| #
0977eac5 |
| 17-Apr-2024 |
Tomas Mraz |
Adjust tests that were depending on X25519 and X448 in fips
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/o
Adjust tests that were depending on X25519 and X448 in fips
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24099)
show more ...
|
| #
c9ee6e36 |
| 30-Sep-2022 |
Matt Caswell |
Reimplement brainpool TLSv1.3 support group support
Create new TLS_GROUP_ENTRY values for these groups.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavski
Reimplement brainpool TLSv1.3 support group support
Create new TLS_GROUP_ENTRY values for these groups.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/19315)
show more ...
|
| #
7bf2e4d7 |
| 04-May-2022 |
Pauli |
tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above
This is in line with the NEWS entry (erroneously) announcing such for 3.0.
Fixes #18194
Reviewed-by:
tls: ban SSL3, TLS1, TLS1.1 and DTLS1.0 at security level one and above
This is in line with the NEWS entry (erroneously) announcing such for 3.0.
Fixes #18194
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
| #
0a10825a |
| 24-Oct-2018 |
Bernd Edlinger |
Enable brainpool curves for TLS1.3
See the recently assigned brainpool code points at:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Reviewed-by: Paul Dal
Enable brainpool curves for TLS1.3
See the recently assigned brainpool code points at:
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7485)
show more ...
|
| #
9afc6c54 |
| 04-Mar-2021 |
Matt Caswell |
Fix the check for suitable groups and TLSv1.3
If we have TLSv1.3 enabled then we must have at least one TLSv1.3 capable
group available. This check was not always working
Review
Fix the check for suitable groups and TLSv1.3
If we have TLSv1.3 enabled then we must have at least one TLSv1.3 capable
group available. This check was not always working
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14430)
show more ...
|
| #
5e2f580d |
| 26-Feb-2021 |
Tomas Mraz |
test_ssl_new: X448, X25519, and EdDSA are supported with fips
Removed the related TODOs.
Also adjusted the DH parameters used for the DH test to be acceptable
for FIPS as that n
test_ssl_new: X448, X25519, and EdDSA are supported with fips
Removed the related TODOs.
Also adjusted the DH parameters used for the DH test to be acceptable
for FIPS as that now allows only known safe prime parameters.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
show more ...
|
| #
0645110e |
| 29-Aug-2020 |
Shane Lontis |
Add fips checks for ecdsa signatures
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
|
| #
aba03ae5 |
| 02-Jan-2020 |
Kurt Roeckx |
Reduce the security bits for MD5 and SHA1 based signatures in TLS
This has as effect that SHA1 and MD5+SHA1 are no longer supported at
security level 1, and that TLS < 1.2 is no longer s
Reduce the security bits for MD5 and SHA1 based signatures in TLS
This has as effect that SHA1 and MD5+SHA1 are no longer supported at
security level 1, and that TLS < 1.2 is no longer supported at the
default security level of 1, and that you need to set the security
level to 0 to use TLS < 1.2.
Reviewed-by: Tim Hudson <tjh@openssl.org>
GH: #10787
show more ...
|
| #
9d2d857f |
| 18-May-2020 |
Matt Caswell |
Modify libssl to discover supported groups based on available providers
Now that we have added the TLS-GROUP capability to the default provider
we can use that to discover the supported
Modify libssl to discover supported groups based on available providers
Now that we have added the TLS-GROUP capability to the default provider
we can use that to discover the supported group list based on the loaded
providers.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
| #
f63f3b72 |
| 08-May-2020 |
Richard Levitte |
test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests
There were a few RSA-PSS related tests that were disabled for non-default
library contexts. We now re-enable them.
test/ssl-tests/20-cert-select.cnf.in: Re-enable RSA-PSS related tests
There were a few RSA-PSS related tests that were disabled for non-default
library contexts. We now re-enable them.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
show more ...
|
| #
682bc861 |
| 07-Apr-2020 |
Matt Caswell |
Teach ssl_test_new how to test the FIPS module
We load the FIPS module and make sure it is configured before running
the ssl_test_new tests.
Reviewed-by: Shane Lontis <shane.lon
Teach ssl_test_new how to test the FIPS module
We load the FIPS module and make sure it is configured before running
the ssl_test_new tests.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11511)
show more ...
|
| #
ab5a02f7 |
| 07-Apr-2020 |
Matt Caswell |
Teach ssl_test_new to have different tests for different loaded providers
We now run the tests twice: Once with no specific providers loaded and
just using the default libctx, and a seco
Teach ssl_test_new to have different tests for different loaded providers
We now run the tests twice: Once with no specific providers loaded and
just using the default libctx, and a second time with a non-default libctx
and the default provider.
In the second run we disable tests which use a PSS cert/key because we
don't yet have support for that.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11511)
show more ...
|
| #
433deaff |
| 25-Feb-2020 |
Rich Salz |
Use .cnf for config files, not .conf
The default is openssl.cnf The project seems to prefer xxx.conf these
days, but we should use the default convention.
Rename all foo.conf (
Use .cnf for config files, not .conf
The default is openssl.cnf The project seems to prefer xxx.conf these
days, but we should use the default convention.
Rename all foo.conf (except for Configurations) to foo.cnf
Fixes #11174
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11176)
show more ...
|
