#
972ee925 |
| 16-Apr-2024 |
Tim Perry |
Use empty renegotiate extension instead of SCSV for TLS > 1.0 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com
Use empty renegotiate extension instead of SCSV for TLS > 1.0 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24161)
show more ...
|
#
b8590b2f |
| 21-Nov-2023 |
Markus Minichmayr |
Add option `SSL_OP_PREFER_NO_DHE_KEX`, allowing the server to prefer non-dhe psk key exchange over psk with dhe (config file option `PreferNoDHEKEX`, server option `prefer_no_dhe_kex`). Revi
Add option `SSL_OP_PREFER_NO_DHE_KEX`, allowing the server to prefer non-dhe psk key exchange over psk with dhe (config file option `PreferNoDHEKEX`, server option `prefer_no_dhe_kex`). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22794)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
4032cd9a |
| 17-Apr-2023 |
Yi Li |
configure: introduce no-ecx to remove ECX related feature This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi
configure: introduce no-ecx to remove ECX related feature This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20781)
show more ...
|
#
b67cb09f |
| 09-Aug-2021 |
Todd Short |
Add support for compressed certificates (RFC8879) * Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive)
Add support for compressed certificates (RFC8879) * Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
39ed0745 |
| 24-May-2020 |
Bernd Edlinger |
Remove OPENSSL_ia32cap overrides in various test scripts The removed override was: OPENSSL_ia32cap=~0x200000200000000 which disables AESNI codepaths and PCLMULQDQ (useful for ghash).
Remove OPENSSL_ia32cap overrides in various test scripts The removed override was: OPENSSL_ia32cap=~0x200000200000000 which disables AESNI codepaths and PCLMULQDQ (useful for ghash). It is unclear why this was done, but it probably just hides bugs. [extended tests] Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16693)
show more ...
|
#
80c25611 |
| 30-Mar-2021 |
Benjamin Kaduk |
Update expected results for tls13kexmodes tests One of the scenarios constructed in these tests was erroneously producing successful handshakes until the previous commits, but should
Update expected results for tls13kexmodes tests One of the scenarios constructed in these tests was erroneously producing successful handshakes until the previous commits, but should have been failing. Update our expected behavior to match the specification requirements, and adjust the commentary slightly for a test case relevant for the other preceding commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14749)
show more ...
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
#
a763ca11 |
| 14-Jan-2021 |
Matt Caswell |
Stop disabling TLSv1.3 if ec and dh are disabled Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provid
Stop disabling TLSv1.3 if ec and dh are disabled Even if EC and DH are disabled then we may still be able to use TLSv1.3 if we have groups that have been plugged in by an external provider. Fixes #13767 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
Revision tags: openssl-3.0.0-alpha2 |
|
#
6ed34b3e |
| 30-Apr-2020 |
Matt Caswell |
Centralise Environment Variables for the tests The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidental
Centralise Environment Variables for the tests The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidentally use this or other enviroment variables from the user's environment we automatically set them centrally for all tests. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11691)
show more ...
|
Revision tags: openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
433deaff |
| 25-Feb-2020 |
Rich Salz |
Use .cnf for config files, not .conf The default is openssl.cnf The project seems to prefer xxx.conf these days, but we should use the default convention. Rename all foo.conf (
Use .cnf for config files, not .conf The default is openssl.cnf The project seems to prefer xxx.conf these days, but we should use the default convention. Rename all foo.conf (except for Configurations) to foo.cnf Fixes #11174 Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11176)
show more ...
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
dc5bcb88 |
| 05-Sep-2019 |
Matt Caswell |
Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. R
Teach TLSProxy how to parse CertificateRequest messages We also use this in test_tls13messages to check that the extensions we expect to see in a CertificateRequest are there. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9780)
show more ...
|
#
dbc6268f |
| 13-Jun-2019 |
Matt Caswell |
Allow TLSv1.3 in a no-ec build Now that we have TLSv1.3 FFDHE support there is no reason why we should not allow TLSv1.3 to be used in a no-ec build. This commit enables that to happ
Allow TLSv1.3 in a no-ec build Now that we have TLSv1.3 FFDHE support there is no reason why we should not allow TLSv1.3 to be used in a no-ec build. This commit enables that to happen. It also fixes no-ec which was previously broken. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9156)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
909f1a2e |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in test/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7767)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1 |
|
#
6738bf14 |
| 13-Feb-2018 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org>
|
#
c5856878 |
| 17-Jan-2018 |
Richard Levitte |
Enable TLSProxy tests on Windows Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5094)
|
Revision tags: OpenSSL_1_0_2n |
|
#
426dfc9f |
| 05-Dec-2017 |
Matt Caswell |
Send supported_versions in an HRR Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
|
#
597c51bc |
| 05-Dec-2017 |
Matt Caswell |
Merge HRR into ServerHello Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
|
#
88050dd1 |
| 03-Nov-2017 |
Matt Caswell |
Update ServerHello to new draft-22 format The new ServerHello format is essentially now the same as the old TLSv1.2 one, but it must additionally include supported_versions. The version
Update ServerHello to new draft-22 format The new ServerHello format is essentially now the same as the old TLSv1.2 one, but it must additionally include supported_versions. The version field is fixed at TLSv1.2, and the version negotiation happens solely via supported_versions. Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4701)
show more ...
|
#
46f4e1be |
| 12-Nov-2017 |
Josh Soref |
Many spelling fixes/typo's corrected. Around 138 distinct errors found and fixed; thanks! Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org>
Many spelling fixes/typo's corrected. Around 138 distinct errors found and fixed; thanks! Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3459)
show more ...
|
Revision tags: OpenSSL_1_0_2m, OpenSSL_1_1_0g |
|
#
a2b97bdf |
| 13-Oct-2017 |
Matt Caswell |
Don't do version neg on an HRR Previously if a client received an HRR then we would do version negotiation immediately - because we know we are going to get TLSv1.3. However this cau
Don't do version neg on an HRR Previously if a client received an HRR then we would do version negotiation immediately - because we know we are going to get TLSv1.3. However this causes a problem when we emit the 2nd ClientHello because we start changing a whole load of stuff to ommit things that aren't relevant for < TLSv1.3. The spec requires that the 2nd ClientHello is the same except for changes required from the HRR. Therefore the simplest thing to do is to defer the version negotiation until we receive the ServerHello. Fixes #4292 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/4527)
show more ...
|
#
db919b1e |
| 01-Aug-2017 |
Matt Caswell |
Update the tests for SNI changes If there is no SNI in the session then s_client no longer sends the SNI extension. Update the tests to take account of that Reviewed-by: Ben Kad
Update the tests for SNI changes If there is no SNI in the session then s_client no longer sends the SNI extension. Update the tests to take account of that Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/3926)
show more ...
|
#
e3c0d76b |
| 30-Jun-2017 |
Matt Caswell |
Do not allow non-dhe kex_modes by default Allow that mode to be configured if desired. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl
Do not allow non-dhe kex_modes by default Allow that mode to be configured if desired. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3833)
show more ...
|
Revision tags: OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16 |
|
#
d7345822 |
| 03-Mar-2017 |
Bernd Edlinger |
Reset executable bits on files where not needed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/opens
Reset executable bits on files where not needed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2835)
show more ...
|