 次提交
  13. 08 12月, 2014 1 次提交
  14. 04 12月, 2014 1 次提交
  15. 03 12月, 2014 1 次提交
  16. 24 10月, 2014 1 次提交
  17. 22 10月, 2014 1 次提交
  18. 15 10月, 2014 1 次提交
  19. 29 8月, 2014 1 次提交
  20. 15 8月, 2014 1 次提交
  21. 04 7月, 2014 1 次提交
  22. 13 5月, 2014 1 次提交
  23. 12 5月, 2014 1 次提交
  24. 28 3月, 2014 3 次提交
    • D
      Security framework. · b362ccab
      Dr. Stephen Henson 提交于
      Security callback: selects which parameters are permitted including
      sensible defaults based on bits of security.
      
      The "parameters" which can be selected include: ciphersuites,
      curves, key sizes, certificate signature algorithms, supported
      signature algorithms, DH parameters, SSL/TLS version, session tickets
      and compression.
      
      In some cases prohibiting the use of a parameters will mean they are
      not advertised to the peer: for example cipher suites and ECC curves.
      In other cases it will abort the handshake: e.g DH parameters or the
      peer key size.
      
      Documentation to follow...
      b362ccab
    • D
      Allow return of supported ciphers. · 8b8e5bed
      Dr. Stephen Henson 提交于
      New function ssl_cipher_disabled.
      
      Check for disabled client ciphers using ssl_cipher_disabled.
      
      New function to return only supported ciphers.
      
      New option to ciphers utility to print only supported ciphers.
      8b8e5bed
    • D
      Auto DH support. · 09599b52
      Dr. Stephen Henson 提交于
      Add auto DH parameter support. This is roughly equivalent to the
      ECDH auto curve selection but for DH. An application can just call
      
      SSL_CTX_set_auto_dh(ctx, 1);
      
      and appropriate DH parameters will be used based on the size of the
      server key.
      
      Unlike ECDH there is no way a peer can indicate the range of DH parameters
      it supports. Some peers cannot handle DH keys larger that 1024 bits for
      example. In this case if you call:
      
      SSL_CTX_set_auto_dh(ctx, 2);
      
      Only 1024 bit DH parameters will be used.
      
      If the server key is 7680 bits or more in size then 8192 bit DH parameters
      will be used: these will be *very* slow.
      
      The old export ciphersuites aren't supported but those are very
      insecure anyway.
      09599b52
  25. 22 2月, 2014 1 次提交
  26. 16 1月, 2014 1 次提交
  27. 09 1月, 2014 2 次提交
    • D
      use SSL_kDHE throughout instead of SSL_kEDH · 5a21cadb
      Daniel Kahn Gillmor 提交于
      DHE is the standard term used by the RFCs and by other TLS
      implementations.  It's useful to have the internal variables use the
      standard terminology.
      
      This patch leaves a synonym SSL_kEDH in place, though, so that older
      code can still be built against it, since that has been the
      traditional API.  SSL_kEDH should probably be deprecated at some
      point, though.
      5a21cadb
    • D
      use SSL_kECDHE throughout instead of SSL_kEECDH · 4082fea8
      Daniel Kahn Gillmor 提交于
      ECDHE is the standard term used by the RFCs and by other TLS
      implementations.  It's useful to have the internal variables use the
      standard terminology.
      
      This patch leaves a synonym SSL_kEECDH in place, though, so that older
      code can still be built against it, since that has been the
      traditional API.  SSL_kEECDH should probably be deprecated at some
      point, though.
      4082fea8
  28. 13 12月, 2013 1 次提交
  29. 19 11月, 2013 1 次提交
  30. 14 11月, 2013 1 次提交
  31. 06 9月, 2013 1 次提交