| Age | Commit message (Collapse) | Author |
|---|
|
AEAD handling
|
|
|
|
|
|
|
|
* ingela/ssl/dtls-cookie/OTP-14076:
dtls: Implement DTLS cookie secret generation
|
|
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
lib/ssh/src/ssh.erl
|
|
|
|
|
|
Emulate active once in such a way that data recived by the TLS
connection process, but not fetch via active once option
by the user, can be delivered at next active once before final close.
|
|
* ingela/ssl/dtls-frag:
dtls: Handle overlapping fragments
|
|
Fragment reassembling needs to handle that a smaller
fragment then sent originally might overlap an earlier
received fragment.
|
|
Add session_id and remove undocumented ssl:session_info/1
Add client_random, server_random and master_secret, they will not be included
in ssl:connection_information/1 as they may affect the connections security if
used recklessly.
|
|
|
|
|
|
|
|
|
|
* ingela/ssl/next-maint-version:
ssl: Version update
|
|
'dtlsv1.2' should not be included in MIN_DATAGRAM_SUPPORTED_VERSIONS
as this is the default when crypto does not have sufficient support for
'tlsv1.2' and 'dtlsv1.2'
|
|
The new_options_in_accept test is not working yet, however DTLS is still
work in progress and we want to make a progress merge to avoid merge conflicts
with other progress of the ssl application.
|
|
Erlang distribution requiers a reliable transport, which udp is not.
Maybe could be interesting later when SCTP support is added to DTLS.
|
|
Change retransmissions timers to use gen_statem state timeouts. We do
not need a retransmission timer in the state connection as data traffic in
DTLS over UDP is not retransmitted. If the last flight before
transitioning into connection is lost, it will be resent when the peer
resends its last flight. This will also make hibernation testing more
straight forward.
We need more adjustments later to handle a reliable DTLS transport
such as SCTP.
|
|
|
|
DTLS does not support stream ciphers and needs diffrent
handling of the "#ssl_socket{}" handle .
|
|
|
|
AES256 was preferred over 3DES already, so this only makes sure AES128
is preferred over 3DES also. This changes the default but probably
nobody will notice as a better algorithm will be chosen anyhow.
|
|
* fix-source-typos: (25 commits)
Fixed typos in system/doc
Fixed typos in lib/xmerl
Fixed typos in lib/wx
Fixed typos in lib/stdlib
Fixed typos in lib/snmp
Fixed typos in lib/ssl
Fixed typos in lib/ssh
Fixed typos in PKCS-8.asn1 file
Fixed typos in lib/parsetools
Fixed typos in lib/orber
Fixed typos in lib/mnesia
Fixed typos in lib/megaco
Fixed typos in lib/kernel
Fixed typos in lib/jinterface
Fixed typos in lib/inets
Fixed typos in lib/hipe
Fixed typos in lib/eunit
Fixed typos in lib/erl_interface
Fixed typos in lib/eldap
Fixed typos in lib/edoc
...
|
|
|
|
Valid SSL 3.0 or TLS hellos might accidentally match SSL 2.0 format
(and sometimes the other way around before inspecting data)
so we need to match SSL 3.0 and TLS first and only match SSL 2.0
hellos when flag to support it is set.
|
|
Use map instead of large tuple, which was not an option when the code
was written originally. More simplifications along these lines may
be done later to the state record.
|
|
Move of PEM cache to own process was flawed and not all PEM files
where cached properly. We must properly handle both the ditributed
and the normal mode of the ssl application.
|
|
* ingela/ssl/key-ext-validate/ERL-338/OTP-14141:
ssl: The certificate path may be used as a source to find intermediate CAs for the CRL
ssl: Handle more than one DistributionPoint
ssl: Correct ssl_certificate:validate/3
|
|
for the CRL
|
|
|
|
Changes made to ssl_certificate:validate appear to be preventing CRL
validation from happening when an id-ce-extKeyUsage extension is
present in the cert before the DistributionPoint extension.
https://github.com/erlang/otp/blob/448e8aca77dd29ed5b37d56f0700d24ac26a7243/lib/ssl/src/ssl_certificate.erl#L131
See also ERL-338 and PR-1302
|
|
The PEM cache handling has proven to be too disruptive of the manager process.
|
|
If a handshake message is really big it could happen that the ssl
process would hang due to failing of requesting more data from the
socket. This has been fixed.
Also added option to limit max handshake size. It has a default
value that should be big enough to handle normal usage and small
enough to mitigate DoS attacks.
|
|
|
|
When the terminate function is called explicitly, to make guarantees
that for instance the reuseaddr option works as expected, we must
make sure that the clean up code is not run again when gen_statem
calls terminate. This check was broken in the rewrite from gen_fsm to
gen_statem.
Caused PEM cache errors, that in some cases would
cause unexpected connection failures.
|
|
|
|
Beta DTLS, not production ready. Only very basically tested, and
not everything in the SPEC is implemented and some things
are hard coded that should not be, so this implementation can not be consider
secure.
Refactor "TLS connection state" and socket handling, to facilitate
DTLS implementation.
Create dtls "listner" (multiplexor) process that spawns
DTLS connection process handlers.
Handle DTLS fragmentation.
Framework for handling retransmissions.
Replay Detection is not implemented yet.
Alerts currently always handled as in TLS.
|
|
As per RFC 4492 Sec 5.1, the preferred order of selection of named
curves is based on client preferences.
Currently, the SSL application only picks entries according to the
absolute order of entries as tracked in a hardcoded list in code.
This patch changes things so that the client-specified order is
preferred. It also allows a mode where the server can be configured to
override the client's preferred order with its own, although the chosen
ECC must still be within both lists.
The configuration is done through the following options:
- `eccs`, shared by clients and servers alike, allows the specification
of the supported named curves, in their preferred order, and may
eventually support more values for explicit primes and so on.
- `honor_ecc_order`, a server-only option, is similar to
`honor_cipher_order` and will, by default let the server pick the
client-preferred ECC, and otherwise pick the server-preferred one.
The default value for `eccs` is the same as before, although the
server-chosen ECC now defaults to the client rather than previous
choice.
A function `ssl:eccs()` has been added that returns the highest
supported ECCs for the library.
|
|
Adapted from commit 675ee6860d2c273bcc6c6a0536634a107e2a3d9f.
Conflicts:
lib/ssl/src/ssl_cipher.erl
|
|
* ingela/ssl/cipher-type-spec:
ssl: Adjust cipher type to conform to implementation
|
|
|
|
* RoadRunnr/crypto/no-rc4/PR-1169/OTP-13896:
disable RC4 in SSL when crypto doesn't support it
Fix compilation when OpenSSL doesn't support RC4
Conflicts:
lib/crypto/c_src/crypto.c
|
|
Test suite did not take TLS-version in to account. Also
some anonymous suites where included incorrectly in some TLS versions.
|
|
* ingela/ssl/ECC-selection-fix/OTP-13918:
ssl: Correct ECC curve selection, the error could cause default to always be selected.
|
|
selected.
|
|
Several handshake events may be received in the same TLS packet. Then there
will be several events pushed to the gen_statems internal queue.
New events already in the socket-buffer should not be processed
if there are more unprocessed handshake events in next_event queue.
We need to handle this in the next_record/1 function.
|
|
|
