otp.git/lib/ssl/src, branch OTP-19.2.3.1

Update copyright-year

2016-12-07T12:15:31+00:00

ssl: Implement DTLS state machine

2016-12-05T09:59:51+00:00

Beta DTLS, not production ready. Only very basically tested, and
not everything in the SPEC is implemented and some things
are hard coded that should not be, so this implementation can not be consider
secure.

Refactor "TLS connection state" and socket handling, to facilitate
DTLS implementation.

Create dtls "listner" (multiplexor) process that spawns
DTLS connection process handlers.

Handle DTLS fragmentation.

Framework for handling retransmissions.

Replay Detection is not implemented yet.

Alerts currently always handled as in TLS.

Add ECC curve selection order config in TLS server

2016-11-02T14:47:28+00:00

As per RFC 4492 Sec 5.1, the preferred order of selection of named
curves is based on client preferences.

Currently, the SSL application only picks entries according to the
absolute order of entries as tracked in a hardcoded list in code.

This patch changes things so that the client-specified order is
preferred. It also allows a mode where the server can be configured to
override the client's preferred order with its own, although the chosen
ECC must still be within both lists.

The configuration is done through the following options:

- `eccs`, shared by clients and servers alike, allows the specification
  of the supported named curves, in their preferred order, and may
  eventually support more values for explicit primes and so on.
- `honor_ecc_order`, a server-only option, is similar to
  `honor_cipher_order` and will, by default let the server pick the
  client-preferred ECC, and otherwise pick the server-preferred one.

The default value for `eccs` is the same as before, although the
server-chosen ECC now defaults to the client rather than previous
choice.

A function `ssl:eccs()` has been added that returns the highest
supported ECCs for the library.

Properly filter ssl cipher suites reported as supported

2016-10-10T09:31:48+00:00

Adapted from commit 675ee6860d2c273bcc6c6a0536634a107e2a3d9f.

Conflicts:
	lib/ssl/src/ssl_cipher.erl

Merge branch 'ingela/ssl/cipher-type-spec' into maint

2016-10-07T08:15:13+00:00

* ingela/ssl/cipher-type-spec:
  ssl: Adjust cipher type to conform to implementation

ssl: Adjust cipher type to conform to implementation

2016-10-05T07:09:09+00:00

Merge branch 'RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896' into maint

2016-10-04T13:22:00+00:00

* RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896:
  disable RC4 in SSL when crypto doesn't support it
  Fix compilation when OpenSSL doesn't support RC4

Conflicts:
	lib/crypto/c_src/crypto.c

ssl: Correct anonymous suite handling

2016-09-30T13:16:15+00:00

Test suite did not take TLS-version in to account. Also
some anonymous suites where included incorrectly in some TLS versions.

Merge branch 'ingela/ssl/ECC-selection-fix/OTP-13918' into maint-19

2016-09-28T08:21:06+00:00

* ingela/ssl/ECC-selection-fix/OTP-13918:
  ssl: Correct ECC curve selection, the error could cause default to always be selected.

ssl: Correct ECC curve selection, the error could cause default to always be selected.

2016-09-28T08:05:57+00:00