Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-12-02 | ssl: Refactor API | Ingela Anderton Andin | |
New design : ssl - Main tls - Reflect tls specific semantics dtls - Reflect dtls specific semantics | |||
2013-12-02 | ssl, public_key: Dialyzer fixes | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor premaster secret handling | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor connection and handshake handling | Ingela Anderton Andin | |
2013-11-06 | Add a new server_name_indication option to ssl:connect | Julien Barbot | |
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS. | |||
2013-11-06 | Add SSL Server Name Indication (SNI) client support | Julien Barbot | |
See RFC 6066 section 3 | |||
2013-10-14 | ssl: Honor TLS client ECC extension | Ingela Anderton Andin | |
Also the server should only send ECC point formats extension not ECC curve extension. | |||
2013-09-10 | ssl: Refactor TLS/DTLS record handling | Ingela Anderton Andin | |
2013-09-10 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2013-09-10 | ssl: Solve rebase issues | Ingela Anderton Andin | |
2013-09-10 | ssl: DTLS record handling | Ingela Anderton Andin | |
Also refactor so that TLS and DTLS can have common functions when possible. | |||
2013-09-10 | ssl: Refactor to provide common handshake functions for TLS/DTLS | Ingela Anderton Andin | |
Common functions will be located in ssl_handshake.erl while specific functions will be located in tls_handshake.erl and dtls_handshake.erl | |||
2013-06-04 | ssl: Structural perarparation to support DTLS | Ingela Anderton Andin | |
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl | |||
2013-06-04 | ssl: Rename ssl_certificate_db to ssl_pkix_db for clarity | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/ssl.app.src lib/ssl/src/ssl_manager.erl | |||
2013-05-20 | ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0 | Ingela Anderton Andin | |
2013-05-08 | ssl: Only send ECC-hello extension if ECC-cipher suites are advertised | Ingela Anderton Andin | |
2013-05-08 | crypto: Deprecate functions, update doc and specs | Ingela Anderton Andin | |
2013-05-08 | ssl, crypto: Eliminate remaining mpint and EC resource key from API | Ingela Anderton Andin | |
2013-05-08 | ssl, public_key, crypto: General generate_key and compute_key functions | Ingela Anderton Andin | |
2013-05-08 | ssl: Improve extention handling | Ingela Anderton Andin | |
2013-05-08 | ssl: Remove dependency on internal public_key function | Ingela Anderton Andin | |
Avoid unneccessary conversion as the input format is an oid (according to ASN1 spec) we do not need to handle it as an atom in ssl. | |||
2013-05-08 | ssl & public_key: Improved handling ECDH keys | Ingela Anderton Andin | |
2013-05-08 | ssl & public_key: New public_key API for DH/ECDH/SRP keys | Ingela Anderton Andin | |
2013-05-08 | ssl: Make better use of the crypto API | Ingela Anderton Andin | |
Use the functions in crypto that we want to keep in the API. | |||
2013-05-08 | SSL: add Elliptic Curve support for ssl app | Andreas Schultz | |
2013-03-28 | SSL: add TLS-SRP (RFC 5054) cipher suites | Andreas Schultz | |
2013-03-28 | SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suites | Andreas Schultz | |
2013-03-05 | ssl: Check that negotiated version is a supported version. | Ingela Anderton Andin | |
2013-01-17 | SSL: simplify server key encoding, decoding and signature handling | Andreas Schultz | |
server key encoding depends to the negotiated key exchange. Before the encoding was limited to diffie-hellman keys. This changes allows to select the key structure to decode and verify. It also consolidates the transport encoding of the parameters into one place. | |||
2013-01-17 | SSL: unify the different implementations signature check implementations | Andreas Schultz | |
ssl_handshake and ssl_connection where doing essentially the same when checking a public key signature. This unify both into a single function | |||
2012-11-18 | SSL: TLS 1.2, advertise sha224 support | Andreas Schultz | |
SHA-224 is still better than SHA-1, so let the world know we support it | |||
2012-09-20 | ssl: Dialyzer fixes and code cleaning | Ingela Anderton Andin | |
Types in a record where wrongly type specified, did not include undefined. Make them comments for now, maybe we will specify internal records with dialyzer types later, but as the other record fields are not specified at the moment, with dialyzer types, make the code consistent. | |||
2012-09-20 | ssl: Changed default behaviour of next protocol negotiation to make | Ingela Anderton Andin | |
more "sense" (be true to the specification). | |||
2012-09-20 | ssl: Support for SSL Next Protocol Negotiation | Ben Murphy | |
* http://technotes.googlecode.com/git/nextprotoneg.html | |||
2012-08-24 | ssl & public_key: Workaround that some certificates encode countryname as ↵ | Ingela Anderton Andin | |
utf8 and close down gracefully if other ASN-1 errors occur. The reason certificate_unknown that is used as ALERT for ASN-1 encoding failure is described as: Some other (unspecified) issue arose in processing the certificate, rendering it unacceptable. | |||
2012-08-23 | ssl: Clean up of code thanks to dialyzer | Ingela Anderton Andin | |
2012-08-22 | ssl & public_key: Add use of more "sha-rsa oids" | Ingela Anderton Andin | |
2012-08-22 | ssl: TLS 1.2: fix hash and signature handling | Andreas Schultz | |
with TLS 1.2 the hash and signature on a certify message can differ from the defaults. So we have to make sure to always use the hash and signature algorithm indicated in the handshake message | |||
2012-08-22 | ssl: TLS 1.2: fix Certificate Request list of Accepted Signatur/Hash ↵ | Andreas Schultz | |
combinations | |||
2012-08-22 | ssl: Add Signature Algorithms hello extension from TLS 1.2 | Andreas Schultz | |
This is also avoids triggering some bugs in OpenSSL. | |||
2012-08-22 | ssl: Signture type bug | Ingela Anderton Andin | |
2012-08-22 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2012-08-22 | ssl: Implement TLS 1.2 signature support | Andreas Schultz | |
2012-08-22 | ssl: Make signature handling version dependant | Andreas Schultz | |
TLS 1.2 introduces changes on how signatures are calculate and encoded. This makes the signature handling version aware | |||
2012-08-22 | ssl: Fix PRF logic | Ingela Anderton Andin | |
2012-08-22 | ssl: Implement and activate PRFs for TLS 1.1 and 1.2 | Andreas Schultz | |
2012-08-22 | ssl: make PRF function selectable | Andreas Schultz | |
TLS 1.2 allows to negotiate the used PRF, additional the default PRF uses a different hash. This change make the PRF selectable and hardwires the PRF for TLS < 1.2 | |||
2012-08-22 | ssl: Add TLS version to dec_hs/2 | Andreas Schultz | |
TLS 1.2 changes the layout of several handshake records. This adds the TLS version to dec_hs/2 so it can decode those. | |||
2012-08-22 | ssl: Add TLS version to ssl_handshake:key_exchange/3 | Andreas Schultz | |
TLS 1.2 changed the way digital signatures are done. key_exchange/3 needs to pass the version to it. | |||
2012-08-22 | ssl: Calculate handshake hash only when needed | Andreas Schultz | |
TLS/SSL version before 1.2 always used a MD5/SHA combination for the handshake hashes. With TLS 1.2 the default hash is SHA256 and it is possible to negotiate a different hash. This change delays the calculation of the handshake hashes until they are really needed. At that point the hash to use should be known. For now MD5/SHA is still hard coded. |