- 05 9月, 2013 1 次提交
-
-
由 Rob Stradling 提交于
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-
- 18 8月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
-
- 14 8月, 2013 1 次提交
-
-
由 Michael Tuexen 提交于
This fix ensures that * A HelloRequest is retransmitted if not responded by a ClientHello * The HelloRequest "consumes" the sequence number 0. The subsequent ServerHello uses the sequence number 1. * The client also expects the sequence number of the ServerHello to be 1 if a HelloRequest was received earlier. This patch fixes the RFC violation.
-
- 08 8月, 2013 1 次提交
-
-
由 Michael Tuexen 提交于
Reported by: Prashant Jaikumar <rmstar@gmail.com> Fix handling of application data received before a handshake.
-
- 31 7月, 2013 1 次提交
-
-
由 Trevor Perrin 提交于
Force no SSL2 when custom extensions in use. Don't clear extension state when cert is set. Clear on renegotiate.
-
- 22 7月, 2013 2 次提交
-
-
由 Adam Langley 提交于
Conflicts: ssl/ssltest.c
-
由 Adam Langley 提交于
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. [1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00 Conflicts: ssl/ssl3.h ssl/t1_lib.c
-
- 28 6月, 2013 2 次提交
-
-
由 Trevor 提交于
-
由 Dr. Stephen Henson 提交于
-
- 18 6月, 2013 1 次提交
-
-
由 Trevor 提交于
serverinfo rejects non-empty extensions. Omit extension if no relevant serverinfo data. Improve error-handling in serverinfo callback. Cosmetic cleanups. s_client documentation. s_server documentation. SSL_CTX_serverinfo documentation. Cleaup -1 and NULL callback handling for custom extensions, add tests. Cleanup ssl_rsa.c serverinfo code. Whitespace cleanup. Improve comments in ssl.h for serverinfo. Whitespace. Cosmetic cleanup. Reject non-zero-len serverinfo extensions. Whitespace. Make it build.
-
- 14 6月, 2013 1 次提交
-
-
由 Adam Langley 提交于
in order to prevent ssl3_get_record from never returning. Reported by "oftc_must_be_destroyed" and George Kadianakis.
-
- 13 6月, 2013 2 次提交
-
-
由 Adam Langley 提交于
that bad encryptions are treated like random session keys in constant time.
-
由 Trevor 提交于
Contributed by Trevor Perrin.
-
- 14 5月, 2013 1 次提交
-
-
由 Andy Polyakov 提交于
-
- 14 4月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 09 4月, 2013 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Check for Suite B support using method flags instead of version numbers: anything supporting TLS 1.2 cipher suites will also support Suite B. Return an error if an attempt to use DTLS 1.0 is made in Suite B mode.
-
由 Dr. Stephen Henson 提交于
If we successfully match a cookie don't set return value to 2 as this results in other error conditions returning 2 as well. Instead set return value to -2 which can be checked later if everything else is OK.
-
由 Dr. Stephen Henson 提交于
Add new methods DTLS_*_method() which support both DTLS 1.0 and DTLS 1.2 and pick the highest version the peer supports during negotiation. As with SSL/TLS options can change this behaviour specifically SSL_OP_NO_DTLSv1 and SSL_OP_NO_DTLSv1_2.
-
由 Dr. Stephen Henson 提交于
-
- 05 4月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Since s->method does not reflect the final client version when a client hello is sent for SSLv23_client_method it can't be relied on to indicate if TLS 1.2 ciphers should be used. So use the client version instead.
-
- 28 3月, 2013 3 次提交
-
-
由 Dr. Stephen Henson 提交于
Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in DTLS 1.2 mode too.
-
由 Dr. Stephen Henson 提交于
The relaxed signing requirements for fixed DH certificates apply to DTLS 1.2 too.
-
由 Dr. Stephen Henson 提交于
Add DTLS1.2 support for cached records when computing handshake macs instead of the MD5+SHA1 case for DTLS < 1.2 (this is a port of the equivalent TLS 1.2 code to DTLS).
-
- 26 3月, 2013 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Add correct flags for DTLS 1.2, update s_server and s_client to handle DTLS 1.2 methods. Currently no support for version negotiation: i.e. if client/server selects DTLS 1.2 it is that or nothing.
-
由 Dr. Stephen Henson 提交于
Since this is always called from DTLS code it is safe to assume the header length should be the DTLS value. This avoids the need to check the version number and should work with any version of DTLS (not just 1.0).
-
由 Dr. Stephen Henson 提交于
Extend DTLS method creation macros to support version numbers and encryption methods. Update existing code.
-
由 Dr. Stephen Henson 提交于
Some TLS extensions were disabled for DTLS. Possibly because they caused problems with the old duplicated code. Enable them again.
-
- 19 3月, 2013 2 次提交
-
-
由 Dr. Stephen Henson 提交于
The only standard compression method is stateful and is incompatible with DTLS.
-
由 Dr. Stephen Henson 提交于
-
- 18 3月, 2013 4 次提交
-
-
由 Dr. Stephen Henson 提交于
Use the enc_flags field to determine whether we should use explicit IV, signature algorithms or SHA256 default PRF instead of hard coding which versions support each requirement.
-
由 Dr. Stephen Henson 提交于
-
由 Dr. Stephen Henson 提交于
Revise DTLS code. There was a *lot* of code duplication in the DTLS code that generates records. This makes it harder to maintain and sometimes a TLS update is omitted by accident from the DTLS code. Specifically almost all of the record generation functions have code like this: some_pointer = buffer + HANDSHAKE_HEADER_LENGTH; ... Record creation stuff ... set_handshake_header(ssl, SSL_MT_SOMETHING, message_len); ... write_handshake_message(ssl); Where the "Record creation stuff" is identical between SSL/TLS and DTLS or in some cases has very minor differences. By adding a few fields to SSL3_ENC to include the header length, some flags and function pointers for handshake header setting and handshake writing the code can cope with both cases. Note: although this passes "make test" and some simple DTLS tests there may be some minor differences in the DTLS code that have to be accounted for.
-
由 Michael Tuexen 提交于
-
- 11 3月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
Add DTLS record header parsing, different client hello format and add HelloVerifyRequest message type. Add code to d1_pkt.c to send message headers to the message callback.
-
- 27 2月, 2013 1 次提交
-
-
由 Dr. Stephen Henson 提交于
-
- 22 2月, 2013 2 次提交
-
-
由 Ben Laurie 提交于
Not sure why I am getting these now and not before.
-
由 Ben Laurie 提交于
-
- 12 2月, 2013 2 次提交
-
-
由 David Woodhouse 提交于
The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility. PR:2984
-
由 Dr. Stephen Henson 提交于
(cherry picked from commit cbf9b4aed3e209fe8a39e1d6f55aaf46d1369dc4)
-