Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-01-15 | ssl: Prepare for release | Ingela Anderton Andin | |
2014-01-14 | ssl: fix elliptic curve selection in server mode | Andreas Schultz | |
The server code erroneously took the list of curves supported by the client from it's own hello extension, effectively breaking curve selection all together. Also the default fallback secp256k1 curve is not supported by all clients. secp256r1 is recommended as part of the NIST Suite B cryptographic suites. The chances are much better that all clients support it, so use that as fallback. | |||
2014-01-14 | ssl: Prepare for release | Ingela Anderton Andin | |
2014-01-14 | ssl: Add missing options validation of server_name_indication | Ingela Anderton Andin | |
2013-12-02 | ssl: Trap exits | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor connetion handling | Ingela Anderton Andin | |
2013-12-02 | ssl: API and supervisor | Ingela Anderton Andin | |
2013-12-02 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor API | Ingela Anderton Andin | |
New design : ssl - Main tls - Reflect tls specific semantics dtls - Reflect dtls specific semantics | |||
2013-12-02 | ssl, public_key: Dialyzer fixes | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor premaster secret handling | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor connection and handshake handling | Ingela Anderton Andin | |
2013-12-02 | ssl: Refactor handshake and record handling | Ingela Anderton Andin | |
2013-11-06 | Add a new server_name_indication option to ssl:connect | Julien Barbot | |
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS. | |||
2013-11-06 | Add SSL Server Name Indication (SNI) client support | Julien Barbot | |
See RFC 6066 section 3 | |||
2013-10-31 | Remove extraneous dev debug code left in the close function. | Ken Key | |
We do not need a traceback on every close in inet_tls_dist and this breaks using nodetool in control scripts on SSL clustered nodes | |||
2013-10-14 | ssl: Fix dialyzer spec | Ingela Anderton Andin | |
2013-10-14 | ssl: Honor TLS client ECC extension | Ingela Anderton Andin | |
Also the server should only send ECC point formats extension not ECC curve extension. | |||
2013-09-10 | ssl: Prepare for release | Ingela Anderton Andin | |
2013-09-10 | ssl: Refactor TLS/DTLS record handling | Ingela Anderton Andin | |
2013-09-10 | ssl: Dialyzer fixes | Ingela Anderton Andin | |
2013-09-10 | ssl: Solve rebase issues | Ingela Anderton Andin | |
2013-09-10 | ssl: DTLS record handling | Ingela Anderton Andin | |
Also refactor so that TLS and DTLS can have common functions when possible. | |||
2013-09-10 | ssl: Add DTLS record primitives | Andreas Schultz | |
This code is to 99 % written by Andreas Schultz only some small changes to start integrating with OTPs DTLS solution. | |||
2013-09-10 | ssl: Refactor to provide common handshake functions for TLS/DTLS | Ingela Anderton Andin | |
Common functions will be located in ssl_handshake.erl while specific functions will be located in tls_handshake.erl and dtls_handshake.erl | |||
2013-09-10 | ssl: Add DTLS handshake primitivs. | Andreas Schultz | |
This code is to 99 % written by Andreas Schultz only some small changes to start integrating with OTPs DTLS solution. | |||
2013-09-02 | ssl: Do not advertise support for algorithms not supported by crypto | Ingela Anderton Andin | |
2013-09-02 | ssl: Skip second length indicator in EC extensions | Ingela Anderton Andin | |
We have no need to care about the value of this length indicator so we do not need to match it or verify it, it is unnecessary work. | |||
2013-09-02 | ssl: Handle signature_algorithm field in digitally_signed properly | Ingela Anderton Andin | |
with proper defaults Added ssl_ECC_SUITE | |||
2013-08-28 | ssl: Make the ssl manager name for erlang distribution over SSL/TLS | Ingela Anderton Andin | |
relative to the module name of the ssl_manager. This can be beneficial when making tools that rename modules for internal processing in the tool. | |||
2013-08-23 | Merge branch 'maint-r16' into maint | Fredrik Gustafsson | |
2013-08-23 | Merge branch 'maint-r15' into maint-r16 | Fredrik Gustafsson | |
Conflicts: lib/inets/doc/src/notes.xml lib/inets/src/http_lib/http_transport.erl lib/inets/src/inets_app/inets.appup.src lib/inets/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/src/ssl.appup.src lib/ssl/src/ssl.erl lib/ssl/src/ssl_internal.hrl lib/ssl/src/tls_connection.erl lib/ssl/vsn.mk | |||
2013-08-21 | [inets, ssl]: make log_alert configurable as option in ssl, SSLLogLevel ↵ | Fredrik Gustafsson | |
added as option to inets conf file | |||
2013-08-12 | Merge branch 'ia/ssl/header-bug/OTP-11230' into maint | Ingela Anderton Andin | |
* ia/ssl/header-bug/OTP-11230: ssl: Revert faulty header option fix | |||
2013-08-08 | ssl: Revert faulty header option fix | Ingela Anderton Andin | |
The code was changed in the belife that it made it inet compatible. However the testing is a bit hairy as the inet option is acctualy broken, now the tests are corrected and the header option should work in the same broken way as inet again, preferably use the bitsyntax instead. | |||
2013-08-07 | ssl: Setopts during renegotiation caused the renegotiation to be unsuccessful. | Ingela Anderton Andin | |
If calling setopts during a renegotiation the FSM state might change during the handling of the setopts messages, this is now handled correctly. | |||
2013-06-10 | Merge branch 'ia/public_key/crypto/prepare-for-release' into maint | Ingela Anderton Andin | |
* ia/public_key/crypto/prepare-for-release: public_key & ssl: Add ASN-1 dependency crypto & public_key: prepare for release | |||
2013-06-10 | Merge branch 'ia/ssl/public_key/warnings' into maint | Ingela Anderton Andin | |
* ia/ssl/public_key/warnings: ssl: Correct rebase mistakes | |||
2013-06-07 | public_key & ssl: Add ASN-1 dependency | Ingela Anderton Andin | |
As the ASN-1 application relies on a nif in R16 for decodeing (that was not the case in R15), public_key currently has a runtime dependency on ASN-1. Hopefully we will be able to remove this dependency again in the future. | |||
2013-06-07 | ssl: Fix dialyzer warnings | Ingela Anderton Andin | |
2013-06-07 | ssl: Correct rebase mistakes | Ingela Anderton Andin | |
2013-06-05 | ssl: Prepare for release | Ingela Anderton Andin | |
2013-06-04 | ssl: Structural perarparation to support DTLS | Ingela Anderton Andin | |
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl | |||
2013-06-04 | ssl: Rename ssl_certificate_db to ssl_pkix_db for clarity | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/ssl.app.src lib/ssl/src/ssl_manager.erl | |||
2013-05-28 | ssl: Do not advertise EC ciphers if crypto support is insufficient | Ingela Anderton Andin | |
2013-05-24 | ssl: Remove unused `srp_parameters` type spec | Klaus Trainer | |
As the file 'lib/ssl/src/ssl_srp_primes.hrl' only contains a specification of a `srp_parameters` type that isn't exported and also isn't referenced anywhere (neither in the code nor in the documentation), the type specification (and hence the file as well) can be removed. | |||
2013-05-20 | ssl, public_key, crypto: crypto:algorithms/0 -> crypto:supports/0 | Ingela Anderton Andin | |
2013-05-20 | ssl: Remove use of deprecated crypto functions | Ingela Anderton Andin | |
2013-05-08 | ssl: Fix dialyzer spec | Ingela Anderton Andin | |
2013-05-08 | ssl: Only send ECC-hello extension if ECC-cipher suites are advertised | Ingela Anderton Andin | |