aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_cipher.erl
AgeCommit message (Collapse)Author
2017-12-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_handshake.erl
2017-12-05ssl: Use maps for cipher suites internallyIngela Anderton Andin
This is a preparation for improvements to come in option handling and support for TLS-1.3
2017-08-22Merge pull request #1518 from RoadRunnr/R20/ssl_anon_certsIngela Andin
RFC: ecdhe_psk cipher suites OTP-14547
2017-08-10ssl: Correct cipher suite handlingIngela Anderton Andin
This is mainly fixing the test suites so that they test the intended cipher suites, issue reported in ERL-460. Also ssl_cipher:anonymous_suites was corrected for DTLS.
2017-07-23add draft-mattsson-tls-ecdhe-psk-aead ECDHE-PSK with GCM ciphersAndreas Schultz
Add the GCM ciphers from draft-mattsson-tls-ecdhe-psk-aead and the specification for the CCM cipher (but leave them commented out as we don't support CCM yet).
2017-07-21ssl: add ECDHE_PSK cipher suitesAndreas Schultz
2017-05-04Update copyright yearRaimo Niskanen
2017-04-13ssl, dtls: Refactor so that DTLS records are handled correctly together with ↵Ingela Anderton Andin
AEAD handling
2017-04-13ssl, dtls: Correct integer type for sequence numberIngela Anderton Andin
2017-03-06dtls: DTLS specific handling of socket and ciphersIngela Anderton Andin
DTLS does not support stream ciphers and needs diffrent handling of the "#ssl_socket{}" handle .
2016-12-05ssl: Implement DTLS state machineIngela Anderton Andin
Beta DTLS, not production ready. Only very basically tested, and not everything in the SPEC is implemented and some things are hard coded that should not be, so this implementation can not be consider secure. Refactor "TLS connection state" and socket handling, to facilitate DTLS implementation. Create dtls "listner" (multiplexor) process that spawns DTLS connection process handlers. Handle DTLS fragmentation. Framework for handling retransmissions. Replay Detection is not implemented yet. Alerts currently always handled as in TLS.
2016-10-10Properly filter ssl cipher suites reported as supportedDániel Szoboszlay
Adapted from commit 675ee6860d2c273bcc6c6a0536634a107e2a3d9f. Conflicts: lib/ssl/src/ssl_cipher.erl
2016-10-07Merge branch 'ingela/ssl/cipher-type-spec' into maintIngela Anderton Andin
* ingela/ssl/cipher-type-spec: ssl: Adjust cipher type to conform to implementation
2016-10-05ssl: Adjust cipher type to conform to implementationIngela Anderton Andin
2016-10-04Merge branch 'RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896' into maintRaimo Niskanen
* RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896: disable RC4 in SSL when crypto doesn't support it Fix compilation when OpenSSL doesn't support RC4 Conflicts: lib/crypto/c_src/crypto.c
2016-09-30ssl: Correct anonymous suite handlingIngela Anderton Andin
Test suite did not take TLS-version in to account. Also some anonymous suites where included incorrectly in some TLS versions.
2016-09-22disable RC4 in SSL when crypto doesn't support itAndreas Schultz
2016-05-31Improve SSL diagnosticsAlexey Lebedeff
There are a lot of cases where `ssl` application just returns unhelpful `handshake failure` or `internal error`. This patch tries to provide better diagnostics so operator can debug his SSL misconfiguration without doing hardcore erlang debugging. Here is an example escript that incorrectly uses server certificate as a client one: https://gist.github.com/binarin/35c34c2df7556bf04c8a878682ef3d67 With the patch it is properly reported as an error in "extended key usage".
2016-04-29ssl: Correct cipher suites conversionIngela Anderton Andin
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb
2016-04-25ssl: Corrections to cipher suite handlingIngela Anderton Andin
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2016-04-25ssl: Remove use of crypto:rand_bytes/1Ingela Anderton Andin
ssl already used crypto:strong_rand_bytes/1 for most operations as its use cases are mostly cryptographical. Now crypto:strong_rand_bytes/1 will be used everywhere. However crypto:rand_bytes/1 was used as fallback if crypto:strong_rand_bytes/1 throws low_entropy, this will no longer be the case. This is a potential incompatibility. The fallback was introduced a long time ago for interoperability reasons. Now days this should not be a problem, and if it is, the security compromise is not acceptable anyway.
2016-04-13Merge branch 'henrik/update-copyrightyear'Henrik Nord
* henrik/update-copyrightyear: update copyright-year
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-03-15update copyright-yearHenrik Nord
2016-02-22Merge branch 'maint'Ingela Anderton Andin
2016-02-22ssl: Newer cipher suites now presented correctlyIngela Anderton Andin
Older SSL/TLS versions have cipher suites that look like {key_exchange(), cipher(), MAC::hash()} and the hash function used by the PRF (Pseudo Random function) is implicit and always the same for that protocol version. In TLS 1.2 a cipher suite is {key_exchange(), cipher(), MAC::hash(), PRF::hash()}. Internally a cipher suite is always a four tuple but for backwards compatibility older cipher suites will be presented as a three tuples, however new cipher suites should be presented as four tuples.
2016-02-22ssl: Include options form connect/listen/accept in connection_information/[1,2]Ingela Anderton Andin
Make sure that options only relevant for one role (client|server) is set to undefined when the other role is invoked. As there are many options to ssl, and many are optional, we choose to filter out all undefined options to avoid overwhelming the user with not relevant information. This way there is no need for any special handling of the role specific options which is also nice.
2016-02-18ssl: Remove DES ciphers from default configurationIngela Anderton Andin
DES is not considered secure. Also correct 'Server Name Indication' support description.
2015-06-18Change license text to APLv2Bruce Yinhe
2015-06-10ssl: Add unassigned valuesIngela Anderton Andin
2015-06-08ssl: Do not crash on proprietary hash_sign algorithmsIngela Anderton Andin
TLS hash_sign algorithms may have proprietary values see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml We should add callbacks to let applications handle them. But for now we do not want to crash if they are present and let other algorithms be negotiated.
2015-03-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl
2015-03-02ssl: Implement support for TLS_FALLBACK_SCSVIngela Anderton Andin
2015-01-23ssl: Remove default support for RC4 ciphersIngela Anderton Andin
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl
2014-09-03ssl: add draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 SuitesAndreas Schultz
2014-09-03ssl: add PSK-GCM suitesAndreas Schultz
2014-09-03ssl: implement AES128-GCM suitesAndreas Schultz
2014-05-28ssl: Filter default ciphers for supported Crypto algorihmsIngela Anderton Andin
2014-04-16ssl: Select supported cipher suites for the negotiated SSL/TLS-versionIngela Anderton Andin
When selecting the available cipher suites for the server all cipher suites for the highest supported SSL/TLS-version would be selected, and not all supported for the negotiated SSL/TLS-version. This could lead to that faulty clients could negotiate cipher suites that they can not support. This change will enable the faulty client to negotiate another cipher suite that it can support.
2014-03-25ssl: Improve type specsIngela Anderton Andin
Conflicts: lib/ssl/src/dtls_record.erl
2014-03-25ssl: Refactor and start implementing dtls_connection.erlIngela Anderton Andin
2013-12-02ssl: Refactor handshake and record handlingIngela Anderton Andin
2013-10-14ssl: Honor TLS client ECC extensionIngela Anderton Andin
Also the server should only send ECC point formats extension not ECC curve extension.
2013-09-10ssl: Refactor TLS/DTLS record handlingIngela Anderton Andin
2013-09-10ssl: Dialyzer fixesIngela Anderton Andin
2013-09-10ssl: DTLS record handlingIngela Anderton Andin
Also refactor so that TLS and DTLS can have common functions when possible.
2013-09-02ssl: Handle signature_algorithm field in digitally_signed properlyIngela Anderton Andin
with proper defaults Added ssl_ECC_SUITE
2013-06-07ssl: Fix dialyzer warningsIngela Anderton Andin