Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-09-03 | ssl: implement AES128-GCM suites | Andreas Schultz | |
2014-06-12 | ssl: Fix dialyzer specs to reflect reality | Ingela Anderton Andin | |
2014-06-05 | ssl: Version argument to ssl_cipher:anonymous_suites should not be added yet! | Ingela Anderton Andin | |
2014-06-03 | SSL: always filter the full list of supported ciphers against the supported ↵ | Andreas Schultz | |
algorithms With the addition of more ciphers that are not supported in all configurations, using a manually prefiltered cipher list (e.g. EC vs. non-EC ciphers) becomes to complex. Replace the manual split with ssl_cipher:filter_suites/1 in all places. Conflicts: lib/ssl/src/ssl.erl lib/ssl/src/tls_v1.erl | |||
2014-05-28 | ssl: Filter default ciphers for supported Crypto algorihms | Ingela Anderton Andin | |
2014-05-26 | ssl: Add ssl options to listen options tracker | Ingela Anderton Andin | |
2014-05-12 | Merge branch 'ia/ssl/inherit/OTP-11897' into maint | Ingela Anderton Andin | |
* ia/ssl/inherit/OTP-11897: ssl: Handle socket option inheritance when pooling of accept sockets is used | |||
2014-05-09 | ssl: Handle socket option inheritance when pooling of accept sockets is used | Ingela Anderton Andin | |
Implement a listen socket tracker process that holds the emulated socket options so that it is possible to implement a destructive ssl:setopts on SSL/TLS listen sockets without changing the options of the internal socket as we want that socket to have the internal socket option values. | |||
2014-05-07 | ssl: SSL/TLS version input list shall not be order dependent | Ingela Anderton Andin | |
2014-04-16 | ssl: Select supported cipher suites for the negotiated SSL/TLS-version | Ingela Anderton Andin | |
When selecting the available cipher suites for the server all cipher suites for the highest supported SSL/TLS-version would be selected, and not all supported for the negotiated SSL/TLS-version. This could lead to that faulty clients could negotiate cipher suites that they can not support. This change will enable the faulty client to negotiate another cipher suite that it can support. | |||
2014-03-31 | ssl: Add possibility to specify ssl options when calling ssl:ssl_accept | Ingela Anderton Andin | |
2014-03-25 | ssl: Improve type specs | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/dtls_record.erl | |||
2014-03-25 | ssl: Refactor and start implementing dtls_connection.erl | Ingela Anderton Andin | |
2014-03-04 | ssl: Add exception for inet and inet6 to proplist check | Ingela Anderton Andin | |
2014-03-04 | ssl: Add input sanity check | Ingela Anderton Andin | |
Avoid puzzling behavior due to options being disregarded if they are not key value tuples. | |||
2014-02-14 | ssl: Fix possible mismatch between SSL/TLS version and default ciphers | Ingela Anderton Andin | |
2014-02-06 | ssl: Unicode adaptions | Ingela Anderton Andin | |
2014-01-28 | ssl: use is_boolean/1 guard in option validation | Andreas Schultz | |
2014-01-21 | Implement 'honor_cipher_order' SSL server-side option | Andrew Thompson | |
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz. | |||
2014-01-14 | ssl: Add missing options validation of server_name_indication | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor connetion handling | Ingela Anderton Andin | |
2013-12-02 | ssl: API and supervisor | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor API | Ingela Anderton Andin | |
New design : ssl - Main tls - Reflect tls specific semantics dtls - Reflect dtls specific semantics | |||
2013-08-23 | Merge branch 'maint-r15' into maint-r16 | Fredrik Gustafsson | |
Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_lib/http_transport.erl lib/inets/src/inets_app/inets.appup.src lib/inets/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/src/ssl.appup.src lib/ssl/src/ssl.erl lib/ssl/src/ssl_internal.hrl lib/ssl/src/tls_connection.erl lib/ssl/vsn.mk | |||
2013-08-21 | [inets, ssl]: make log_alert configurable as option in ssl, SSLLogLevel ↵ | Fredrik Gustafsson | |
added as option to inets conf file | |||
2013-06-07 | ssl: Fix dialyzer warnings | Ingela Anderton Andin | |
2013-06-04 | ssl: Structural perarparation to support DTLS | Ingela Anderton Andin | |
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl | |||
2013-05-24 | ssl: Remove unused `srp_parameters` type spec | Klaus Trainer | |
As the file 'lib/ssl/src/ssl_srp_primes.hrl' only contains a specification of a `srp_parameters` type that isn't exported and also isn't referenced anywhere (neither in the code nor in the documentation), the type specification (and hence the file as well) can be removed. | |||
2013-05-08 | SSL: add Elliptic Curve support for ssl app | Andreas Schultz | |
2013-05-08 | SSL: filter TLS cipher suites for supported algorithms | Andreas Schultz | |
2013-04-03 | ssl: Add option to list all available ciper suites and enhanced documentation | Ingela Anderton Andin | |
2013-03-28 | SSL: add TLS-SRP (RFC 5054) cipher suites | Andreas Schultz | |
2013-03-28 | SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suites | Andreas Schultz | |
2013-03-05 | ssl: Check that negotiated version is a supported version. | Ingela Anderton Andin | |
2013-02-18 | ssl: Further error handling enhancments | Ingela Anderton Andin | |
follow up enhancments done in commit e56167dd6ca8d37d26ea7f19933691a3bda41113 Make sure format_error return good strings. Replace confusing legacy atoms with more descriptive atoms. | |||
2013-02-12 | ssl: Generalize cb_info option | Ingela Anderton Andin | |
2012-12-19 | ssl & orber: Remove ssl:pid/1 (has been pointless since R14) | Ingela Anderton Andin | |
2012-12-06 | Merge branch 'maint' | Ingela Anderton Andin | |
Conflicts: erts/emulator/sys/vxworks/sys.c erts/vsn.mk lib/ssl/src/ssl_connection.erl lib/ssl/test/ssl_basic_SUITE.erl | |||
2012-12-06 | ssl: Export sslsocket() dialyzer type | Ingela Anderton Andin | |
2012-11-14 | Merge remote branch 'upstream/maint' | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/ssl_connection.erl | |||
2012-11-13 | ssl: Add default values to emulated socket options in internal record | Ingela Anderton Andin | |
The absence of the active default values could cause a process leak | |||
2012-10-01 | ssl: Improve #sslsocket{} API | Ingela Anderton Andin | |
A #sslsocket{} contains the fsm pid and value that was previously set to old_ssl or new_ssl to make the transition period smoother. Now that old ssl is not supported any more we use this field to store the inet socket reference instead. This enables some API functions to return quicker as they do not need to communicate with the fsm-process. | |||
2012-10-01 | ssl: It is now possible to call controlling_process on a listen socket, | Ingela Anderton Andin | |
same as in gen_tcp. Made error handling of listen sockets as arguments to funtions expecting a connected socket more inet/gen_tcp like. | |||
2012-09-21 | ssl: SSL 3.0 does not support next protocol negotiation | Ingela Anderton Andin | |
Also shorten test cases names to workaround test framework problems on windows | |||
2012-09-20 | ssl: Changed default behaviour of next protocol negotiation to make | Ingela Anderton Andin | |
more "sense" (be true to the specification). | |||
2012-09-20 | ssl: Support for SSL Next Protocol Negotiation | Ben Murphy | |
* http://technotes.googlecode.com/git/nextprotoneg.html | |||
2012-08-22 | ssl: Use crypto:strong_rand_bytes if possible | Ingela Anderton Andin | |
2012-08-22 | ssl: TLS-1.1 and TLS-1.2 support should not be default until R16 | Ingela Anderton Andin | |
2012-08-22 | ssl: Enable TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: make PRF function selectable | Andreas Schultz | |
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2 |