aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src
AgeCommit message (Collapse)Author
2016-06-13ssl: move available_signature_algs to ssl_handshakeAndreas Schultz
available_signature_algs is also needed for DTLS, move it into a shared place and export it. Conflicts: lib/ssl/src/tls_handshake.erl
2016-06-09Merge branch 'ingela/ssl/crl-find-issuer/OTP-13656'Ingela Anderton Andin
* ingela/ssl/crl-find-issuer/OTP-13656: ssl: Propagate error so that public_key crl validation process continues correctly and determines what should happen.
2016-06-09ssl: Propagate error so that public_key crl validation process continuesIngela Anderton Andin
correctly and determines what should happen.
2016-06-09Add ssl:getstat/1 and ssl:getstat/2Loïc Hoguin
These functions call getstat on the underlying TCP socket. The only way to do this before now was to use a hack, either by looking inside the #sslsocket{} record directly, or by not using the SSL listen/accept functions and upgrading from a TCP socket that is kept around for the purpose of calling getstat later on.
2016-06-07Merge branch 'ingela/ssl/unexpected-client-cert/OTP-13651'Ingela Anderton Andin
* ingela/ssl/unexpected-client-cert/OTP-13651: ssl: Reject unrequested client cert
2016-06-07Merge branch 'ingela/ssl/max-session-table/OTP-13490'Ingela Anderton Andin
* ingela/ssl/max-session-table/OTP-13490: ssl: Mitigate load increase when the whole session table is invalidated
2016-06-03ssl: Reject unrequested client certIngela Anderton Andin
2016-06-03ssl: Mitigate load increase when the whole session table is invalidatedIngela Anderton Andin
2016-06-03ssl: Add option to phase out support for sslv2 client helloIngela Anderton Andin
ssl servers can recognize sslv2 client hellos to interop with clients that support higher version of SSL/TLS but also offers sslv2 Conflicts: lib/ssl/src/tls_connection.erl
2016-06-01ssl: simplyfy code using gen_statemIngela Anderton Andin
2016-06-01Merge branch 'ingela/ssl/DH/OTP-13636'Ingela Anderton Andin
* ingela/ssl/DH/OTP-13636: ssl: Stronger default DH prime
2016-06-01Merge branch 'legoscia/ssl/tls-dist-more-opts/PR-956/OTP-13429'Raimo Niskanen
* legoscia/ssl/tls-dist-more-opts/PR-956/OTP-13429: Quote curly brackets in command line options Avoid disappearing ETS tables in ssl_dist_SUITE Fix db handle for TLS distribution crl_cache opts Fix ssl_dist_SUITE logging on Windows More logging in ssl_dist_SUITE TLS distribution: crl_check and crl_cache options Allow passing verify_fun for TLS distribution More informative malformed_ssl_dist_opt error
2016-06-01ssl: Stronger default DH primeIngela Anderton Andin
2016-06-01ssl: Update runtime dependency due to use of gen_statemIngela Anderton Andin
2016-05-31ssl:recv timeout() can be 0Joe DeVivo
gen_tcp:recv allows this, and if you're doing something like Transport:recv(Socket, 0, 0), TCP will work and SSL will exit with function_clause There were other cases of this throughout the module. This PR cleans them all up.
2016-05-31ssl: Remove error logger reportsIngela Anderton Andin
We do not want error reports that can leek secret information into the logs.
2016-05-31ssl: Better error handling of keys rejected by cryptoIngela Anderton Andin
2016-05-31Improve SSL diagnosticsAlexey Lebedeff
There are a lot of cases where `ssl` application just returns unhelpful `handshake failure` or `internal error`. This patch tries to provide better diagnostics so operator can debug his SSL misconfiguration without doing hardcore erlang debugging. Here is an example escript that incorrectly uses server certificate as a client one: https://gist.github.com/binarin/35c34c2df7556bf04c8a878682ef3d67 With the patch it is properly reported as an error in "extended key usage".
2016-05-27Merge branch 'kennethlakin/beast-mitigation-options/PR-1041/OTP-13629'Ingela Anderton Andin
* kennethlakin/beast-mitigation-options/PR-1041/OTP-13629: ssl: Add BEAST mitigation selection option
2016-05-26ssl: Add BEAST mitigation selection optionKenneth Lakin
Some legacy TLS 1.0 software does not tolerate the 1/n-1 content split BEAST mitigation technique. This commit adds a beast_mitigation SSL option (defaulting to one_n_minus_one) to select or disable the BEAST mitigation technique. Valid option values are (one_n_minus_one | zero_n | disabled).
2016-05-25Use the -epmd_module flag consistentlyMagnus Henoch
If the -epmd_module flag has been specified on the command line, use that module to register and look up node names instead of the default, erl_epmd. Also document this option.
2016-05-20ssl: Send correct close messageIngela Anderton Andin
2016-05-19ssl: Setopts should be allowed in all statesIngela Anderton Andin
2016-05-12ssl: Refactor to make code easier to understandIngela Anderton Andin
2016-05-10ssl: ordsets:intersection/2 did not give the expected resultIngela Anderton Andin
Turns out we can not count on the "hashsigns" sent by the client and the supported "hashigns" sets to have required properties of ordsets.
2016-05-09Merge branch 'kennethlakin/tls-use-negotiated-prf/PR-1042/OTP-13546'Ingela Anderton Andin
* kennethlakin/tls-use-negotiated-prf/PR-1042/OTP-13546: ssl: Use cipher suite's PRF in prf/5
2016-05-05ssl: Add reinitialization of handshake data lost in gen_statem refactorizationIngela Anderton Andin
2016-05-05ssl: Use cipher suite's PRF in prf/5Kenneth Lakin
Use the negotiated cipher suite's PRF algorithm in calls to ssl:prf/5, rather than a hard-coded one. For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This was correct 100% of the time. For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256. This was correct only some of the time for TLS 1.2 and none of the time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5 through another path, the handshaking process used the negotiated PRF and did not encounter this bug. A new test (prf) has been added to ssl_basic_SUITE to guard against future breakage.
2016-05-03ssl: Adapt DTLS to gen_statemIngela Anderton Andin
DTLS is not in working mode yet, but the gen_statem rewrite should make completion easier.
2016-05-03ssl: Use gen_statem instead of gen_fsmIngela Anderton Andin
Also reduce timing issues in tests
2016-05-02Merge branch 'ingela/ssl-max-session-table/OTP-13490'Ingela Anderton Andin
* ingela/ssl-max-session-table/OTP-13490: ssl: Adjust max table to work as expected from documentation
2016-05-02Merge branch 'ingela/ssl/signature_algs_bug'Ingela Anderton Andin
* ingela/ssl/signature_algs_bug: ssl: Correct guard expression
2016-05-02Merge branch 'ingela/ssl/cipher_suites'Ingela Anderton Andin
* ingela/ssl/cipher_suites: ssl: Correct cipher suites conversion
2016-04-29ssl: Correct guard expressionIngela Anderton Andin
The guard should check that the TLS version is at least TLS-1.2.
2016-04-29ssl: Correct cipher suites conversionIngela Anderton Andin
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb
2016-04-27Merge branch 'maint-18'Henrik Nord
Conflicts: OTP_VERSION lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl_cipher.erl lib/ssl/src/tls_v1.erl lib/ssl/test/ssl_basic_SUITE.erl
2016-04-26Merge branch 'ingela/ssl/config-signature-algs/OTP-13261' into maint-18Erlang/OTP
* ingela/ssl/config-signature-algs/OTP-13261: ssl: Prepare for release ssl: Add option signature_algs
2016-04-25ssl: Corrections to cipher suite handlingIngela Anderton Andin
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2016-04-25ssl: Remove use of crypto:rand_bytes/1Ingela Anderton Andin
ssl already used crypto:strong_rand_bytes/1 for most operations as its use cases are mostly cryptographical. Now crypto:strong_rand_bytes/1 will be used everywhere. However crypto:rand_bytes/1 was used as fallback if crypto:strong_rand_bytes/1 throws low_entropy, this will no longer be the case. This is a potential incompatibility. The fallback was introduced a long time ago for interoperability reasons. Now days this should not be a problem, and if it is, the security compromise is not acceptable anyway.
2016-04-22ssl: Corrections to cipher suite handlingIngela Anderton Andin
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples
2016-04-14ssl: Adjust max table to work as expected from documentationIngela Anderton Andin
The session table max size should be the configurable value Max and not Max + 1.
2016-04-13Merge branch 'henrik/update-copyrightyear'Henrik Nord
* henrik/update-copyrightyear: update copyright-year
2016-04-06ssl: Prepare for releaseIngela Anderton Andin
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-04-06ssl: Remove default support for use of md5 in TLS 1.2 signature algorithmsIngela Anderton Andin
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-03-24TLS distribution: shut down accept process cleanlyMagnus Henoch
In ssl_tls_dist_proxy:accept_loop/3, handle {error, closed} by exiting normally. This prevents a spurious error report at node shutdown.
2016-03-17TLS distribution: crl_check and crl_cache optionsMagnus Henoch
Allow specifying the crl_check and crl_cache options for TLS distribution connections.
2016-03-17Allow passing verify_fun for TLS distributionMagnus Henoch
Accept a value of the form {Module, Function, State} from the command line. This is different from the {Fun, State} that ssl:connect etc expect, since there's no clean way to parse a fun from a command line argument.
2016-03-17More informative malformed_ssl_dist_opt errorMagnus Henoch