Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-01-23 | ssl: Remove sslv3 from the default supported protocol versions | Ingela Anderton Andin | |
2015-01-23 | ssl: Reenable padding check for TLS-1.0 and provide backwards compatible | Ingela Anderton Andin | |
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl | |||
2014-10-06 | Merge branch 'maint' | Ingela Anderton Andin | |
2014-10-03 | ssl: Fix link error in documentation | Ingela Anderton Andin | |
2014-09-10 | Merge branch 'maint' | Ingela Anderton Andin | |
2014-09-09 | ssl, public_key: Add new option partial_chain | Ingela Anderton Andin | |
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors." | |||
2014-09-03 | ssl: implement AES128-GCM suites | Andreas Schultz | |
2014-03-31 | ssl: Add possibility to specify ssl options when calling ssl:ssl_accept | Ingela Anderton Andin | |
2014-03-03 | ssl: Improved documentation of the cacertfile option | Ingela Anderton Andin | |
2014-01-21 | Implement 'honor_cipher_order' SSL server-side option | Andrew Thompson | |
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz. | |||
2013-11-20 | Merge branch 'maint' | Hans Nilsson | |
2013-11-19 | ftp,ssl: Fixes broken type link (ssloption). | Hans Nilsson | |
2013-11-11 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-11-06 | Update documentation | Julien Barbot | |
2013-11-06 | Add a new server_name_indication option to ssl:connect | Julien Barbot | |
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS. | |||
2013-11-06 | Add SSL Server Name Indication (SNI) client support | Julien Barbot | |
See RFC 6066 section 3 | |||
2013-11-04 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-11-01 | Fix client_preferred_next_protocols documentation | Julien Barbot | |
2013-08-28 | Merge branch 'maint' | Fredrik Gustafsson | |
2013-08-27 | ssl: documentation regarding log_alert | Fredrik Gustafsson | |
2013-05-08 | Merge remote-tracking branch 'upstream/maint' | Ingela Anderton Andin | |
Conflicts: lib/crypto/doc/src/crypto_app.xml | |||
2013-05-08 | crypto: Deprecate functions, update doc and specs | Ingela Anderton Andin | |
2013-05-08 | SSL: add Elliptic Curve support for ssl app | Andreas Schultz | |
2013-04-19 | Convert XML files to UTF-8 | Hans Bolinder | |
2013-04-05 | ssl & crypto: Documentation enhancements | Ingela Anderton Andin | |
OTP-10450 | |||
2013-04-03 | ssl: Add option to list all available ciper suites and enhanced documentation | Ingela Anderton Andin | |
2013-03-28 | SSL: add documentation for PSK and SRP ciphers options | Andreas Schultz | |
2013-03-17 | Fix SSL Next Protocol Negotiation documentation | Julien Barbot | |
Fix inconsistencies Fix typos Fix data types definition | |||
2013-02-22 | ssl: Add missing option and links | Ingela Anderton Andin | |
2013-02-12 | ssl: Generalize cb_info option | Ingela Anderton Andin | |
2012-12-20 | ssl: Make TLS-1.2 default version | Ingela Anderton Andin | |
2012-09-20 | ssl: Changed default behaviour of next protocol negotiation to make | Ingela Anderton Andin | |
more "sense" (be true to the specification). | |||
2012-09-20 | ssl: Update SSL docs for SSL Next Protocol Support | Ben Murphy | |
2012-08-22 | ssl & public_key: Prepare for release | Ingela Anderton Andin | |
Tickets solved by this branch: OTP-8871, OTP-8872 and OTP-9908 | |||
2012-04-25 | Improved explanation of depth option | Ingela Anderton Andin | |
2012-03-30 | Update copyright years | Björn-Egil Dahlberg | |
2012-03-26 | Merge branch 'as/ssl-tls-prf-function' into maint | Gustav Simonsson | |
* as/ssl-tls-prf-function: Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS as transport layer need to generate additional application specific key material One way to generate such material is to use the TLS PRF and key material from the TLS session itself OTP-10024 | |||
2012-03-05 | Some protocols (e.g. EAP-PEAP, EAP-TLS, EAP-TTLS) that use TLS as | Andreas Schultz | |
transport layer need to generate additional application specific key material. One way to generate such material is to use the TLS PRF and key material from the TLS session itself. This change makes it possible to use a TLS sessions PRF either with the session internal or caller supplied key material to generate additional key material. | |||
2012-02-28 | Remove/add extra/missing white spaces | Ricardo Catalinas Jiménez | |
2011-11-01 | Added PKCS-8 support in ssl | Ingela Anderton Andin | |
2011-10-06 | Merge branch 'ia/ssl/remove-old-ssl/OTP-7048' | Ingela Anderton Andin | |
* ia/ssl/remove-old-ssl/OTP-7048: Remove old ssl implementation and deprecated function ssl:peercert/1 Conflicts: lib/ssl/test/Makefile | |||
2011-09-28 | Corrected documentation bug | Ingela Anderton Andin | |
2011-09-16 | Remove old ssl implementation and deprecated function ssl:peercert/1 | Ingela Anderton Andin | |
2011-08-08 | replace "a ssl" with "an ssl" | Christian von Roques | |
2011-08-08 | Trivial documentation fixes | Christian von Roques | |
2011-06-27 | Handle inet:getopts/2 and inet:setopts/2 crashes | Ingela Anderton Andin | |
2011-05-05 | Spec corrections | Ingela Anderton Andin | |
2011-04-29 | Changed iolist() to iodata() | Ingela Anderton Andin | |
ssl:send/2 takes iodata() as a second argument. erlang:iolist_to_binary should really be called erlang:iodata_to_binary which caused the mismatch in the first place. | |||
2011-04-21 | Fixed blunder in year tag | Ingela Anderton Andin | |
2011-04-20 | Added missing path validation error to documentation | Ingela Anderton Andin | |