| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: Ic4895195569073916f158a06b95061939f15cfc0
|
|
Changed function specs and ssl.xml for generation of documentation
according to the new way.
Change-Id: I17b59b80f9072c3d2c20aea1b102f1e9c86987a0
|
|
|
|
* ingela/ssl/cipher-suite-conversions:
ssl: Add functions to convert between diffrent cipher suite formats
|
|
|
|
Fix dtls_connection:handle_info/3 to correctly match the Socket
in static_env.
Change-Id: Iddaad0514c2413abac6d9a06292556e07acc7729
|
|
* peterdmv/ssl/fix-tls13-handshake/ERL-908/OTP-15759:
ssl: Add chacha ciphers to openssl_suite_name/1
ssl: Filter signature_schemes before usage
ssl: Handle legacy algorithms in signature_scheme/1
Change-Id: I4caa0fb21324aceb1d3502d33e61e99bd915d9c4
|
|
Change-Id: I2f2cc8c64f02b50773eb455770336b159da7b9f9
|
|
Filter unassigned and legacy elements from signature_scheme_list
before further processing.
Change-Id: I0a2623e53c21cebe6e736e7eee6bb6354fc698b7
|
|
Handle legacy signature algorithms in TLS 1.3 ClientHello to
improve debug logging.
Change-Id: If5548c828aabab83a2b147dffa7e937bd98916c6
|
|
Change-Id: I03d8bb7b45fc48b3d5b0232c4c3a286fb36aad5c
|
|
Change-Id: I559624bedf3b9b9ed0316af5262f59bcad8de926
|
|
Change-Id: Icc99d5f3b8c667107926603e9d546d7198bd098d
|
|
Change-Id: Ic6606206b9c48489ead46bf2f8a982cf06ccc2e3
|
|
* peterdmv/ssl/fix-chacha-ciphers:
ssl: Fix Chacha20 IV length and nonce calculation
Change-Id: I69b88bcfe0e9a6b9157884e9df049e15f4a35b95
|
|
* peterdmv/ssl/fix-key-share-decoding:
ssl: Fix decoding of the key_share extension
Change-Id: I2b772bb1e50b841f9154206b1170330d51c7ba94
|
|
* peterdmv/ssl/update-chacha-ciphers:
ssl: Update Chacha20-Poly1305 cipher suite codes
Change-Id: I0a3c48d7eb30d7c8fae2afdc4eaa68e909a474ea
|
|
This commit fixes the IV length (12 bytes) and the calculation of
the nonce for the Chacha20-Poly1305 ciphers.
Change-Id: I4c9efc0bf012bc287c84c7b62c252ecf49ffe32f
|
|
Change-Id: I4764b5f2172f000d13c267e9002789fa6e09c58c
|
|
Update the cipher suite codes of the Chacha20-Poly1305 ciphers
to align them with RFC7905.
Change-Id: I85aa8dfd8a3782d61304b7f74b48f7a09f15a033
|
|
* peterdmv/ssl/dtls-fix:
ssl: Fix dtls queue handling
ssl: Fix retransmission timeout
Change-Id: Ic3312e46e56dca096318a5a6b2eefa6cc0e34863
|
|
* raimo/ssl/tls-dist-fun-day/OTP-14792:
Skip all benchmark groups
Benchmark report relative core load
Improve printouts
Polish sched util benchmark
Improve printouts
Dist handshake with nodelay
Implement inet_crypto_dist benchmark example
|
|
* ingela/ssl/AES-CCM/OTP-15626:
ssl: Adapt DTLS code to optimizations
ssl: Add support AES_CCM cipher suites form RFC 6655
|
|
Change-Id: I6956eb9c7036cfe72bb1b8cb3e02e22bd71c4c36
|
|
Set the upper limit of the retransmission timeout to 60 seconds
instead of 60 milliseconds.
Change-Id: I17168a015f352d2526935ea77a8aea686944ebcd
|
|
|
|
|
|
|
|
|
|
* ingela/ssl/default-supported-versions/OTP-14865:
ssl: Remove default support for legacy versions
|
|
* peterdmv/ssl/tls13-conn-info:
ssl: Fix ssl:connection_information/1 in TLS 1.3
Change-Id: I492b0973bb4ee44354edf22ed3bc2a6e5c7b90c5
|
|
This reverts commit 884503bc69157d2a3c6bd72389b4e2a800f97fb6.
|
|
TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy
|
|
Documentation was incorrect, and new specs provided dialyzer
errors.
|
|
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/src/tls_connection.erl
|
|
* ingela/ssl/transport-transparance/ERL-861/OTP-15679:
ssl: Fix transport transparancy
|
|
maint-21
* ingela/ssl/recv-timeout-bug/ERL-884/ERL-883/OTP-14701:
ssl: Cancel recv timer in all places
|
|
* ingela/ssl/transport-transparance/ERL-861/OTP-15679:
ssl: Fix transport transparancy
|
|
Store cipher suite information in session record.
Test ssl:connection_information/1 in a TLS 1.3 connection.
Change-Id: I7193e6dd2544540e446b5777b5768806cecf2bd3
|
|
* peterdmv/ssl/client-auth/OTP-15591:
ssl: Improve ssl logging
ssl: Test handling of signature algorithms
ssl: Handle unencrypted Alert (Illegal Parameter)
ssl: Improve verification of received Certificate
ssl: Fix Alert logging
ssl: Fix get_handshake_context/2
ssl: Test HelloRetryRequest with client auth
ssl: Verify signature algorithm in CV
ssl: Verify CertificateVerify
ssl: Test client authentication with certificate
ssl: Validate client certificates (TLS 1.3)
ssl: Test client authentication (empty cert)
ssl: Implement state 'wait_cert'
ssl: Add ssl logger support for CertificateRequest
ssl: Fix ssl alerts
Change-Id: Id4ba14d373f116038a7cb3ff9fc33faed23031c8
|
|
Would cause connection to crash although all data was delivered to ssl:recv
|
|
Remove function ssl:set_log_level/1. Its functionality is already
implemented by logger:set_application_level/2.
Set log level for ssl modules to debug at application start.
Former implementation required an extra call to
logger:set_application_level/2 (beside setting ssl option
{log_level, debug}) to enable debug logging.
Change-Id: Id21be7fd58915e11124cc136bb92d8a7526b8a74
|
|
Handle unencrypted 'Illegal Parameter' Alerts from openssl s_client
when the server's connection states are already stepped into
traffic encryption.
Change-Id: I10951a9061e6f4b13d8ddb8ab99f8a812a483113
|
|
Validate peer certificate against supported signature algorithms.
Send 'Hanshake Failure' Alert if signature algorithm is not
supported by the server.
Change-Id: Iad428aad337f0f9764d23404c203f966664c4555
|
|
Report the role of the peer when logging incoming Alerts.
Change-Id: I7eec46bc36f9080f5087b6a38e7f14ac628fe286
|
|
|
|
|
|
Conflicts:
lib/ftp/test/ftp_SUITE.erl
|
|
Split get_handshake_context/2 into two functions. The new
get_handshake_context_cv/2 returns the context for the
verification of CertificateVerify.
Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
|
|
Verify if the signature algorithm used in the signature of
CertificateVerify is one of those present in the
supported_signature_algorithms field of the "signature_algorithms"
extension in the CertificateRequest message.
Change-Id: I7d3b5f10e3205447fb9a9a7e59b93568d1696432
|
