1. 03 2月, 2015 2 次提交
  2. 29 1月, 2015 1 次提交
  3. 28 1月, 2015 1 次提交
  4. 22 1月, 2015 3 次提交
  5. 13 1月, 2015 1 次提交
  6. 07 1月, 2015 1 次提交
  7. 06 1月, 2015 2 次提交
  8. 05 1月, 2015 1 次提交
  9. 17 12月, 2014 1 次提交
  10. 16 12月, 2014 1 次提交
  11. 09 12月, 2014 1 次提交
  12. 08 12月, 2014 1 次提交
  13. 04 12月, 2014 1 次提交
  14. 03 12月, 2014 1 次提交
  15. 24 10月, 2014 1 次提交
  16. 22 10月, 2014 1 次提交
  17. 15 10月, 2014 1 次提交
  18. 29 8月, 2014 1 次提交
  19. 15 8月, 2014 1 次提交
  20. 04 7月, 2014 1 次提交
  21. 13 5月, 2014 1 次提交
  22. 12 5月, 2014 1 次提交
  23. 28 3月, 2014 3 次提交
    • D
      Security framework. · b362ccab
      Dr. Stephen Henson 提交于
      Security callback: selects which parameters are permitted including
      sensible defaults based on bits of security.
      
      The "parameters" which can be selected include: ciphersuites,
      curves, key sizes, certificate signature algorithms, supported
      signature algorithms, DH parameters, SSL/TLS version, session tickets
      and compression.
      
      In some cases prohibiting the use of a parameters will mean they are
      not advertised to the peer: for example cipher suites and ECC curves.
      In other cases it will abort the handshake: e.g DH parameters or the
      peer key size.
      
      Documentation to follow...
      b362ccab
    • D
      Allow return of supported ciphers. · 8b8e5bed
      Dr. Stephen Henson 提交于
      New function ssl_cipher_disabled.
      
      Check for disabled client ciphers using ssl_cipher_disabled.
      
      New function to return only supported ciphers.
      
      New option to ciphers utility to print only supported ciphers.
      8b8e5bed
    • D
      Auto DH support. · 09599b52
      Dr. Stephen Henson 提交于
      Add auto DH parameter support. This is roughly equivalent to the
      ECDH auto curve selection but for DH. An application can just call
      
      SSL_CTX_set_auto_dh(ctx, 1);
      
      and appropriate DH parameters will be used based on the size of the
      server key.
      
      Unlike ECDH there is no way a peer can indicate the range of DH parameters
      it supports. Some peers cannot handle DH keys larger that 1024 bits for
      example. In this case if you call:
      
      SSL_CTX_set_auto_dh(ctx, 2);
      
      Only 1024 bit DH parameters will be used.
      
      If the server key is 7680 bits or more in size then 8192 bit DH parameters
      will be used: these will be *very* slow.
      
      The old export ciphersuites aren't supported but those are very
      insecure anyway.
      09599b52
  24. 22 2月, 2014 1 次提交
  25. 16 1月, 2014 1 次提交
  26. 09 1月, 2014 2 次提交
    • D
      use SSL_kDHE throughout instead of SSL_kEDH · 5a21cadb
      Daniel Kahn Gillmor 提交于
      DHE is the standard term used by the RFCs and by other TLS
      implementations.  It's useful to have the internal variables use the
      standard terminology.
      
      This patch leaves a synonym SSL_kEDH in place, though, so that older
      code can still be built against it, since that has been the
      traditional API.  SSL_kEDH should probably be deprecated at some
      point, though.
      5a21cadb
    • D
      use SSL_kECDHE throughout instead of SSL_kEECDH · 4082fea8
      Daniel Kahn Gillmor 提交于
      ECDHE is the standard term used by the RFCs and by other TLS
      implementations.  It's useful to have the internal variables use the
      standard terminology.
      
      This patch leaves a synonym SSL_kEECDH in place, though, so that older
      code can still be built against it, since that has been the
      traditional API.  SSL_kEECDH should probably be deprecated at some
      point, though.
      4082fea8
  27. 13 12月, 2013 1 次提交
  28. 19 11月, 2013 1 次提交
  29. 14 11月, 2013 1 次提交
  30. 06 9月, 2013 2 次提交
    • B
      More cleanup. · 5eda213e
      Ben Laurie 提交于
      5eda213e
    • S
      Add callbacks supporting generation and retrieval of supplemental data... · 36086186
      Scott Deboy 提交于
      Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
      Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
      Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
      Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
      36086186
  31. 18 8月, 2013 1 次提交
  32. 22 7月, 2013 1 次提交