aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_internal.hrl
AgeCommit message (Collapse)Author
2016-11-02Add ECC curve selection order config in TLS serverFred Hebert
As per RFC 4492 Sec 5.1, the preferred order of selection of named curves is based on client preferences. Currently, the SSL application only picks entries according to the absolute order of entries as tracked in a hardcoded list in code. This patch changes things so that the client-specified order is preferred. It also allows a mode where the server can be configured to override the client's preferred order with its own, although the chosen ECC must still be within both lists. The configuration is done through the following options: - `eccs`, shared by clients and servers alike, allows the specification of the supported named curves, in their preferred order, and may eventually support more values for explicit primes and so on. - `honor_ecc_order`, a server-only option, is similar to `honor_cipher_order` and will, by default let the server pick the client-preferred ECC, and otherwise pick the server-preferred one. The default value for `eccs` is the same as before, although the server-chosen ECC now defaults to the client rather than previous choice. A function `ssl:eccs()` has been added that returns the highest supported ECCs for the library.
2016-06-03ssl: Add option to phase out support for sslv2 client helloIngela Anderton Andin
ssl servers can recognize sslv2 client hellos to interop with clients that support higher version of SSL/TLS but also offers sslv2 Conflicts: lib/ssl/src/tls_connection.erl
2016-05-26ssl: Add BEAST mitigation selection optionKenneth Lakin
Some legacy TLS 1.0 software does not tolerate the 1/n-1 content split BEAST mitigation technique. This commit adds a beast_mitigation SSL option (defaulting to one_n_minus_one) to select or disable the BEAST mitigation technique. Valid option values are (one_n_minus_one | zero_n | disabled).
2016-05-03ssl: Use gen_statem instead of gen_fsmIngela Anderton Andin
Also reduce timing issues in tests
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2015-11-26Merge branch 'maint'Zandra
2015-10-22fix incorrect number of seconds in 24h macroPawel Pikula
The previous commit - 7b93f5d8a224a0a076a420294c95a666a763ee60 fixed the macro only in one place.
2015-10-09Update SSLHans Bolinder
Record field types have been modified due to commit 8ce35b2: "Take out automatic insertion of 'undefined' from typed record fields".
2015-06-18Change license text to APLv2Bruce Yinhe
2015-06-10Merge branch 'ferd/deny-client-renegotiation'Henrik Nord
* ferd/deny-client-renegotiation: Add disable client-initiated renegotiation option Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl OTP-12815
2015-06-03Add disable client-initiated renegotiation optionFred Hebert
Client-initiated renegotiation is more costly for the server than the client, and this feature can be abused in denial of service attempts. Although the ssl application already takes counter-measure for these (via cooldown periods between renegotiations), it can be useful to disable the feature entirely. This patch adds the `{client_renegotiation, boolean()}' option to the server-side of the SSL application (defaulting to `true' to be compatible with the current behaviour). The option disables the ability to do any renegotiation at all in the protocol's state, reusing the existing denial code, but without opening the code path that sets up a timed message to eventually reopen it up.
2015-05-12ssl: Refactored and corrected sni_fun handlingIngela Anderton Andin
Dialyzer warned about the incorrect match of Packets. Code was refactored and the problem avoided in the process. Dialyzer warned that the empty tuple is not a function as the contract said it should be. Changed the handling of the sni_fun default value to be undefined and added it to the contract.
2015-05-12ssl: add option sni_funQijiang Fan
The newly added function sni_fun allows dynamic update of SSL options like keys and certificates depending on different SNI hostname, rather than a predefined rules of SSL options.
2015-05-12ssl: add SNI server supportQijiang Fan
2015-03-23ssl: Dialyzer fixesIngela Anderton Andin
2015-03-17ssl: Add TLS-ALPN supportLoïc Hoguin
This commit adds support for RFC7301, application-layer protocol negotiation. ALPN is the standard based approach to the NPN extension, and is required for HTTP/2. ALPN lives side by side with NPN and provides an equivalent feature but in this case it is the server that decides what protocol to use, not the client. When both ALPN and NPN are sent by a client, and the server is configured with both ALPN and NPN options, ALPN will always take precedence. This behavior can also be found in the OpenSSL implementation of ALPN. ALPN and NPN share the ssl:negotiated_protocol/1 function for retrieving the negotiated protocol. The previously existing function ssl:negotiated_next_protocol/1 still exists, but has been deprecated and removed from the documentation. The tests against OpenSSL require OpenSSL version 1.0.2+.
2015-03-09ssl: Integrate public_key CRL verification with the ssl applicationIngela Anderton Andin
2015-03-05Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl
2015-03-02ssl: Implement support for TLS_FALLBACK_SCSVIngela Anderton Andin
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option
2015-01-23ssl: Remove sslv3 from the default supported protocol versionsIngela Anderton Andin
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl
2014-12-01ssl: Change code to reflect that state data may be secretIngela Anderton Andin
2014-09-09ssl, public_key: Add new option partial_chainIngela Anderton Andin
Check that the certificate chain ends with a trusted ROOT CA e.i. a self-signed certificate, but provide an option partial_chain to enable the application to define an intermediat CA as trusted. TLS RFC says: "unknown_ca A valid certificate chain or partial chain was received, but the certificate was not accepted because the CA certificate could not be located or couldn't be matched with a known, trusted CA. This message is always fatal." and also states: "certificate_list This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it. Because certificate validation requires that root keys be distributed independently, the self-signed certificate that specifies the root certificate authority MAY be omitted from the chain, under the assumption that the remote end must already possess it in order to validate it in any case." X509 RFC says: "The selection of a trust anchor is a matter of policy: it could be the top CA in a hierarchical PKI, the CA that issued the verifier's own certificate(s), or any other CA in a network PKI. The path validation procedure is the same regardless of the choice of trust anchor. In addition, different applications may rely on different trust anchors, or may accept paths that begin with any of a set of trust anchors."
2014-05-09ssl: Handle socket option inheritance when pooling of accept sockets is usedIngela Anderton Andin
Implement a listen socket tracker process that holds the emulated socket options so that it is possible to implement a destructive ssl:setopts on SSL/TLS listen sockets without changing the options of the internal socket as we want that socket to have the internal socket option values.
2014-03-31ssl: Add possibility to specify ssl options when calling ssl:ssl_acceptIngela Anderton Andin
2014-03-25ssl: Improve type specsIngela Anderton Andin
Conflicts: lib/ssl/src/dtls_record.erl
2014-02-06public_key: Export some dialyzer typesIngela Anderton Andin
Move dilayzer types from include file to erl file and use -export_type
2014-01-28Fix incorrect use of public_key:private_key/0 typeTuncer Ayaz
public_key:private_key/0 was referenced but undefined, and lib/ssl had a local definition of private_key/0. To fix that, make the following changes: * add public_key:private_key/0 type * document public_key/0 and private_key/0 * fix incorrect definitions and references
2014-01-21Implement 'honor_cipher_order' SSL server-side optionAndrew Thompson
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz.
2013-12-02ssl: Dialyzer fixesIngela Anderton Andin
2013-12-02ssl: Refactor APIIngela Anderton Andin
New design : ssl - Main tls - Reflect tls specific semantics dtls - Reflect dtls specific semantics
2013-11-06Add a new server_name_indication option to ssl:connectJulien Barbot
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS.
2013-09-10ssl: Refactor TLS/DTLS record handlingIngela Anderton Andin
2013-09-10ssl: Refactor to provide common handshake functions for TLS/DTLSIngela Anderton Andin
Common functions will be located in ssl_handshake.erl while specific functions will be located in tls_handshake.erl and dtls_handshake.erl
2013-08-23Merge branch 'maint-r15' into maint-r16Fredrik Gustafsson
Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_lib/http_transport.erl lib/inets/src/inets_app/inets.appup.src lib/inets/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/src/ssl.appup.src lib/ssl/src/ssl.erl lib/ssl/src/ssl_internal.hrl lib/ssl/src/tls_connection.erl lib/ssl/vsn.mk
2013-08-21[inets, ssl]: make log_alert configurable as option in ssl, SSLLogLevel ↵Fredrik Gustafsson
added as option to inets conf file
2013-05-08ssl: Fix dialyzer specIngela Anderton Andin
2013-05-08crypto: Deprecate functions, update doc and specsIngela Anderton Andin
2013-03-28SSL: add TLS-SRP (RFC 5054) cipher suitesAndreas Schultz
2013-03-28SSL: add TLS PSK (RFC 4279 and RFC 5487) cipher suitesAndreas Schultz
2012-12-20ssl: Make TLS-1.2 default versionIngela Anderton Andin
2012-09-20ssl: Dialyzer fixes and code cleaningIngela Anderton Andin
Types in a record where wrongly type specified, did not include undefined. Make them comments for now, maybe we will specify internal records with dialyzer types later, but as the other record fields are not specified at the moment, with dialyzer types, make the code consistent.
2012-09-20ssl: Support for SSL Next Protocol NegotiationBen Murphy
* http://technotes.googlecode.com/git/nextprotoneg.html
2012-08-22ssl: TLS-1.1 and TLS-1.2 support should not be default until R16Ingela Anderton Andin
2012-08-22ssl: Enable TLS 1.2Andreas Schultz
2011-09-16Remove old ssl implementation and deprecated function ssl:peercert/1Ingela Anderton Andin
2011-09-09First fully working versionIngela Anderton Andin
2011-08-31Use inet and gen_* dialyzer specsIngela Anderton Andin
2011-06-29Removed global name from the certificate tabelIngela Anderton Andin
We want the certificate table to be handled the same way as the session table and not have a global name, so that we may easier create a separate ssl-manager to handle erlang distribution over ssl.