Age | Commit message (Collapse) | Author |
|
|
|
|
|
This is a preparation for improvements to come in option handling and
support for TLS-1.3
|
|
|
|
When the server_name_indication is sent automatize the
clients check of that the hostname is present in the
servers certificate. Currently server_name_indication shall
be on the dns_id format. If server_name_indication is disabled
it is up to the user to do its own check in the verify_fun.
|
|
|
|
* fix-source-typos: (25 commits)
Fixed typos in system/doc
Fixed typos in lib/xmerl
Fixed typos in lib/wx
Fixed typos in lib/stdlib
Fixed typos in lib/snmp
Fixed typos in lib/ssl
Fixed typos in lib/ssh
Fixed typos in PKCS-8.asn1 file
Fixed typos in lib/parsetools
Fixed typos in lib/orber
Fixed typos in lib/mnesia
Fixed typos in lib/megaco
Fixed typos in lib/kernel
Fixed typos in lib/jinterface
Fixed typos in lib/inets
Fixed typos in lib/hipe
Fixed typos in lib/eunit
Fixed typos in lib/erl_interface
Fixed typos in lib/eldap
Fixed typos in lib/edoc
...
|
|
|
|
Valid SSL 3.0 or TLS hellos might accidentally match SSL 2.0 format
(and sometimes the other way around before inspecting data)
so we need to match SSL 3.0 and TLS first and only match SSL 2.0
hellos when flag to support it is set.
|
|
|
|
As per RFC 4492 Sec 5.1, the preferred order of selection of named
curves is based on client preferences.
Currently, the SSL application only picks entries according to the
absolute order of entries as tracked in a hardcoded list in code.
This patch changes things so that the client-specified order is
preferred. It also allows a mode where the server can be configured to
override the client's preferred order with its own, although the chosen
ECC must still be within both lists.
The configuration is done through the following options:
- `eccs`, shared by clients and servers alike, allows the specification
of the supported named curves, in their preferred order, and may
eventually support more values for explicit primes and so on.
- `honor_ecc_order`, a server-only option, is similar to
`honor_cipher_order` and will, by default let the server pick the
client-preferred ECC, and otherwise pick the server-preferred one.
The default value for `eccs` is the same as before, although the
server-chosen ECC now defaults to the client rather than previous
choice.
A function `ssl:eccs()` has been added that returns the highest
supported ECCs for the library.
|
|
|
|
|
|
available_signature_algs is also needed for DTLS, move it
into a shared place and export it.
Conflicts:
lib/ssl/src/tls_handshake.erl
|
|
ssl servers can recognize sslv2 client hellos to interop with clients
that support higher version of SSL/TLS but also offers sslv2
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
There are a lot of cases where `ssl` application just returns unhelpful
`handshake failure` or `internal error`. This patch tries to provide
better diagnostics so operator can debug his SSL misconfiguration
without doing hardcore erlang debugging.
Here is an example escript that incorrectly uses server certificate as a
client one:
https://gist.github.com/binarin/35c34c2df7556bf04c8a878682ef3d67
With the patch it is properly reported as an error in "extended key
usage".
|
|
Turns out we can not count on the "hashsigns" sent by the client and
the supported "hashigns" sets to have required properties of ordsets.
|
|
The guard should check that the TLS version is at least TLS-1.2.
|
|
In TLS-1.2 The signature algorithm and the hash function algorithm
used to produce the digest that is used when creating the digital signature
may be negotiated through the signature algorithm extension RFC 5246.
We want to make these algorithm pairs configurable.
In connections using lower versions of TLS these algorithms are
implicit defined and can not be negotiated or configured.
DTLS is updated to not cause dialyzer errors, but needs to get a real
implementation later.
|
|
|
|
|
|
This commit adds support for RFC7301, application-layer protocol
negotiation. ALPN is the standard based approach to the NPN
extension, and is required for HTTP/2.
ALPN lives side by side with NPN and provides an equivalent
feature but in this case it is the server that decides what
protocol to use, not the client.
When both ALPN and NPN are sent by a client, and the server is
configured with both ALPN and NPN options, ALPN will always
take precedence. This behavior can also be found in the OpenSSL
implementation of ALPN.
ALPN and NPN share the ssl:negotiated_protocol/1 function for
retrieving the negotiated protocol. The previously existing
function ssl:negotiated_next_protocol/1 still exists, but has
been deprecated and removed from the documentation.
The tests against OpenSSL require OpenSSL version 1.0.2+.
|
|
|
|
|
|
Conflicts:
lib/ssl/src/dtls_record.erl
|
|
did not support secure renegotiation
|
|
|
|
|
|
See RFC 6066 section 3
|
|
|
|
Also the server should only send ECC point formats extension not ECC curve
extension.
|
|
|
|
|
|
Also refactor so that TLS and DTLS can have common functions when possible.
|
|
Common functions will be located in ssl_handshake.erl while
specific functions will be located in tls_handshake.erl and dtls_handshake.erl
|
|
|
|
We have no need to care about the value of this length indicator so
we do not need to match it or verify it, it is unnecessary work.
|
|
with proper defaults
Added ssl_ECC_SUITE
|
|
|
|
Also phase in tls module as main API instead of ssl. To
make API clearer. As TLS is the new protocol name.
Maybe keep some API functions in ssl
|