1. 01 3月, 2017 1 次提交
  2. 28 2月, 2017 1 次提交
  3. 24 2月, 2017 2 次提交
  4. 21 2月, 2017 1 次提交
  5. 15 2月, 2017 2 次提交
  6. 08 2月, 2017 1 次提交
  7. 03 2月, 2017 1 次提交
  8. 02 2月, 2017 2 次提交
  9. 31 1月, 2017 2 次提交
  10. 30 1月, 2017 6 次提交
  11. 10 1月, 2017 2 次提交
  12. 23 11月, 2016 1 次提交
    • M
      Update state machine to be closer to TLS1.3 · 92760c21
      Matt Caswell 提交于
      This is a major overhaul of the TLSv1.3 state machine. Currently it still
      looks like TLSv1.2. This commit changes things around so that it starts
      to look a bit less like TLSv1.2 and bit more like TLSv1.3.
      
      After this commit we have:
      
      ClientHello
      + key_share          ---->
                                 ServerHello
                                 +key_share
                                 {CertificateRequest*}
                                 {Certificate*}
                                 {CertificateStatus*}
                           <---- {Finished}
      {Certificate*}
      {CertificateVerify*}
      {Finished}           ---->
      [ApplicationData]    <---> [Application Data]
      
      Key differences between this intermediate position and the final TLSv1.3
      position are:
      - No EncryptedExtensions message yet
      - No server side CertificateVerify message yet
      - CertificateStatus still exists as a separate message
      - A number of the messages are still in the TLSv1.2 format
      - Still running on the TLSv1.2 record layer
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      92760c21
  13. 16 11月, 2016 1 次提交
    • M
      Start using the key_share data to derive the PMS · 0f1e51ea
      Matt Caswell 提交于
      The previous commits put in place the logic to exchange key_share data. We
      now need to do something with that information. In <= TLSv1.2 the equivalent
      of the key_share extension is the ServerKeyExchange and ClientKeyExchange
      messages. With key_share those two messages are no longer necessary.
      
      The commit removes the SKE and CKE messages from the TLSv1.3 state machine.
      TLSv1.3 is completely different to TLSv1.2 in the messages that it sends
      and the transitions that are allowed. Therefore, rather than extend the
      existing <=TLS1.2 state transition functions, we create a whole new set for
      TLSv1.3. Intially these are still based on the TLSv1.2 ones, but over time
      they will be amended.
      
      The new TLSv1.3 transitions remove SKE and CKE completely. There's also some
      cleanup for some stuff which is not relevant to TLSv1.3 and is easy to
      remove, e.g. the DTLS support (we're not doing DTLSv1.3 yet) and NPN.
      
      I also disable EXTMS for TLSv1.3. Using it was causing some added
      complexity, so rather than fix it I removed it, since eventually it will not
      be needed anyway.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      0f1e51ea
  14. 15 11月, 2016 2 次提交
  15. 14 11月, 2016 1 次提交
  16. 10 11月, 2016 1 次提交
  17. 04 11月, 2016 7 次提交
  18. 02 11月, 2016 1 次提交
  19. 03 10月, 2016 3 次提交
  20. 29 9月, 2016 2 次提交