Age | Commit message (Collapse) | Author |
|
|
|
|
|
Do not document http_packet() in ssl but refer to description of
erlang:decode_packet/3.
Change-Id: Ib2d0e4fc9605e40fe98bb249bc17fc39046d137a
|
|
Change-Id: I7987e80cca7af184a9f40cdcd8ea8f07c318ba0d
|
|
Remove support of version tuples (e.g. {3,3}) from API function
ssl:eccs/1.
Update function spec and documentation.
Change-Id: I891e42a2ca31c3e06b4edeeb866c0df874f2035b
|
|
* peterdmv/ssl/doc-types-and-specs/OTP-15746:
ssl: Add type specs for http_packet()
ssl: Fix type specs of ssl_internal.hrl
ssl: Fix type specs of internal handshake functions
ssl: Fix dialyzer warnings
eldap: Fix dialyzer warnings
ssl: Fix missing anchor warning
public_key: Accept digest types 'sha1' and 'sha'
inet: Document type inet:stat_option()
ssl: Changed function specs and ssl.xml
ssl: Update standards_compliance.xml
OTP-15775
OTP-15776
OTP-15777
Change-Id: Ibe8e8263d6557eaa40cc0681a7ce3fcb373a4120
|
|
Change-Id: I07231ceab14d49c740967a0edfc9494328b96a62
|
|
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0
|
|
Changed function specs and ssl.xml for generation of documentation
according to the new way.
Change-Id: I17b59b80f9072c3d2c20aea1b102f1e9c86987a0
|
|
|
|
Change-Id: I03d8bb7b45fc48b3d5b0232c4c3a286fb36aad5c
|
|
Change-Id: I559624bedf3b9b9ed0316af5262f59bcad8de926
|
|
|
|
TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy
|
|
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/src/tls_connection.erl
|
|
Remove function ssl:set_log_level/1. Its functionality is already
implemented by logger:set_application_level/2.
Set log level for ssl modules to debug at application start.
Former implementation required an extra call to
logger:set_application_level/2 (beside setting ssl option
{log_level, debug}) to enable debug logging.
Change-Id: Id21be7fd58915e11124cc136bb92d8a7526b8a74
|
|
|
|
* maint:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
|
|
* essen/ssl-active-n:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl.erl
|
|
* essen:erlang/otp:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
* ingela/ssl/doc-enhancements:
ssl: Enhance documentation after "use-spec-rewrite"
|
|
|
|
* maint:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/ssl_logger.erl
lib/ssl/src/ssl_record.erl
lib/ssl/src/ssl_record.hrl
lib/ssl/src/tls_connection.erl
lib/ssl/src/tls_record.erl
lib/ssl/src/tls_sender.erl
|
|
* raimo/ssl/tls-optimization/OTP-15529:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
|
|
|
|
When changing the ssl application to use type specs in documentation
master additions where lost in the merge as we did not want to
rewrite the new documentation in a merge commit.
|
|
|
|
Also make a weaker spec in ssl_internal.hrl for now as it creates
a conflict between error handling and dialyzer warnings.
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/tls_connection.erl
|
|
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher_format.erl
lib/ssl/src/tls_handshake.erl
|
|
|
|
|
|
Conflicts:
lib/ssl/src/ssl.erl
|
|
We want to be able to save a specific session to reuse, and make sure
it is reusable immediatly when the connection has been established.
Add client option {reuse_session, SessionID::binary()}
We also do not want clients to save sessions that it did not verify.
Additionaly change behaviour of the client and server to not save sessions
if reuse_session is set to false.
|
|
- Add function for special handling of default values of
"signature_algs" in TLS 1.3.
This change adds default values for "signature_algs" even for
TLS 1.3 clients as they must send the "signature_algs" extension
when a server authenticates itself via a certificate.
- Use "signature schemes" as default instead of the old
hash-signature algorithms tuple when using TLS 1.3.
Change-Id: I296593b16610fd7a18a4ae3f3bac63c2fad06fbd
|
|
Removed strongest Diffie-Hellman groups from defaults (ffdhe3072,
ffdhe4096, ffdhe6144, ffdhe8192) in order to reduce the time spent
with calculating the keys for the key_share extension.
Change-Id: I1cc1914ea4c5093f694989b0153c1bd1c8840eef
|
|
Change-Id: I4b382a7907247cc2099951fdefa40f1511b1123e
|
|
Implement Signature Algorithms (TLS 1.3)
|
|
The option 'signature_algs_cert' is not set by default.
Change-Id: Ib87cedc5e48b3ac7a36a30bc7caa08d3193f12fa
|
|
Change-Id: Ifb933d1bad647b941b7324c0712a7bc20ae74efa
|
|
|
|
If the socket option is set to {packet, 1|2|3|4} sender process needs to
add a packet length header. If packet is changed with ssl:setopts/2 this needs
to be communicated to tls_sender.
|
|
Change-Id: I7521cd4e83f881d3caeae8faf2dd8108db15aa7e
|
|
Change-Id: I8a5c11b3503b44cfc6cbd6e4fd8ff3005a8669dd
|
|
Change-Id: I997fa8808eaf48aad24a7097b82571be9f0ee252
|
|
This commit filters out cipher suites not to be used in TLS-1.3
We still need to add new cipher suites for TLS-1.3 and possible
add new information to the suite data structure.
|
|
Conflicts:
lib/ssl/src/ssl_connection.erl
lib/ssl/src/tls_connection.erl
|