| Age | Commit message (Collapse) | Author |
|---|
|
Extention handling need some fixes to work
correctly for ALPN and SSL-3.0 only client/servers
do not support extensions
|
|
|
|
* peterdmv/ssl/doc-types-and-specs/OTP-15746:
ssl: Add type specs for http_packet()
ssl: Fix type specs of ssl_internal.hrl
ssl: Fix type specs of internal handshake functions
ssl: Fix dialyzer warnings
eldap: Fix dialyzer warnings
ssl: Fix missing anchor warning
public_key: Accept digest types 'sha1' and 'sha'
inet: Document type inet:stat_option()
ssl: Changed function specs and ssl.xml
ssl: Update standards_compliance.xml
OTP-15775
OTP-15776
OTP-15777
Change-Id: Ibe8e8263d6557eaa40cc0681a7ce3fcb373a4120
|
|
Change-Id: I99cd0bebd80b3e55fd522457fa126e5bc198657b
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher_format.erl
lib/ssl/src/tls_handshake.erl
|
|
|
|
Improve API and delay creation of map arguments for ?LOG_DEBUG
macro.
Change-Id: I6956112fe64e599d33d83dfdd710cad53b8449e1
|
|
Change-Id: I9269825c833d1461369828a9228f384ccf2543a9
|
|
Change-Id: I465760b7001692367c68839219745e40abafdfa8
|
|
Conflicts:
lib/ssl/src/ssl_handshake.erl
|
|
Use throw stratgy for erro handling in extension handling. Makes code consistent and easier to refactor.
Also fixes bug that an incorrect return value for gen_statem could be created when alert was a result
of handling renegotiation info extension.
|
|
This change adds the capability to the TLS 1.3 server to process
ClientHello messages and answer with ServerHello.
Change-Id: I13f6cfac932574300338e7301c6162252a591c70
|
|
Change-Id: Ie7409675dd7a35825f32822df259286bbb95fd62
|
|
Change-Id: I4b382a7907247cc2099951fdefa40f1511b1123e
|
|
Implement handling of the signature algorithms extension described by
RFC 8446. This commit updates the behavior of legacy TLS versions to
align them with RFC 8446 (TLS 1.3) and RFC 5246 (TLS 1.2).
- TLS 1.0/1.1 clients validate the client certificate against the
certificate_type field of the CertificateRequest message.
- TLS 1.2 client verifies the hash/signature algorithm pair of the
client certificate when processing a CertificateRequest. Old
behavior only checked the signature algorithms.
- TLS 1.2 server verifies that the server certificate is signed by
a hash/signature algorithm pair that appears in the
"singature_algorithms" or "signature_algorithms_cert" (RFC 8446)
extensions of the ClientHello.
Change-Id: I3e0a0d7408984f5e5b1233968934fe34d64eb2b7
|
|
As TLS 1.3 introduces more extensions in other places than in hello messages
we like to have generalize extension handling encode/decode with some
hello wrappers.
Also extend property tests of handshake encod/decode
|
|
Property testing revealed an decoding error of "compression_methods"
in the client hello. As we do not implement any compression methods
this has no practical impact.
|
|
|
|
Conflicts:
lib/ssl/src/ssl_cipher.erl
|
|
The conversion code for different representations of cipher suites
is long an repetitive. We want to hide it in a module that does not
have other functions that we like to look at.
|
|
|
|
If negotiating TLS 1.2, TLS 1.3 servers MUST set the last eight bytes
of their Random value to the bytes:
44 4F 57 4E 47 52 44 01
If negotiating TLS 1.1 or below, TLS 1.3 servers MUST and TLS 1.2
servers SHOULD set the last eight bytes of their Random value to the
bytes:
44 4F 57 4E 47 52 44 00
Change-Id: If35112f63f42a9af351f4ca9b1846fd3f5b08167
|
|
Update hello state to handle the "supported_versions" extension
defined by TLS 1.3:
- If "supported_versions" is present in ServerHello, the client
will aboirt the handshake with an "illegal_parameter" alert.
- If "supported_versions" is present in ClientHello, the server
will select a version from "supported_versions" and ignore
ClientHello.legacy_version. If it only supports versions
greater than "supported_versions", the server aborts the
handshake with a "protocol_version" alert.
- If "supported_versions" is absent in ClientHello, the server
negotiates the minimum of ClientHello.legacy_version and
TLS 1.2. If it only supports version greater than
ClientHello.legacy_version, the server aborts the handshake
with a "protocol_version" alert.
Change-Id: I16eef15d77bf21209c6cc103546ddddca518483b
|
|
|
|
- Introduce stateful logging levels to the ssl application:
The SSL option 'log_alert' sets log level to notice/warning
if it is set to true/false. Default log level is notice.
- Add new SSL option 'log_level' that overrides the value of
'log_alert'. Default value is notice.
- 'log_level' debug triggers verbose logging of TLS protocol
messages and logging of ignored alerts in DTLS.
Change-Id: I28d3f4029a5d504ec612abe4b9ae0b7d9b115197
|
|
Change-Id: Id52990a105c81373c7c6034df9a2675f9d0e429a
|
|
- Add logging for TLS Handshake messages.
- Remove version from the input map used in format/2.
Change-Id: I1a8a3dbe5854d3b25cca33e9a6634ac9a53d5867
|
|
|
|
|
|
|
|
This is a preparation for improvements to come in option handling and
support for TLS-1.3
|
|
|
|
When the server_name_indication is sent automatize the
clients check of that the hostname is present in the
servers certificate. Currently server_name_indication shall
be on the dns_id format. If server_name_indication is disabled
it is up to the user to do its own check in the verify_fun.
|
|
|
|
* fix-source-typos: (25 commits)
Fixed typos in system/doc
Fixed typos in lib/xmerl
Fixed typos in lib/wx
Fixed typos in lib/stdlib
Fixed typos in lib/snmp
Fixed typos in lib/ssl
Fixed typos in lib/ssh
Fixed typos in PKCS-8.asn1 file
Fixed typos in lib/parsetools
Fixed typos in lib/orber
Fixed typos in lib/mnesia
Fixed typos in lib/megaco
Fixed typos in lib/kernel
Fixed typos in lib/jinterface
Fixed typos in lib/inets
Fixed typos in lib/hipe
Fixed typos in lib/eunit
Fixed typos in lib/erl_interface
Fixed typos in lib/eldap
Fixed typos in lib/edoc
...
|
|
|
|
Valid SSL 3.0 or TLS hellos might accidentally match SSL 2.0 format
(and sometimes the other way around before inspecting data)
so we need to match SSL 3.0 and TLS first and only match SSL 2.0
hellos when flag to support it is set.
|
|
|
|
As per RFC 4492 Sec 5.1, the preferred order of selection of named
curves is based on client preferences.
Currently, the SSL application only picks entries according to the
absolute order of entries as tracked in a hardcoded list in code.
This patch changes things so that the client-specified order is
preferred. It also allows a mode where the server can be configured to
override the client's preferred order with its own, although the chosen
ECC must still be within both lists.
The configuration is done through the following options:
- `eccs`, shared by clients and servers alike, allows the specification
of the supported named curves, in their preferred order, and may
eventually support more values for explicit primes and so on.
- `honor_ecc_order`, a server-only option, is similar to
`honor_cipher_order` and will, by default let the server pick the
client-preferred ECC, and otherwise pick the server-preferred one.
The default value for `eccs` is the same as before, although the
server-chosen ECC now defaults to the client rather than previous
choice.
A function `ssl:eccs()` has been added that returns the highest
supported ECCs for the library.
|
|
|
|
|
|
available_signature_algs is also needed for DTLS, move it
into a shared place and export it.
Conflicts:
lib/ssl/src/tls_handshake.erl
|
|
ssl servers can recognize sslv2 client hellos to interop with clients
that support higher version of SSL/TLS but also offers sslv2
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
There are a lot of cases where `ssl` application just returns unhelpful
`handshake failure` or `internal error`. This patch tries to provide
better diagnostics so operator can debug his SSL misconfiguration
without doing hardcore erlang debugging.
Here is an example escript that incorrectly uses server certificate as a
client one:
https://gist.github.com/binarin/35c34c2df7556bf04c8a878682ef3d67
With the patch it is properly reported as an error in "extended key
usage".
|
|
Turns out we can not count on the "hashsigns" sent by the client and
the supported "hashigns" sets to have required properties of ordsets.
|
|
The guard should check that the TLS version is at least TLS-1.2.
|
|
In TLS-1.2 The signature algorithm and the hash function algorithm
used to produce the digest that is used when creating the digital signature
may be negotiated through the signature algorithm extension RFC 5246.
We want to make these algorithm pairs configurable.
In connections using lower versions of TLS these algorithms are
implicit defined and can not be negotiated or configured.
DTLS is updated to not cause dialyzer errors, but needs to get a real
implementation later.
|
