#
2911575c |
| 13-Nov-2013 |
Piotr Sikora |
Fix compilation with no-nextprotoneg. PR#3106
|
#
0467ea68 |
| 06-Nov-2013 |
Dr. Stephen Henson |
Experimental workaround TLS filler (WTF) extension. Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS Client Hello record length value would otherw
Experimental workaround TLS filler (WTF) extension. Based on a suggested workaround for the "TLS hang bug" (see FAQ and PR#2771): if the TLS Client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512. To enable it use an unused extension number (for example 0x4242) using e.g. -DTLSEXT_TYPE_wtf=0x4242 WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
show more ...
|
#
29b490a4 |
| 01-Nov-2013 |
Piotr Sikora |
Fix SSL_OP_SINGLE_ECDH_USE Don't require a public key in tls1_set_ec_id if compression status is not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work. (cherry pick
Fix SSL_OP_SINGLE_ECDH_USE Don't require a public key in tls1_set_ec_id if compression status is not needed. This fixes a bug where SSL_OP_SINGLE_ECDH_USE wouldn't work. (cherry picked from commit 5ff68e8f6dac3b0d8997b8bc379f9111c2bab74f)
show more ...
|
#
45473632 |
| 15-Oct-2013 |
Dr. Stephen Henson |
Prevent use of RSA+MD5 in TLS 1.2 by default. Removing RSA+MD5 from the default signature algorithm list prevents its use by default. If a broken implementation attempts to use
Prevent use of RSA+MD5 in TLS 1.2 by default. Removing RSA+MD5 from the default signature algorithm list prevents its use by default. If a broken implementation attempts to use RSA+MD5 anyway the sanity checking of signature algorithms will cause a fatal alert.
show more ...
|
#
6699cb84 |
| 15-Oct-2013 |
Dr. Stephen Henson |
Add brainpool curves to NID table too.
|
#
c2c76a4d |
| 14-Oct-2013 |
Dr. Stephen Henson |
RFC7027 (Brainpool for TLS) support.
|
#
cbf81235 |
| 10-Sep-2013 |
Rob Stradling |
Tidy up comments.
|
#
378341e1 |
| 10-Sep-2013 |
Rob Stradling |
Use TLS version supplied by client when fingerprinting Safari.
|
Revision tags: OpenSSL-fips-2_0_3 |
|
#
5e3ff62c |
| 22-Mar-2013 |
Dr. Stephen Henson |
Experimental encrypt-then-mac support. Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number
Experimental encrypt-then-mac support. Experimental support for encrypt then mac from draft-gutmann-tls-encrypt-then-mac-02.txt To enable it set the appropriate extension number (0x10 for the test server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x10 For non-compliant peers (i.e. just about everything) this should have no effect.
show more ...
|
#
a6a48e87 |
| 01-Aug-2013 |
Ben Laurie |
Make it build.
|
#
36086186 |
| 18-Jun-2013 |
Scott Deboy |
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented u
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API Tests exercising the new supplemental data registration and callback api can be found in ssltest.c. Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
show more ...
|
#
dece3209 |
| 05-Sep-2013 |
Rob Stradling |
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
|
#
14536c8c |
| 17-Aug-2013 |
Dr. Stephen Henson |
Make no-ec compilation work.
|
#
0b2bde70 |
| 28-Jul-2013 |
Trevor Perrin |
Various custom extension fixes. Force no SSL2 when custom extensions in use. Don't clear extension state when cert is set. Clear on renegotiate.
|
#
6f017a8f |
| 15-Apr-2013 |
Adam Langley |
Support ALPN. This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. [1] https
Support ALPN. This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. [1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00 Conflicts: ssl/ssl3.h ssl/t1_lib.c
show more ...
|
#
5382adbf |
| 24-Jun-2013 |
Trevor |
Cosmetic touchups.
|
#
9cd50f73 |
| 14-Jun-2013 |
Trevor |
Cleanup of custom extension stuff. serverinfo rejects non-empty extensions. Omit extension if no relevant serverinfo data. Improve error-handling in serverinfo callback.
Cleanup of custom extension stuff. serverinfo rejects non-empty extensions. Omit extension if no relevant serverinfo data. Improve error-handling in serverinfo callback. Cosmetic cleanups. s_client documentation. s_server documentation. SSL_CTX_serverinfo documentation. Cleaup -1 and NULL callback handling for custom extensions, add tests. Cleanup ssl_rsa.c serverinfo code. Whitespace cleanup. Improve comments in ssl.h for serverinfo. Whitespace. Cosmetic cleanup. Reject non-zero-len serverinfo extensions. Whitespace. Make it build.
show more ...
|
#
a398f821 |
| 13-May-2013 |
Trevor |
Add support for arbitrary TLS extensions. Contributed by Trevor Perrin.
|
#
1e2d4cb0 |
| 04-Apr-2013 |
Dr. Stephen Henson |
Make TLS 1.2 ciphers work again. Since s->method does not reflect the final client version when a client hello is sent for SSLv23_client_method it can't be relied on to indicate if T
Make TLS 1.2 ciphers work again. Since s->method does not reflect the final client version when a client hello is sent for SSLv23_client_method it can't be relied on to indicate if TLS 1.2 ciphers should be used. So use the client version instead.
show more ...
|
#
4221c0dd |
| 27-Mar-2013 |
Dr. Stephen Henson |
Enable TLS 1.2 ciphers in DTLS 1.2. Port TLS 1.2 GCM code to DTLS. Enable use of TLS 1.2 only ciphers when in DTLS 1.2 mode too.
|
#
874a18cf |
| 19-Mar-2013 |
Dr. Stephen Henson |
Enable various DTLS extensions. Some TLS extensions were disabled for DTLS. Possibly because they caused problems with the old duplicated code. Enable them again.
|
#
cbd64894 |
| 13-Mar-2013 |
Dr. Stephen Henson |
Use enc_flags when deciding protocol variations. Use the enc_flags field to determine whether we should use explicit IV, signature algorithms or SHA256 default PRF instead of hard coding
Use enc_flags when deciding protocol variations. Use the enc_flags field to determine whether we should use explicit IV, signature algorithms or SHA256 default PRF instead of hard coding which versions support each requirement.
show more ...
|
#
173e72e6 |
| 11-Mar-2013 |
Dr. Stephen Henson |
DTLS revision. Revise DTLS code. There was a *lot* of code duplication in the DTLS code that generates records. This makes it harder to maintain and sometimes a TLS update is omitted
DTLS revision. Revise DTLS code. There was a *lot* of code duplication in the DTLS code that generates records. This makes it harder to maintain and sometimes a TLS update is omitted by accident from the DTLS code. Specifically almost all of the record generation functions have code like this: some_pointer = buffer + HANDSHAKE_HEADER_LENGTH; ... Record creation stuff ... set_handshake_header(ssl, SSL_MT_SOMETHING, message_len); ... write_handshake_message(ssl); Where the "Record creation stuff" is identical between SSL/TLS and DTLS or in some cases has very minor differences. By adding a few fields to SSL3_ENC to include the header length, some flags and function pointers for handshake header setting and handshake writing the code can cope with both cases. Note: although this passes "make test" and some simple DTLS tests there may be some minor differences in the DTLS code that have to be accounted for.
show more ...
|
Revision tags: OpenSSL_1_0_1e, OpenSSL_0_9_8y, OpenSSL_1_0_0k, OpenSSL_1_0_1d |
|
#
7c770d57 |
| 28-Jan-2013 |
Ben Laurie |
Add and use a constant-time memcmp. This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes sev
Add and use a constant-time memcmp. This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98)
show more ...
|
#
c38b76bf |
| 24-Jan-2013 |
Dr. Stephen Henson |
Fix warning: lenmax isn't used any more.
|