aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/dtls_record.erl
AgeCommit message (Collapse)Author
2019-02-13Remove redundant return of CipherStateRaimo Niskanen
2019-02-05ssl: Use specs to generate type documentationIngela Anderton Andin
2018-10-19ssl: Refactor AEAD ciphersIngela Anderton Andin
TLS-1.3 needs to handle AEAD inputs diffrently than previous versions. Refactor code to facilitate TLS-1.3 additions. Change CHACHA20_POLY1305 NONCE to match RFC 7905. This will be important later when we fix interop with TLS compatible crypto invocation.
2018-06-18Update copyright yearHenrik Nord
2018-03-09ssl: Remove interoperability option v2_hello_compatibleIngela Anderton Andin
2018-01-23ssl: Add record version sanity checkIngela Anderton Andin
2017-11-16ssl: Align code of TLS/DTLS record handlingIngela Anderton Andin
2017-09-30dtls: Compleate DTLS renegotiate implementationIngela Anderton Andin
2017-05-16dtls: Implement replay protectionIngela Anderton Andin
See RFC 6347 section 3.3
2017-05-04Update copyright yearRaimo Niskanen
2017-04-26ssl: Correct DTLS mac handlingIngela Anderton Andin
2017-04-21ssl: TLS-1.2 clients will now always send hello messages on its own format.Ingela Anderton Andin
Note this is a change form how it works for earlier versions that will send the first hello message on the lowest supported version. From RFC 5246 Appendix E. Backward Compatibility E.1. Compatibility with TLS 1.0/1.1 and SSL 3.0 Since there are various versions of TLS (1.0, 1.1, 1.2, and any future versions) and SSL (2.0 and 3.0), means are needed to negotiate the specific protocol version to use. The TLS protocol provides a built-in mechanism for version negotiation so as not to bother other protocol components with the complexities of version selection. TLS versions 1.0, 1.1, and 1.2, and SSL 3.0 are very similar, and use compatible ClientHello messages; thus, supporting all of them is relatively easy. Similarly, servers can easily handle clients trying to use future versions of TLS as long as the ClientHello format remains compatible, and the client supports the highest protocol version available in the server. A TLS 1.2 client who wishes to negotiate with such older servers will send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in ClientHello.client_version. If the server does not support this version, it will respond with a ServerHello containing an older version number. If the client agrees to use this version, the negotiation will proceed as appropriate for the negotiated protocol. If the version chosen by the server is not supported by the client (or not acceptable), the client MUST send a "protocol_version" alert message and close the connection. If a TLS server receives a ClientHello containing a version number greater than the highest version supported by the server, it MUST reply according to the highest version supported by the server. A TLS server can also receive a ClientHello containing a version number smaller than the highest supported version. If the server wishes to negotiate with old clients, it will proceed as appropriate for the highest version supported by the server that is not greater than ClientHello.client_version. For example, if the server supports TLS 1.0, 1.1, and 1.2, and client_version is TLS 1.0, the server will proceed with a TLS 1.0 ServerHello. If server supports (or is willing to use) only versions greater than client_version, it MUST send a "protocol_version" alert message and close the connection. Whenever a client already knows the highest protocol version known to a server (for example, when resuming a session), it SHOULD initiate the connection in that native protocol. Note: some server implementations are known to implement version negotiation incorrectly. For example, there are buggy TLS 1.0 servers that simply close the connection when the client offers a version newer than TLS 1.0. Also, it is known that some servers will refuse the connection if any TLS extensions are included in ClientHello. Interoperability with such buggy servers is a complex topic beyond the scope of this document, and may require multiple connection attempts by the client. Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed). Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello. TLS clients that wish to negotiate with older servers MAY send any value {03,XX} as the record layer version number. Typical values would be {03,00}, the lowest version number supported by the client, and the value of ClientHello.client_version. No single value will guarantee interoperability with all old servers, but this is a complex topic beyond the scope of this document.
2017-04-13ssl, dtls: Refactor so that DTLS records are handled correctly together with ↵Ingela Anderton Andin
AEAD handling
2017-04-13ssl, dtls: Correct integer type for sequence numberIngela Anderton Andin
2017-02-14Fixed typos in lib/sslAndrew Dryga
2016-12-07Update copyright-yearErlang/OTP
2016-12-05ssl: Implement DTLS state machineIngela Anderton Andin
Beta DTLS, not production ready. Only very basically tested, and not everything in the SPEC is implemented and some things are hard coded that should not be, so this implementation can not be consider secure. Refactor "TLS connection state" and socket handling, to facilitate DTLS implementation. Create dtls "listner" (multiplexor) process that spawns DTLS connection process handlers. Handle DTLS fragmentation. Framework for handling retransmissions. Replay Detection is not implemented yet. Alerts currently always handled as in TLS.
2016-09-05ssl: Refactor to use maps for the connection statesIngela Anderton Andin
2016-06-13dtls: sync dtls_record DTLS version and crypto handling with TLSAndreas Schultz
2016-06-13dtls: rework handshake flight encodeingAndreas Schultz
The MSS might change between sending the a flight and possible resend. We therefore have to be able to fragment the records differently for resent. Encoding and fragmenting of handshake record therefor needs to be done independently. With this change the handshake is encoded to it's full length first, then queued to a flight. The fragmentation is handled during assembly of the flights datagram. Conflicts: lib/ssl/src/dtls_connection.erl
2016-05-03ssl: Adapt DTLS to gen_statemIngela Anderton Andin
DTLS is not in working mode yet, but the gen_statem rewrite should make completion easier.
2015-06-18Change license text to APLv2Bruce Yinhe
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option
2014-09-03ssl: implement AES128-GCM suitesAndreas Schultz
2014-03-25ssl: Avoid dialyzer warnings in dtls codeIngela Anderton Andin
Even if DTLS is not finished, e.i. not runnable yet we want to phase in the code together with refactoring of TLS code, but without introducing warnings in the release.
2014-03-25ssl: Refactor and start implementing dtls_connection.erlIngela Anderton Andin
2013-12-02ssl, public_key: Dialyzer fixesIngela Anderton Andin
2013-12-02ssl: Refactor handshake and record handlingIngela Anderton Andin
2013-09-10ssl: Refactor TLS/DTLS record handlingIngela Anderton Andin
2013-09-10ssl: DTLS record handlingIngela Anderton Andin
Also refactor so that TLS and DTLS can have common functions when possible.
2013-09-10ssl: Add DTLS record primitivesAndreas Schultz
This code is to 99 % written by Andreas Schultz only some small changes to start integrating with OTPs DTLS solution.
2013-06-04ssl: Structural perarparation to support DTLSIngela Anderton Andin
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl