| Age | Commit message (Collapse) | Author |
|---|
|
* ingela/ssl/AES-CCM/OTP-15626:
ssl: Adapt DTLS code to optimizations
ssl: Add support AES_CCM cipher suites form RFC 6655
|
|
|
|
|
|
|
|
* ingela/ssl/default-supported-versions/OTP-14865:
ssl: Remove default support for legacy versions
|
|
* peterdmv/ssl/tls13-conn-info:
ssl: Fix ssl:connection_information/1 in TLS 1.3
Change-Id: I492b0973bb4ee44354edf22ed3bc2a6e5c7b90c5
|
|
This reverts commit 884503bc69157d2a3c6bd72389b4e2a800f97fb6.
|
|
TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy
|
|
Documentation was incorrect, and new specs provided dialyzer
errors.
|
|
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/src/tls_connection.erl
|
|
* ingela/ssl/transport-transparance/ERL-861/OTP-15679:
ssl: Fix transport transparancy
|
|
Store cipher suite information in session record.
Test ssl:connection_information/1 in a TLS 1.3 connection.
Change-Id: I7193e6dd2544540e446b5777b5768806cecf2bd3
|
|
* peterdmv/ssl/client-auth/OTP-15591:
ssl: Improve ssl logging
ssl: Test handling of signature algorithms
ssl: Handle unencrypted Alert (Illegal Parameter)
ssl: Improve verification of received Certificate
ssl: Fix Alert logging
ssl: Fix get_handshake_context/2
ssl: Test HelloRetryRequest with client auth
ssl: Verify signature algorithm in CV
ssl: Verify CertificateVerify
ssl: Test client authentication with certificate
ssl: Validate client certificates (TLS 1.3)
ssl: Test client authentication (empty cert)
ssl: Implement state 'wait_cert'
ssl: Add ssl logger support for CertificateRequest
ssl: Fix ssl alerts
Change-Id: Id4ba14d373f116038a7cb3ff9fc33faed23031c8
|
|
Would cause connection to crash although all data was delivered to ssl:recv
|
|
Remove function ssl:set_log_level/1. Its functionality is already
implemented by logger:set_application_level/2.
Set log level for ssl modules to debug at application start.
Former implementation required an extra call to
logger:set_application_level/2 (beside setting ssl option
{log_level, debug}) to enable debug logging.
Change-Id: Id21be7fd58915e11124cc136bb92d8a7526b8a74
|
|
Handle unencrypted 'Illegal Parameter' Alerts from openssl s_client
when the server's connection states are already stepped into
traffic encryption.
Change-Id: I10951a9061e6f4b13d8ddb8ab99f8a812a483113
|
|
Validate peer certificate against supported signature algorithms.
Send 'Hanshake Failure' Alert if signature algorithm is not
supported by the server.
Change-Id: Iad428aad337f0f9764d23404c203f966664c4555
|
|
Report the role of the peer when logging incoming Alerts.
Change-Id: I7eec46bc36f9080f5087b6a38e7f14ac628fe286
|
|
|
|
|
|
Conflicts:
lib/ftp/test/ftp_SUITE.erl
|
|
Split get_handshake_context/2 into two functions. The new
get_handshake_context_cv/2 returns the context for the
verification of CertificateVerify.
Change-Id: I461eb67bda1d9c1673e463d417c3e838fca6b40c
|
|
Verify if the signature algorithm used in the signature of
CertificateVerify is one of those present in the
supported_signature_algorithms field of the "signature_algorithms"
extension in the CertificateRequest message.
Change-Id: I7d3b5f10e3205447fb9a9a7e59b93568d1696432
|
|
Verify CertificateVerify message against the handshake context and
the public key provided by the Certificate message.
Remove 'Context' argument from state handler functions and store
data in the state variable.
Refactor get_handshake_context/1 to cover all implemented cases.
Change-Id: If803e05009331d1ec7e0ba2ea2b81d917a0add6d
|
|
Implement validation of client certificates in state
'wait_cert'.
Implement state 'wait_cv'.
Clean up handler functions.
Change-Id: I5c410bf7afe34632f27fabcd61670764fedb105d
|
|
Implement state 'wait_cert' with its handler function
do_wait_cert/2.
Send CertificateRequest if peer verification is enabled.
Send Alert 'certificate required' if client answers with empty
Certificate and option 'fail_if_no_peer_cert' is set to true.
Change-Id: I72c73bcb6bc68ea60e6fe41cdd29ccfe40d18322
|
|
Change-Id: I5fdade8474147d05bc12d28fec91a47d4fd6e73b
|
|
Add missing alert to description_atom/1.
Function clauses ordered by value of the alert.
Change-Id: Ibb68ea261c42070c757b2815abd3f7b179880128
|
|
* peterdmv/ssl/hello-retry-request/OTP-15590:
ssl: Fix type spec for handshake_history()
ssl: Add tests for hello_retry_request and groups
ssl: Implement 'hello_retry_request'
Change-Id: I04ad2860d0ba81462a1e36c7d6fcee6bc5c98c32
|
|
* maint:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
|
|
* essen/ssl-active-n:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl.erl
|
|
handshake_history() was specified as {[binary()], [binary[]]},
although its real type was {iodata(), iodata()}, dialyzer did
not give a warning until a new function matched out an element
of handshake_history and used it as input data for crypto:hash/2.
Change-Id: I60660e7296a52bf69bd7198a4cffee8338907726
|
|
Refactor state 'start' and handler functions.
Send 'hello_retry_request' if ClientHello does not contain
sufficient information.
Change-Id: I9fccb38aff5ba88bff75887261e8b1487bd64e17
|
|
* peterdmv/ssl/dtls_logging:
ssl: Add debug logging for DTLS
Change-Id: I83bf117c6c3428c57010e0e581775dd941fc829a
|
|
* essen:erlang/otp:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
|
|
|
|
* ingela/ssl/doc-enhancements:
ssl: Enhance documentation after "use-spec-rewrite"
|
|
|
|
* peterdmv/ssl/validate_client_finished:
ssl: Validate Client Finished
Change-Id: I495c0d998423dc5a760d1ca0109c4107c5919f54
|
|
Change-Id: I4858972053436b05b83d72c552974fc9da3843d4
|
|
* maint:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/ssl_logger.erl
lib/ssl/src/ssl_record.erl
lib/ssl/src/ssl_record.hrl
lib/ssl/src/tls_connection.erl
lib/ssl/src/tls_record.erl
lib/ssl/src/tls_sender.erl
|
|
* raimo/ssl/tls-optimization/OTP-15529:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
|
|
|
|
When changing the ssl application to use type specs in documentation
master additions where lost in the merge as we did not want to
rewrite the new documentation in a merge commit.
|
|
This reverts commit 028df3a72f7b813ef9851799a07ded30b7d3ad55.
|
|
Validate Client Finished message. If validation fails, send
decrypt_error alert.
Change-Id: I1da7be3505ca6df2b3d50282f0500b988ef8b488
|
|
|
|
|
