aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl.erl
AgeCommit message (Collapse)Author
2019-05-07ssl: Fix dialyzer specIngela Anderton Andin
2019-05-07ssl: Add cipher suite convertion functionsIngela Anderton Andin
2019-04-24ssl: Refer documentation of HttpPacket from ertsPéter Dimitrov
Do not document http_packet() in ssl but refer to description of erlang:decode_packet/3. Change-Id: Ib2d0e4fc9605e40fe98bb249bc17fc39046d137a
2019-04-24ssl: Update type spec of ssl:suite_to_str/1Péter Dimitrov
Change-Id: I7987e80cca7af184a9f40cdcd8ea8f07c318ba0d
2019-04-24ssl: Update function ssl:eccs/1Péter Dimitrov
Remove support of version tuples (e.g. {3,3}) from API function ssl:eccs/1. Update function spec and documentation. Change-Id: I891e42a2ca31c3e06b4edeeb866c0df874f2035b
2019-04-23Merge branch 'peterdmv/ssl/doc-types-and-specs/OTP-15746'Péter Dimitrov
* peterdmv/ssl/doc-types-and-specs/OTP-15746: ssl: Add type specs for http_packet() ssl: Fix type specs of ssl_internal.hrl ssl: Fix type specs of internal handshake functions ssl: Fix dialyzer warnings eldap: Fix dialyzer warnings ssl: Fix missing anchor warning public_key: Accept digest types 'sha1' and 'sha' inet: Document type inet:stat_option() ssl: Changed function specs and ssl.xml ssl: Update standards_compliance.xml OTP-15775 OTP-15776 OTP-15777 Change-Id: Ibe8e8263d6557eaa40cc0681a7ce3fcb373a4120
2019-04-18ssl: Add type specs for http_packet()Péter Dimitrov
Change-Id: I07231ceab14d49c740967a0edfc9494328b96a62
2019-04-18ssl: Fix dialyzer warningsPéter Dimitrov
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0
2019-04-17ssl: Changed function specs and ssl.xmlKenneth Lundin
Changed function specs and ssl.xml for generation of documentation according to the new way. Change-Id: I17b59b80f9072c3d2c20aea1b102f1e9c86987a0
2019-04-12ssl: Add functions to convert between diffrent cipher suite formatsIngela Anderton Andin
2019-04-09ssl: Fix ssl:getstat/2Péter Dimitrov
Change-Id: I03d8bb7b45fc48b3d5b0232c4c3a286fb36aad5c
2019-04-09ssl: Implement {active,N} for DTLSPéter Dimitrov
Change-Id: I559624bedf3b9b9ed0316af5262f59bcad8de926
2019-03-29ssl: Add support AES_CCM cipher suites form RFC 6655Ingela Anderton Andin
2019-03-21ssl: Remove default support for legacy versionsIngela Anderton Andin
TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy
2019-03-19Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl.erl lib/ssl/src/tls_connection.erl
2019-03-14ssl: Improve ssl loggingPéter Dimitrov
Remove function ssl:set_log_level/1. Its functionality is already implemented by logger:set_application_level/2. Set log level for ssl modules to debug at application start. Former implementation required an extra call to logger:set_application_level/2 (beside setting ssl option {log_level, debug}) to enable debug logging. Change-Id: Id21be7fd58915e11124cc136bb92d8a7526b8a74
2019-03-11ssl: Fix transport transparancyIngela Anderton Andin
2019-03-04Merge branch 'maint'Raimo Niskanen
* maint: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N}
2019-03-04Merge branch 'essen/ssl-active-n' into maintRaimo Niskanen
* essen/ssl-active-n: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N} Conflicts: lib/ssl/src/ssl.erl
2019-02-22Merge branch ssl-active-n of essen:erlang/otp into essen/ssl-active-nRaimo Niskanen
* essen:erlang/otp: fixup! ssl: Add support for {active,N} ssl: Use common fonction to update {active,N} ssl: Document {active,N} ssl: Add support for {active,N} Conflicts: lib/ssl/src/ssl_connection.erl
2019-02-22Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl
2019-02-22Merge branch 'ingela/ssl/doc-enhancements' into maintIngela Anderton Andin
* ingela/ssl/doc-enhancements: ssl: Enhance documentation after "use-spec-rewrite"
2019-02-22ssl: Enhance documentation after "use-spec-rewrite"Ingela Anderton Andin
2019-02-21Merge branch 'maint'Raimo Niskanen
* maint: Inline local function Optimize binary matching Clean up module boundaries Remove redundant return of CipherState Use iovec() internally in send path Small binary handling optimizations Optimize read_application_data with Okasaki queue Try to optimize decode_cipher_text/3 Optimize application data aggregation Optimize TLS record parsing with Okasaki queue Cache strong_random_bytes for IV Optimize padding Produce less garbage in encrypt loop Reorganize #data{} Tidy up state machine Add server GC info to bench results Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/ssl_logger.erl lib/ssl/src/ssl_record.erl lib/ssl/src/ssl_record.hrl lib/ssl/src/tls_connection.erl lib/ssl/src/tls_record.erl lib/ssl/src/tls_sender.erl
2019-02-21Merge branch 'raimo/ssl/tls-optimization/OTP-15529' into maintRaimo Niskanen
* raimo/ssl/tls-optimization/OTP-15529: Inline local function Optimize binary matching Clean up module boundaries Remove redundant return of CipherState Use iovec() internally in send path Small binary handling optimizations Optimize read_application_data with Okasaki queue Try to optimize decode_cipher_text/3 Optimize application data aggregation Optimize TLS record parsing with Okasaki queue Cache strong_random_bytes for IV Optimize padding Produce less garbage in encrypt loop Reorganize #data{} Tidy up state machine Add server GC info to bench results
2019-02-21Merge branch 'ingela/ssl/fix-master-doc'Ingela Anderton Andin
2019-02-20ssl: Reintroduce documentation of signature_algs_cert and log_level optionIngela Anderton Andin
When changing the ssl application to use type specs in documentation master additions where lost in the merge as we did not want to rewrite the new documentation in a merge commit.
2019-02-19ssl: Document {active,N}Loïc Hoguin
2019-02-18ssl: Correct merge commit thanks to dialyzerIngela Anderton Andin
Also make a weaker spec in ssl_internal.hrl for now as it creates a conflict between error handling and dialyzer warnings.
2019-02-18Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/tls_connection.erl
2019-02-14ssl: Remove duplicate record_cb handlingIngela Anderton Andin
2019-02-13Use iovec() internally in send pathRaimo Niskanen
2019-02-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl lib/ssl/src/ssl_cipher_format.erl lib/ssl/src/tls_handshake.erl
2019-02-05ssl: Use specs to generate type documentationIngela Anderton Andin
2019-02-04ssl: Enhance error handlingIngela Anderton Andin
2019-01-15Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl.erl
2019-01-14ssl: Add value 'save' to reuse_sessions and reuse_session client optionIngela Anderton Andin
We want to be able to save a specific session to reuse, and make sure it is reusable immediatly when the connection has been established. Add client option {reuse_session, SessionID::binary()} We also do not want clients to save sessions that it did not verify. Additionaly change behaviour of the client and server to not save sessions if reuse_session is set to false.
2018-11-20ssl: Fix default values of "signature_algs"Péter Dimitrov
- Add function for special handling of default values of "signature_algs" in TLS 1.3. This change adds default values for "signature_algs" even for TLS 1.3 clients as they must send the "signature_algs" extension when a server authenticates itself via a certificate. - Use "signature schemes" as default instead of the old hash-signature algorithms tuple when using TLS 1.3. Change-Id: I296593b16610fd7a18a4ae3f3bac63c2fad06fbd
2018-11-16ssl: Change defaults for "supported_groups"Péter Dimitrov
Removed strongest Diffie-Hellman groups from defaults (ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192) in order to reduce the time spent with calculating the keys for the key_share extension. Change-Id: I1cc1914ea4c5093f694989b0153c1bd1c8840eef
2018-10-24ssl: Implement TLS 1.3 state machine skeletonPéter Dimitrov
Change-Id: I4b382a7907247cc2099951fdefa40f1511b1123e
2018-10-16Merge pull request #1970 from peterdmv/ssl/signature_algorithms/OTP-15248Péter Dimitrov
Implement Signature Algorithms (TLS 1.3)
2018-10-15ssl: Update default for option signature_algs_certPéter Dimitrov
The option 'signature_algs_cert' is not set by default. Change-Id: Ib87cedc5e48b3ac7a36a30bc7caa08d3193f12fa
2018-10-15ssl: Filter "signature_algs_cert" from socket optionsPéter Dimitrov
Change-Id: Ifb933d1bad647b941b7324c0712a7bc20ae74efa
2018-10-11Merge branch 'maint'Ingela Anderton Andin
2018-10-10ssl: TLS sender process needs to get updates of the socket option packetIngela Anderton Andin
If the socket option is set to {packet, 1|2|3|4} sender process needs to add a packet length header. If packet is changed with ssl:setopts/2 this needs to be communicated to tls_sender.
2018-09-06ssl: Use 'HighestVersion' instead of extra function callPéter Dimitrov
Change-Id: I7521cd4e83f881d3caeae8faf2dd8108db15aa7e
2018-09-06ssl: Add new extension with encode/decode functionsPéter Dimitrov
Change-Id: I8a5c11b3503b44cfc6cbd6e4fd8ff3005a8669dd
2018-09-05ssl: Format code in handle optionsPéter Dimitrov
Change-Id: I997fa8808eaf48aad24a7097b82571be9f0ee252
2018-09-04ssl: Initial cipher suites adoption for TLS-1.3Ingela Anderton Andin
This commit filters out cipher suites not to be used in TLS-1.3 We still need to add new cipher suites for TLS-1.3 and possible add new information to the suite data structure.
2018-08-30Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl lib/ssl/src/tls_connection.erl