aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/ssl_record.erl
AgeCommit message (Collapse)Author
2016-05-26ssl: Add BEAST mitigation selection optionKenneth Lakin
Some legacy TLS 1.0 software does not tolerate the 1/n-1 content split BEAST mitigation technique. This commit adds a beast_mitigation SSL option (defaulting to one_n_minus_one) to select or disable the BEAST mitigation technique. Valid option values are (one_n_minus_one | zero_n | disabled).
2016-04-25ssl: Remove use of crypto:rand_bytes/1Ingela Anderton Andin
ssl already used crypto:strong_rand_bytes/1 for most operations as its use cases are mostly cryptographical. Now crypto:strong_rand_bytes/1 will be used everywhere. However crypto:rand_bytes/1 was used as fallback if crypto:strong_rand_bytes/1 throws low_entropy, this will no longer be the case. This is a potential incompatibility. The fallback was introduced a long time ago for interoperability reasons. Now days this should not be a problem, and if it is, the security compromise is not acceptable anyway.
2016-03-15update copyright-yearHenrik Nord
2016-02-05ssl: Big handshake messages needs to be fragmented on TLS record levelIngela Anderton Andin
2015-06-18Change license text to APLv2Bruce Yinhe
2015-01-23ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin
disable option
2014-09-03ssl: implement AES128-GCM suitesAndreas Schultz
2014-04-17ssl: Correct decryption error handlingIngela Anderton Andin
2014-03-25ssl: Improve type specsIngela Anderton Andin
Conflicts: lib/ssl/src/dtls_record.erl
2014-03-25ssl: Refactor and start implementing dtls_connection.erlIngela Anderton Andin
2013-12-02ssl: Refactor handshake and record handlingIngela Anderton Andin
2013-09-10ssl: Refactor TLS/DTLS record handlingIngela Anderton Andin
2013-09-10ssl: DTLS record handlingIngela Anderton Andin
Also refactor so that TLS and DTLS can have common functions when possible.
2013-06-04ssl: Structural perarparation to support DTLSIngela Anderton Andin
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl
2013-05-20ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0Ingela Anderton Andin
2013-05-08ssl: Make better use of the crypto APIIngela Anderton Andin
Use the functions in crypto that we want to keep in the API.
2013-03-05ssl: Check that negotiated version is a supported version.Ingela Anderton Andin
2012-12-20ssl: Make TLS-1.2 default versionIngela Anderton Andin
2012-08-22ssl: TLS-1.1 and TLS-1.2 support should not be default until R16Ingela Anderton Andin
2012-08-22ssl: Enable TLS 1.2Andreas Schultz
2012-08-22ssl: Enable mac_hash for TLS 1.2Andreas Schultz
2012-08-22ssl: Fix PRF logicIngela Anderton Andin
2012-08-22ssl: Consider TLS version when building cipher blocksAndreas Schultz
With TLS 1.2 the handling of the IV in cipher blocks changed. This prepares ssl_cipher:cipher/5 for that change by passing the TLS version into it and allowing generic_block_cipher_from_bin/4 to overload the IV.
2011-12-05Do not do the 1/n-1 split for RC4 as it is not vulnerable to the ↵Ingela Anderton Andin
Rizzo/Duong-Beast attack.
2011-11-23Implementation of 1/n-1 splitting countermeasure Rizzo/Duong-BeastIngela Anderton Andin
The code is refactored and improved to make it easier to insert the 1/n-1 splitting countermeasure Rizzo/Duong-Beast that is really done in one function clause in ssl:record_split_bin/3
2011-08-08replace "a ssl" with "an ssl"Christian von Roques
2011-06-07Prevention of denial of service attackIngela Anderton Andin
2010-11-30Fixed guard and test caseIngela Anderton Andin
Data to sign and verify should be inputed as binaries. Also cleaned up and moved some dialyzer specs.
2010-11-18Added alert in stream cipher case.Ingela Anderton Andin
Also changed alert to BAD_RECORD_MAC as: "differentiating between bad_record_mac and decryption_failed alerts may permit certain attacks against CBC mode as used in TLS [CBCATT]. It is preferable to uniformly use the bad_record_mac alert to hide the specific type of the error." Also cleaned up the code and changed a few other alert reasons in according to alert descriptions in the TLS RFC 4346. And added function terminate_alert/3 so that we can differentiate between a crash in ssl (a bug in our code) and a crash in the application using ssl.
2010-09-15Corrected and added dialyzer specsIngela Anderton Andin
2010-08-23Revise the public_key APIIngela Anderton Andin
Cleaned up and documented the public_key API to make it useful for general use.
2010-06-22Added more -spec definitions.Ingela Anderton Andin
2010-06-07OTP-8587 DSA key supportIngela Anderton Andin
New ssl now support client/server-certificates signed by dsa keys.
2010-05-28Added missing Mac check.Ingela Anderton Andin
2010-05-25Enhanced protocol version handling.Ingela Anderton Andin
2010-05-21Clean up of codeIngela Anderton Andin
2010-05-11OTP-8568 RFC -5746Ingela Anderton Andin
New ssl now supports secure renegotiation as described by RFC 5746.
2010-03-25OTP-8517 RenegotiationIngela Anderton Andin
New ssl now properly handles ssl renegotiation, and initiates a renegotiation if ssl/ltls-sequence numbers comes close to the max value.
2009-11-20The R13B03 release.OTP_R13B03Erlang/OTP