aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/tls_sender.erl
AgeCommit message (Collapse)Author
2019-02-22ssl: Add debug logging for DTLSPéter Dimitrov
Change-Id: I4858972053436b05b83d72c552974fc9da3843d4
2019-02-21Merge branch 'maint'Raimo Niskanen
* maint: Inline local function Optimize binary matching Clean up module boundaries Remove redundant return of CipherState Use iovec() internally in send path Small binary handling optimizations Optimize read_application_data with Okasaki queue Try to optimize decode_cipher_text/3 Optimize application data aggregation Optimize TLS record parsing with Okasaki queue Cache strong_random_bytes for IV Optimize padding Produce less garbage in encrypt loop Reorganize #data{} Tidy up state machine Add server GC info to bench results Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/ssl_logger.erl lib/ssl/src/ssl_record.erl lib/ssl/src/ssl_record.hrl lib/ssl/src/tls_connection.erl lib/ssl/src/tls_record.erl lib/ssl/src/tls_sender.erl
2019-02-14Clean up module boundariesRaimo Niskanen
Improve the abstraction between the ssl_connection module and dtls_connection, tls_connection and tls_sender, as well as towards the lower level tls_record and ssl_record modules. Remove some dead code.
2019-02-13Use iovec() internally in send pathRaimo Niskanen
2019-02-13Reorganize #data{}Raimo Niskanen
2019-02-13Tidy up state machineRaimo Niskanen
2019-01-29ssl: Improve ssl_loggerPéter Dimitrov
Improve API and delay creation of map arguments for ?LOG_DEBUG macro. Change-Id: I6956112fe64e599d33d83dfdd710cad53b8449e1
2018-12-20Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/tls_connection.erl
2018-12-19ssl: Fix renegotiation with new TLS senderIngela Anderton Andin
Wtite connection state was not synchronized when peer initiated renegotiation
2018-12-14Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/dtls_connection.erl lib/ssl/src/ssl_connection.erl lib/ssl/src/ssl_connection.hrl lib/ssl/src/tls_connection.erl lib/ssl/src/tls_record.erl
2018-12-13ssl: Fix downgradeIngela Anderton Andin
Both test case and code needed updates to work as intended. Code needed update due to new tls_sender process and the test case gave false positive reusult erarlier probably due to beeing to sloopy in order to avoid timeouts.
2018-12-04Merge branch 'maint'Raimo Niskanen
Conflicts: lib/ssl/test/ssl_dist_bench_SUITE.erl
2018-11-30Handle dead sender at terminateRaimo Niskanen
2018-11-23Improve dist send throughputRaimo Niskanen
2018-11-08Merge branch 'maint'Ingela Anderton Andin
2018-11-07ssl: Correct gen_statem return valueIngela Anderton Andin
Could cause renegotiation to fail
2018-11-06ssl: Fix logging in new sender processPéter Dimitrov
Change-Id: I2beb99aab1920d866dcdc91f67fc306fc16e9496
2018-10-11Merge branch 'maint'Ingela Anderton Andin
2018-10-11ssl: Fix up incorrect automatic mergeIngela Anderton Andin
2018-10-11Merge branch 'maint'Ingela Anderton Andin
2018-10-11Merge branch 'ingela/maint/ssl/packet-options-to-tls-sender/OTP-15348' into ↵Ingela Anderton Andin
maint Conflicts: lib/ssl/src/tls_sender.erl
2018-10-11ssl: TLS sender process needs to get updates of the socket option packetIngela Anderton Andin
If the socket option is set to {packet, 1|2|3|4} sender process needs to add a packet length header. If packet is changed with ssl:setopts/2 this needs to be communicated to tls_sender.
2018-10-11Merge branch 'maint'Ingela Anderton Andin
2018-10-10ssl: ERL-738 - Correct alert handling with new TLS sender processIngela Anderton Andin
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in the connection state must be encrypted and sent by the TLS sender process. This to make sure that the correct encryption state is used to encode the ALERTS. Care must also be taken to ensure a graceful close down behavior both for normal shutdown and downgrading from TLS to TCP. The original TR ERL-738 is verified by cowboy tests, and close down behavior by our tests. However we alas have not been able to yet create a minimal test case for the originating problem. Also it seems it has become less likely that we run in to the TCP delivery problem, that is the guarantee is only on transport level, not application level. Keep work around function in ssl_test_lib but we can have better test as long as we do not get to much wobbling tests.
2018-10-10ssl: TLS sender process needs to get updates of the socket option packetIngela Anderton Andin
If the socket option is set to {packet, 1|2|3|4} sender process needs to add a packet length header. If packet is changed with ssl:setopts/2 this needs to be communicated to tls_sender.
2018-10-08Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_connection.erl lib/ssl/src/tls_connection.erl
2018-10-08ssl: ERL-738 - Correct alert handling with new TLS sender processIngela Anderton Andin
With the new TLS sender process, solving ERL-622, TLS ALERTs sent in the connection state must be encrypted and sent by the TLS sender process. This to make sure that the correct encryption state is used to encode the ALERTS. Care must also be taken to ensure a graceful close down behavior both for normal shutdown and downgrading from TLS to TCP. The original TR ERL-738 is verified by cowboy tests, and close down behavior by our tests. However we alas have not been able to yet create a minimal test case for the originating problem. Also it seems it has become less likely that we run in to the TCP delivery problem, that is the guarantee is only on transport level, not application level. Keep work around function in ssl_test_lib but we can have better test as long as we do not get to much wobbling tests.
2018-09-20ssl: Move link to correct processIngela Anderton Andin
The link should be between the connection process and the tls_sender process. But the start of the tls_sender process needs to be done by the process that also starts the connection process in order to correctly create the opaque #ssl_socket{}.
2018-08-27ssl: Improve close handlingIngela Anderton Andin
We want to make sure that the sender process that may get stuck in prim_inet:send will die if the tls_connection process is terminated. And we also like to make sure that it terminates as gracefully as possible. So when the tls_connection process dies it spawns a killer process that will brutaly kill the sender if it is unresponsive and does not terminate due to its monitor of the tls_connetion process triggering. When the sender process also acts as distribution controller it may also have other processess that it is linked with that it should bring down or that could bring the connection down.
2018-08-27ssl: Adopt distribution over TLS to use new sender processIngela Anderton Andin
2018-08-27ssl: Add new sender process for TLS state machineIngela Anderton Andin
Separate sending and receiving when using TCP as transport as prim_inet:send may block which in turn may result in a deadlock between two Erlang processes communicating over TLS, this is especially likely to happen when running Erlang distribution over TLS.