aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_cipher.erl
AgeCommit message (Collapse)Author
2016-05-31Improve SSL diagnosticsAlexey Lebedeff
There are a lot of cases where `ssl` application just returns unhelpful `handshake failure` or `internal error`. This patch tries to provide better diagnostics so operator can debug his SSL misconfiguration without doing hardcore erlang debugging. Here is an example escript that incorrectly uses server certificate as a client one: https://gist.github.com/binarin/35c34c2df7556bf04c8a878682ef3d67 With the patch it is properly reported as an error in "extended key usage".
2016-04-29ssl: Correct cipher suites conversionIngela Anderton Andin
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb
2016-04-25ssl: Corrections to cipher suite handlingIngela Anderton Andin
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2016-04-25ssl: Remove use of crypto:rand_bytes/1Ingela Anderton Andin
ssl already used crypto:strong_rand_bytes/1 for most operations as its use cases are mostly cryptographical. Now crypto:strong_rand_bytes/1 will be used everywhere. However crypto:rand_bytes/1 was used as fallback if crypto:strong_rand_bytes/1 throws low_entropy, this will no longer be the case. This is a potential incompatibility. The fallback was introduced a long time ago for interoperability reasons. Now days this should not be a problem, and if it is, the security compromise is not acceptable anyway.
2016-04-13Merge branch 'henrik/update-copyrightyear'Henrik Nord
* henrik/update-copyrightyear: update copyright-year
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-03-15update copyright-yearHenrik Nord
2016-02-22Merge branch 'maint'Ingela Anderton Andin
2016-02-22ssl: Newer cipher suites now presented correctlyIngela Anderton Andin
Older SSL/TLS versions have cipher suites that look like {key_exchange(), cipher(), MAC::hash()} and the hash function used by the PRF (Pseudo Random function) is implicit and always the same for that protocol version. In TLS 1.2 a cipher suite is {key_exchange(), cipher(), MAC::hash(), PRF::hash()}. Internally a cipher suite is always a four tuple but for backwards compatibility older cipher suites will be presented as a three tuples, however new cipher suites should be presented as four tuples.
2016-02-22ssl: Include options form connect/listen/accept in connection_information/[1,2]Ingela Anderton Andin
Make sure that options only relevant for one role (client|server) is set to undefined when the other role is invoked. As there are many options to ssl, and many are optional, we choose to filter out all undefined options to avoid overwhelming the user with not relevant information. This way there is no need for any special handling of the role specific options which is also nice.
2016-02-18ssl: Remove DES ciphers from default configurationIngela Anderton Andin
DES is not considered secure. Also correct 'Server Name Indication' support description.
2015-06-18Change license text to APLv2Bruce Yinhe
2015-06-10ssl: Add unassigned valuesIngela Anderton Andin
2015-06-08ssl: Do not crash on proprietary hash_sign algorithmsIngela Anderton Andin
TLS hash_sign algorithms may have proprietary values see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml We should add callbacks to let applications handle them. But for now we do not want to crash if they are present and let other algorithms be negotiated.
2015-03-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl
2015-03-02ssl: Implement support for TLS_FALLBACK_SCSVIngela Anderton Andin
2015-01-23ssl: Remove default support for RC4 ciphersIngela Anderton Andin
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl
2014-09-03ssl: add draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 SuitesAndreas Schultz
2014-09-03ssl: add PSK-GCM suitesAndreas Schultz
2014-09-03ssl: implement AES128-GCM suitesAndreas Schultz
2014-05-28ssl: Filter default ciphers for supported Crypto algorihmsIngela Anderton Andin
2014-04-16ssl: Select supported cipher suites for the negotiated SSL/TLS-versionIngela Anderton Andin
When selecting the available cipher suites for the server all cipher suites for the highest supported SSL/TLS-version would be selected, and not all supported for the negotiated SSL/TLS-version. This could lead to that faulty clients could negotiate cipher suites that they can not support. This change will enable the faulty client to negotiate another cipher suite that it can support.
2014-03-25ssl: Improve type specsIngela Anderton Andin
Conflicts: lib/ssl/src/dtls_record.erl
2014-03-25ssl: Refactor and start implementing dtls_connection.erlIngela Anderton Andin
2013-12-02ssl: Refactor handshake and record handlingIngela Anderton Andin
2013-10-14ssl: Honor TLS client ECC extensionIngela Anderton Andin
Also the server should only send ECC point formats extension not ECC curve extension.
2013-09-10ssl: Refactor TLS/DTLS record handlingIngela Anderton Andin
2013-09-10ssl: Dialyzer fixesIngela Anderton Andin
2013-09-10ssl: DTLS record handlingIngela Anderton Andin
Also refactor so that TLS and DTLS can have common functions when possible.
2013-09-02ssl: Handle signature_algorithm field in digitally_signed properlyIngela Anderton Andin
with proper defaults Added ssl_ECC_SUITE
2013-06-07ssl: Fix dialyzer warningsIngela Anderton Andin
2013-05-20ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0Ingela Anderton Andin
2013-05-08ssl: Only send ECC-hello extension if ECC-cipher suites are advertisedIngela Anderton Andin
2013-05-08ssl & crypto: Generalize the remaining crypto APIIngela Anderton Andin
2013-05-08ssl & public_key: Use new crypto API functionsIngela Anderton Andin
2013-05-08crypto: Deprecate functions, update doc and specsIngela Anderton Andin
2013-05-08SSL: add Elliptic Curve support for ssl appAndreas Schultz
2013-05-08SSL: filter TLS cipher suites for supported algorithmsAndreas Schultz
2013-03-28SSL: enable hash_size values for sha224, sha384 and sha512Andreas Schultz
Some of the PSK and SRP ciphers default to sha384, this enables hash_size for that cipher. It also adds sha512 and sha224 to be prepared for further cipher enhancements.
2013-03-28SSL: add TLS-SRP (RFC 5054) cipher suitesAndreas Schultz
2013-03-28SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suitesAndreas Schultz
2013-03-13public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27Ingela Anderton Andin
Some certificates may use these OIDs instead of the ones defined by PKIX/PKCS standard. Refactor code so that all handling of the "duplicate" oids is done by public_key. Update algorithm information in documentation.
2012-08-23ssl: Clean up of code thanks to dialyzerIngela Anderton Andin
2012-08-22ssl: Use crypto:strong_rand_bytes if possibleIngela Anderton Andin
2012-08-22ssl: Add Signature Algorithms hello extension from TLS 1.2Andreas Schultz
This is also avoids triggering some bugs in OpenSSL.
2012-08-22ssl: IDEA cipher is deprecated by TLS 1.2Ingela Anderton Andin
As we did not yet support IDEA ciphers and they have now become deprecated we skip supporting them altogether.
2012-08-22ssl: Make signature handling version dependantAndreas Schultz
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware
2012-08-22ssl: Fix PRF logicIngela Anderton Andin