Age | Commit message (Collapse) | Author |
|
|
|
This commit adds support for RFC7301, application-layer protocol
negotiation. ALPN is the standard based approach to the NPN
extension, and is required for HTTP/2.
ALPN lives side by side with NPN and provides an equivalent
feature but in this case it is the server that decides what
protocol to use, not the client.
When both ALPN and NPN are sent by a client, and the server is
configured with both ALPN and NPN options, ALPN will always
take precedence. This behavior can also be found in the OpenSSL
implementation of ALPN.
ALPN and NPN share the ssl:negotiated_protocol/1 function for
retrieving the negotiated protocol. The previously existing
function ssl:negotiated_next_protocol/1 still exists, but has
been deprecated and removed from the documentation.
The tests against OpenSSL require OpenSSL version 1.0.2+.
|
|
|
|
|
|
Conflicts:
lib/ssl/src/dtls_record.erl
|
|
did not support secure renegotiation
|
|
|
|
|
|
See RFC 6066 section 3
|
|
|
|
Also the server should only send ECC point formats extension not ECC curve
extension.
|
|
|
|
|
|
Also refactor so that TLS and DTLS can have common functions when possible.
|
|
Common functions will be located in ssl_handshake.erl while
specific functions will be located in tls_handshake.erl and dtls_handshake.erl
|
|
|
|
We have no need to care about the value of this length indicator so
we do not need to match it or verify it, it is unnecessary work.
|
|
with proper defaults
Added ssl_ECC_SUITE
|
|
|
|
Also phase in tls module as main API instead of ssl. To
make API clearer. As TLS is the new protocol name.
Maybe keep some API functions in ssl
|