| Age | Commit message (Collapse) | Author |
|---|
|
The current SSL implementation has a PEM cache running through the ssl
manager process, whose primary role is caching CA chains from files on
disk. This is intended as a way to save on disk operation when the
requested certificates are often the same, and those cache values are
both time-bound and reference-counted. The code path also includes
caching the Erlang-formatted certificate as decoded by the public_key
application
The same code path is used for DER-encoded certificates, which are
passed in memory and do not require file access. These certificates are
cached, but not reference-counted and also not shared across
connections.
For heavy usage of DER-encoded certificates, the PEM cache becomes a
central bottleneck for a server, forcing the decoding of every one of
them individually through a single critical process. It is also not
clear if the cache remains useful for disk certificates in all cases.
This commit adds a configuration variable for the ssl application
(bypass_pem_cache = true | false) which allows to open files and decode
certificates in the calling connection process rather than the manager.
When this action takes place, the operations to cache and return data
are replaced to strictly return data.
To provide a transparent behaviour, the 'CacheDbRef' used to keep track
of the certificates in the cache is replaced by the certificates itself,
and all further lookup functions or folds can be done locally.
This has proven under benchmark to more than triple the performance of
the SSL application under load (once the session cache had also been
disabled).
|
|
|
|
Conflicts:
lib/ssl/src/ssl.appup.src
|
|
maint
* lemenkov/kernel/fix-register_ipv6_epmd/PR-1129/OTP-13770:
Respect -proto_dist switch while connection to EPMD
|
|
Conflicts:
OTP_VERSION
erts/doc/src/notes.xml
erts/vsn.mk
lib/common_test/doc/src/notes.xml
lib/common_test/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/src/ssl.appup.src
lib/ssl/vsn.mk
lib/stdlib/test/ets_SUITE.erl
otp_versions.table
|
|
raimo/ssl/version-selection/maint-19/OTP-13753
Conflicts:
lib/ssl/vsn.mk
lib/ssl/src/ssl.appup.src
|
|
Use the list of versions that the server allows and among those choose
the highest version that is not higher than the client's version.
Note that this chosen version might be lower than the client's version,
but is used to improve interoperability.
Patch suggested by Dimitry Borisov refering to RFC 5246 appendix E.1.
|
|
Signed-off-by: Peter Lemenkov <[email protected]>
|
|
In TLS-1.2 the selection of the servers algorithms and the the
possible selection of algorithms for the client certificate verify
message have different requirements.
|
|
Due to 5268c7b957c30c31e551f197463cdd55a792ea69
|
|
* ingela/ssl/dtls-next-step-flights/OTP-13678:
dtls: Avoid dialyzer errors
dtls: add implementation for msg sequence
dtls: Remove TODO
dtls: sync dtls_record DTLS version and crypto handling with TLS
dtls: handle Hello and HelloVerify's in dtls_handshake
dtls: rework/simplify DTLS fragment decoder
dtls: add support first packet and HelloVerifyRequest
dtls: sync handle_info for connection close with TLS
dtls: sync handling of ClientHello with TLS
dtls: rework handshake flight encodeing
dtls: implement next_tls_record
dtls: sync init and initial_state with tls_connection
dtls: update start_fsm for new ssl_connection API
ssl: introduce the notion of flights for dtls and tls
ssl: move available_signature_algs to ssl_handshake
|
|
* legoscia/ssl_crl_hash_dir-bis/PR-982/OTP-13530:
Skip crl_hash_dir_expired test for LibreSSL
Add ssl_crl_hash_dir module
Function for generating OpenSSL-style name hashes
Add public_key:pkix_match_dist_point
Improve formatting for crl_{check,cache} options
Add issuer arg to ssl_crl_cache_api lookup callback
Conflicts:
lib/public_key/test/public_key_SUITE.erl
|
|
Make real solution later. For now we want to move forward without dialyzer
errors.
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_record.erl
|
|
|
|
|
|
|
|
changed:
* initialize deocder state when needed
* remove retransmission indicator support
|
|
The actual user of this API is the UDP socket multiplexer which will
be added later.
Conflicts:
lib/ssl/src/dtls_connection.erl
|
|
|
|
|
|
The MSS might change between sending the a flight and possible
resend. We therefore have to be able to fragment the records
differently for resent.
Encoding and fragmenting of handshake record therefor needs to
be done independently.
With this change the handshake is encoded to it's full length
first, then queued to a flight. The fragmentation is handled
during assembly of the flights datagram.
Conflicts:
lib/ssl/src/dtls_connection.erl
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
|
|
Sync initial_state overall functionality with TLS and
add a few DTLS specific initalizers.
Conflicts:
lib/ssl/src/dtls_connection.erl
|
|
|
|
The flight concept was introduced by DTLS (RFC 4347) to optimize
the packing of DTLS records into UDP packets. This change
implments the flight concept in the the generic SSL connection
logic and add the queue logic to the TLS and DTLS stack.
The DTLS required resend handling is not implemented yet.
While the flight handling is only required for DTSL, it turns
out that the same mechanism can be usefull to TCP based TLS as
well.
With the current scheme each TLS record will be mapped into a
separate TCP frame. This causes more TCP frames to be generate
that necessary. On fast network this will have no impact, but
reducing the number of frames and thereby the number of
round trips can result in significant speedups on slow and
unreliable networks.
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
available_signature_algs is also needed for DTLS, move it
into a shared place and export it.
Conflicts:
lib/ssl/src/tls_handshake.erl
|
|
* ingela/maint/ssl/max-session-table/OTP-13490:
ssl: Mitigate load increase when the whole session table is invalidated
|
|
* joedevivo/maint/ssl/PR-1063/OTP-13635:
ssl:recv timeout() can be 0
|
|
maint-18
* ingela/maint/ssl/tls-1.2-available-hashsigns/OTP-13670:
ssl: ordsets:intersection/2 did not give the expected result
|
|
|
|
Use the negotiated cipher suite's PRF algorithm in calls to
ssl:prf/5, rather than a hard-coded one.
For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This
was correct 100% of the time.
For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256.
This was correct only some of the time for TLS 1.2 and none of the
time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5
through another path, the handshaking process used the negotiated
PRF and did not encounter this bug.
A new test (prf) has been added to ssl_basic_SUITE to guard against future
breakage.
|
|
gen_tcp:recv allows this, and if you're doing something like
Transport:recv(Socket, 0, 0), TCP will work and SSL will exit with
function_clause
There were other cases of this throughout the module. This PR cleans
them all up.
|
|
Turns out we can not count on the "hashsigns" sent by the client and
the supported "hashigns" sets to have required properties of ordsets.
|
|
* ingela/ssl/crl-find-issuer/OTP-13656:
ssl: Propagate error so that public_key crl validation process continues correctly and determines what should happen.
|
|
correctly and determines what should happen.
|
|
These functions call getstat on the underlying TCP socket.
The only way to do this before now was to use a hack, either
by looking inside the #sslsocket{} record directly, or by
not using the SSL listen/accept functions and upgrading
from a TCP socket that is kept around for the purpose of
calling getstat later on.
|
|
* ingela/ssl/unexpected-client-cert/OTP-13651:
ssl: Reject unrequested client cert
|
|
* ingela/ssl/max-session-table/OTP-13490:
ssl: Mitigate load increase when the whole session table is invalidated
|
|
|
|
|
|
ssl servers can recognize sslv2 client hellos to interop with clients
that support higher version of SSL/TLS but also offers sslv2
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
|
|
* ingela/ssl/DH/OTP-13636:
ssl: Stronger default DH prime
|
|
* legoscia/ssl/tls-dist-more-opts/PR-956/OTP-13429:
Quote curly brackets in command line options
Avoid disappearing ETS tables in ssl_dist_SUITE
Fix db handle for TLS distribution crl_cache opts
Fix ssl_dist_SUITE logging on Windows
More logging in ssl_dist_SUITE
TLS distribution: crl_check and crl_cache options
Allow passing verify_fun for TLS distribution
More informative malformed_ssl_dist_opt error
|
|
|
|
|
|
gen_tcp:recv allows this, and if you're doing something like
Transport:recv(Socket, 0, 0), TCP will work and SSL will exit with
function_clause
There were other cases of this throughout the module. This PR cleans
them all up.
|
|
We do not want error reports that can leek secret information
into the logs.
|
|
|
