Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-12-02 | ssl: Refactor handshake and record handling | Ingela Anderton Andin | |
2013-09-10 | ssl: Refactor TLS/DTLS record handling | Ingela Anderton Andin | |
2013-09-10 | ssl: DTLS record handling | Ingela Anderton Andin | |
Also refactor so that TLS and DTLS can have common functions when possible. | |||
2013-06-04 | ssl: Structural perarparation to support DTLS | Ingela Anderton Andin | |
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl | |||
2013-05-20 | ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0 | Ingela Anderton Andin | |
2013-05-08 | ssl: Make better use of the crypto API | Ingela Anderton Andin | |
Use the functions in crypto that we want to keep in the API. | |||
2013-03-05 | ssl: Check that negotiated version is a supported version. | Ingela Anderton Andin | |
2012-12-20 | ssl: Make TLS-1.2 default version | Ingela Anderton Andin | |
2012-08-22 | ssl: TLS-1.1 and TLS-1.2 support should not be default until R16 | Ingela Anderton Andin | |
2012-08-22 | ssl: Enable TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Enable mac_hash for TLS 1.2 | Andreas Schultz | |
2012-08-22 | ssl: Fix PRF logic | Ingela Anderton Andin | |
2012-08-22 | ssl: Consider TLS version when building cipher blocks | Andreas Schultz | |
With TLS 1.2 the handling of the IV in cipher blocks changed. This prepares ssl_cipher:cipher/5 for that change by passing the TLS version into it and allowing generic_block_cipher_from_bin/4 to overload the IV. | |||
2011-12-05 | Do not do the 1/n-1 split for RC4 as it is not vulnerable to the ↵ | Ingela Anderton Andin | |
Rizzo/Duong-Beast attack. | |||
2011-11-23 | Implementation of 1/n-1 splitting countermeasure Rizzo/Duong-Beast | Ingela Anderton Andin | |
The code is refactored and improved to make it easier to insert the 1/n-1 splitting countermeasure Rizzo/Duong-Beast that is really done in one function clause in ssl:record_split_bin/3 | |||
2011-08-08 | replace "a ssl" with "an ssl" | Christian von Roques | |
2011-06-07 | Prevention of denial of service attack | Ingela Anderton Andin | |
2010-11-30 | Fixed guard and test case | Ingela Anderton Andin | |
Data to sign and verify should be inputed as binaries. Also cleaned up and moved some dialyzer specs. | |||
2010-11-18 | Added alert in stream cipher case. | Ingela Anderton Andin | |
Also changed alert to BAD_RECORD_MAC as: "differentiating between bad_record_mac and decryption_failed alerts may permit certain attacks against CBC mode as used in TLS [CBCATT]. It is preferable to uniformly use the bad_record_mac alert to hide the specific type of the error." Also cleaned up the code and changed a few other alert reasons in according to alert descriptions in the TLS RFC 4346. And added function terminate_alert/3 so that we can differentiate between a crash in ssl (a bug in our code) and a crash in the application using ssl. | |||
2010-09-15 | Corrected and added dialyzer specs | Ingela Anderton Andin | |
2010-08-23 | Revise the public_key API | Ingela Anderton Andin | |
Cleaned up and documented the public_key API to make it useful for general use. | |||
2010-06-22 | Added more -spec definitions. | Ingela Anderton Andin | |
2010-06-07 | OTP-8587 DSA key support | Ingela Anderton Andin | |
New ssl now support client/server-certificates signed by dsa keys. | |||
2010-05-28 | Added missing Mac check. | Ingela Anderton Andin | |
2010-05-25 | Enhanced protocol version handling. | Ingela Anderton Andin | |
2010-05-21 | Clean up of code | Ingela Anderton Andin | |
2010-05-11 | OTP-8568 RFC -5746 | Ingela Anderton Andin | |
New ssl now supports secure renegotiation as described by RFC 5746. | |||
2010-03-25 | OTP-8517 Renegotiation | Ingela Anderton Andin | |
New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value. | |||
2009-11-20 | The R13B03 release.OTP_R13B03 | Erlang/OTP | |