| Age | Commit message (Collapse) | Author |
|---|
|
The types named_curve/0 consist of many
options and may also change with time. Since they are not
exported, users must either repeat and maintain their specs,
or use a general type like any() if they want to refer
to them.
|
|
|
|
|
|
Do not document http_packet() in ssl but refer to description of
erlang:decode_packet/3.
Change-Id: Ib2d0e4fc9605e40fe98bb249bc17fc39046d137a
Conflicts:
lib/ssl/src/ssl.erl
|
|
Change-Id: I7987e80cca7af184a9f40cdcd8ea8f07c318ba0d
|
|
Remove support of version tuples (e.g. {3,3}) from API function
ssl:eccs/1.
Update function spec and documentation.
Change-Id: I891e42a2ca31c3e06b4edeeb866c0df874f2035b
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
Changed function specs and ssl.xml for generation of documentation
according to the new way.
Change-Id: I17b59b80f9072c3d2c20aea1b102f1e9c86987a0
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
|
|
* essen/ssl-active-n:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl.erl
|
|
* essen:erlang/otp:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
* ingela/ssl/doc-enhancements:
ssl: Enhance documentation after "use-spec-rewrite"
|
|
|
|
* raimo/ssl/tls-optimization/OTP-15529:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
|
|
|
|
|
|
|
|
|
|
|
|
We want to be able to save a specific session to reuse, and make sure
it is reusable immediatly when the connection has been established.
Add client option {reuse_session, SessionID::binary()}
We also do not want clients to save sessions that it did not verify.
Additionaly change behaviour of the client and server to not save sessions
if reuse_session is set to false.
|
|
If the socket option is set to {packet, 1|2|3|4} sender process needs to
add a packet length header. If packet is changed with ssl:setopts/2 this needs
to be communicated to tls_sender.
|
|
Separate sending and receiving when using TCP as transport
as prim_inet:send may block which in turn may result
in a deadlock between two Erlang processes communicating over
TLS, this is especially likely to happen when running Erlang distribution
over TLS.
|
|
The conversion code for different representations of cipher suites
is long an repetitive. We want to hide it in a module that does not
have other functions that we like to look at.
|
|
|
|
* ingela/ssl/21-enhanchment:
ssl: Add handle_continue/2 and document enhancements
|
|
* deprecation of ssl:ssl_accept/[1,2,3]
* deprecation of ssl:cipher_suites/[0,1]
* More consistent naming
|
|
* peterdmv/ssl/suite_to_str/ERL-600/OTP-15106:
ssl: Add new API function suite_to_str/1
Change-Id: Icf214ece4e1d281da12b02dadc63d4a2ca346563
|
|
Add new API function for converting cipher suite maps
to their textual representation.
Change-Id: I43681930b38e0f3bdb4dfccbf9e8895aa2d6a281
|
|
|
|
We want to prepare the code for more advanced DTLS usage and possibility
to run over SCTP. First assumption was that the demultiplexer process
"dtls listener" was needed for UDP only and SCTP could be made more TLS
like. However the assumption seems not to hold. This commit prepares
for customization possibilities.
|
|
|
|
|
|
|
|
When test handling was corrected it was obvious that DTLS ECC handling
was not compleated.
|
|
|
|
The interoperability option to fallback to insecure renegotiation
now has to be explicitly turned on.
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher.erl
lib/ssl/test/ssl_basic_SUITE.erl
lib/ssl/test/ssl_test_lib.erl
|
|
Preferably customized cipher suites will be based on the default value.
But all may be used as base and hence it will be good to
handle anonymous suites separately as they are intended for testing purposes.
|
|
Authenticated encryption (AE) and authenticated encryption with
associated data (AEAD, variant of AE) is a form of encryption which
simultaneously provides confidentiality, integrity, and authenticity
assurances on the data.
This is more logical value then null that was used, this happened to
work as the AEAD property was derived form other data, but it is confusing!
|
|
|
|
|
|
* ingela/ssl/cipher-suites/OTP-14749:
ssl: Use maps for cipher suites internally
|
|
This is a preparation for improvements to come in option handling and
support for TLS-1.3
|
|
|
|
|
|
* ingela/dtls/no-packet-upd/OTP-14664:
ssl: No support for packet option over unreliable transport
|
|
* ingela/ssl/extend-hostname-check/OTP-14632/OTP-14655:
ssl: Fix test cases to work on all test platforms
public_key: Fix dialyzer spec
ssl: Sessions must be registered with SNI if exists
ssl: Extend hostname check to fallback to checking IP-address
public_key, ssl: Handles keys so that APIs are preserved correctly
|
|
|
|
If no SNI is available and the hostname is an IP-address also check
for IP-address match. This check is not as good as a DNS hostname check
and certificates using IP-address are not recommended.
|
|
The functions are not performance critical. Will be used
when errors occurs, CRL data base is managed or legacy OpenSSL names
are used for ciphers.
|
