Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-04-06 | ssl: Add option signature_algs | Ingela Anderton Andin | |
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later. | |||
2016-02-22 | Merge branch 'maint' | Ingela Anderton Andin | |
2016-02-22 | ssl: Newer cipher suites now presented correctly | Ingela Anderton Andin | |
Older SSL/TLS versions have cipher suites that look like {key_exchange(), cipher(), MAC::hash()} and the hash function used by the PRF (Pseudo Random function) is implicit and always the same for that protocol version. In TLS 1.2 a cipher suite is {key_exchange(), cipher(), MAC::hash(), PRF::hash()}. Internally a cipher suite is always a four tuple but for backwards compatibility older cipher suites will be presented as a three tuples, however new cipher suites should be presented as four tuples. | |||
2016-02-22 | ssl: Include options form connect/listen/accept in connection_information/[1,2] | Ingela Anderton Andin | |
Make sure that options only relevant for one role (client|server) is set to undefined when the other role is invoked. As there are many options to ssl, and many are optional, we choose to filter out all undefined options to avoid overwhelming the user with not relevant information. This way there is no need for any special handling of the role specific options which is also nice. | |||
2016-02-18 | ssl: Remove DES ciphers from default configuration | Ingela Anderton Andin | |
DES is not considered secure. Also correct 'Server Name Indication' support description. | |||
2015-06-18 | Change license text to APLv2 | Bruce Yinhe | |
2015-06-10 | ssl: Add unassigned values | Ingela Anderton Andin | |
2015-06-08 | ssl: Do not crash on proprietary hash_sign algorithms | Ingela Anderton Andin | |
TLS hash_sign algorithms may have proprietary values see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml We should add callbacks to let applications handle them. But for now we do not want to crash if they are present and let other algorithms be negotiated. | |||
2015-03-05 | Merge branch 'maint' | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl | |||
2015-03-02 | ssl: Implement support for TLS_FALLBACK_SCSV | Ingela Anderton Andin | |
2015-01-23 | ssl: Remove default support for RC4 ciphers | Ingela Anderton Andin | |
2015-01-23 | ssl: Reenable padding check for TLS-1.0 and provide backwards compatible | Ingela Anderton Andin | |
disable option | |||
2015-01-23 | ssl: Reenable padding check for TLS-1.0 and provide backwards compatible | Ingela Anderton Andin | |
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl | |||
2014-09-03 | ssl: add draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 Suites | Andreas Schultz | |
2014-09-03 | ssl: add PSK-GCM suites | Andreas Schultz | |
2014-09-03 | ssl: implement AES128-GCM suites | Andreas Schultz | |
2014-05-28 | ssl: Filter default ciphers for supported Crypto algorihms | Ingela Anderton Andin | |
2014-04-16 | ssl: Select supported cipher suites for the negotiated SSL/TLS-version | Ingela Anderton Andin | |
When selecting the available cipher suites for the server all cipher suites for the highest supported SSL/TLS-version would be selected, and not all supported for the negotiated SSL/TLS-version. This could lead to that faulty clients could negotiate cipher suites that they can not support. This change will enable the faulty client to negotiate another cipher suite that it can support. | |||
2014-03-25 | ssl: Improve type specs | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/dtls_record.erl | |||
2014-03-25 | ssl: Refactor and start implementing dtls_connection.erl | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor handshake and record handling | Ingela Anderton Andin | |
2013-10-14 | ssl: Honor TLS client ECC extension | Ingela Anderton Andin | |
Also the server should only send ECC point formats extension not ECC curve extension. | |||
2013-09-10 | ssl: Refactor TLS/DTLS record handling | Ingela Anderton Andin | |
2013-09-10 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2013-09-10 | ssl: DTLS record handling | Ingela Anderton Andin | |
Also refactor so that TLS and DTLS can have common functions when possible. | |||
2013-09-02 | ssl: Handle signature_algorithm field in digitally_signed properly | Ingela Anderton Andin | |
with proper defaults Added ssl_ECC_SUITE | |||
2013-06-07 | ssl: Fix dialyzer warnings | Ingela Anderton Andin | |
2013-05-20 | ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0 | Ingela Anderton Andin | |
2013-05-08 | ssl: Only send ECC-hello extension if ECC-cipher suites are advertised | Ingela Anderton Andin | |
2013-05-08 | ssl & crypto: Generalize the remaining crypto API | Ingela Anderton Andin | |
2013-05-08 | ssl & public_key: Use new crypto API functions | Ingela Anderton Andin | |
2013-05-08 | crypto: Deprecate functions, update doc and specs | Ingela Anderton Andin | |
2013-05-08 | SSL: add Elliptic Curve support for ssl app | Andreas Schultz | |
2013-05-08 | SSL: filter TLS cipher suites for supported algorithms | Andreas Schultz | |
2013-03-28 | SSL: enable hash_size values for sha224, sha384 and sha512 | Andreas Schultz | |
Some of the PSK and SRP ciphers default to sha384, this enables hash_size for that cipher. It also adds sha512 and sha224 to be prepared for further cipher enhancements. | |||
2013-03-28 | SSL: add TLS-SRP (RFC 5054) cipher suites | Andreas Schultz | |
2013-03-28 | SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suites | Andreas Schultz | |
2013-03-13 | public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27 | Ingela Anderton Andin | |
Some certificates may use these OIDs instead of the ones defined by PKIX/PKCS standard. Refactor code so that all handling of the "duplicate" oids is done by public_key. Update algorithm information in documentation. | |||
2012-08-23 | ssl: Clean up of code thanks to dialyzer | Ingela Anderton Andin | |
2012-08-22 | ssl: Use crypto:strong_rand_bytes if possible | Ingela Anderton Andin | |
2012-08-22 | ssl: Add Signature Algorithms hello extension from TLS 1.2 | Andreas Schultz | |
This is also avoids triggering some bugs in OpenSSL. | |||
2012-08-22 | ssl: IDEA cipher is deprecated by TLS 1.2 | Ingela Anderton Andin | |
As we did not yet support IDEA ciphers and they have now become deprecated we skip supporting them altogether. | |||
2012-08-22 | ssl: Make signature handling version dependant | Andreas Schultz | |
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware | |||
2012-08-22 | ssl: Fix PRF logic | Ingela Anderton Andin | |
2012-08-22 | ssl: Add TLS 1.2 cipher suites | Andreas Schultz | |
2012-08-22 | ssl: make PRF function selectable | Andreas Schultz | |
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2 | |||
2012-08-22 | ssl: Add TLS 1.2 block cipher IV handling | Andreas Schultz | |
2012-08-22 | ssl: Consider TLS version when building cipher blocks | Andreas Schultz | |
With TLS 1.2 the handling of the IV in cipher blocks changed. This prepares ssl_cipher:cipher/5 for that change by passing the TLS version into it and allowing generic_block_cipher_from_bin/4 to overload the IV. | |||
2011-12-09 | Update copyright years | Björn-Egil Dahlberg | |
2011-12-05 | Fix typos in ssl_cipher.erl | Tuncer Ayaz | |