Age | Commit message (Collapse) | Author |
|
* raimo/ssl/tls_dist-optimization:
Handle socket close in state downgrade
Handle dead sender at terminate
Handle tls_sender exit properly
Optimize split_bin
Improve dist send throughput
|
|
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/tls_connection.erl
|
|
Also avoid code duplication
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/tls_connection.erl
|
|
When internaly using active N, bugs in shutdown implementation where reveled.
|
|
Make next_record an internal help function to next_event and avoid
duplicate calls to tls_socket:setopts for setting the active option.
|
|
|
|
|
|
|
|
|
|
This change adds the capability to the TLS 1.3 server to process
ClientHello messages and answer with ServerHello.
Change-Id: I13f6cfac932574300338e7301c6162252a591c70
|
|
- Use internal event to transition to the first state of the
TLS 1.3 state machine.
- Add gen_handshake_1_3/4 and gen_info_1_3/4.
Change-Id: I17f12110356c7be4a8dddf9a616df7f181b0ef37
|
|
Use signature schemes in the "signature_algs" extension when
creating TLS 1.3 ClientHello extensions.
Change-Id: I1402bec659c70352a4a2200146911fd4246d2fe2
|
|
- Add function for special handling of default values of
"signature_algs" in TLS 1.3.
This change adds default values for "signature_algs" even for
TLS 1.3 clients as they must send the "signature_algs" extension
when a server authenticates itself via a certificate.
- Use "signature schemes" as default instead of the old
hash-signature algorithms tuple when using TLS 1.3.
Change-Id: I296593b16610fd7a18a4ae3f3bac63c2fad06fbd
|
|
- Order the list of input files
- Auto generate build dependencies
Change-Id: I0520725c98f4739fa73c8667c38ce1b00c494bc9
|
|
- Fix handling of hello versions. TLS 1.3 ClientHello will use
TLS 1.3 encoding.
- Fix encoding/decoding of TLS records when record protection
has not yet been engaged (NULL cipher).
Change-Id: I7511d1a7751f1ec8c2f2f2fb3d21ddf80a3f428b
|
|
Removed strongest Diffie-Hellman groups from defaults (ffdhe3072,
ffdhe4096, ffdhe6144, ffdhe8192) in order to reduce the time spent
with calculating the keys for the key_share extension.
Change-Id: I1cc1914ea4c5093f694989b0153c1bd1c8840eef
|
|
Change-Id: Id92deeebf2cb792a24c0ac1dd2e827fc7135b07c
|
|
Change-Id: Ie7409675dd7a35825f32822df259286bbb95fd62
|
|
* ingela/ssl/key-derive/OTP-15374:
ssl: Add key derivation functions for TLS-1.3
|
|
|
|
* ingela/ssl/rsa-kex-engine/ERIERL-268/OTP-15420:
ssl: Add engine handling clause to RSA key exchange
|
|
|
|
|
|
|
|
Could cause renegotiation to fail
|
|
Change-Id: I2beb99aab1920d866dcdc91f67fc306fc16e9496
|
|
|
|
with handshake
Fix of commit 68d9244ae33e5eea36250c3bb9ffe046a4db5647
|
|
|
|
|
|
|
|
* ingela/ssl/deliver-all-data-at-close/ERL-731/OTP-15412:
ssl: Extend check for undelivered data at closing
|
|
This is a timing related bug that alas is hard to test
|
|
Implement TLS 1.3 state machine skeleton
|
|
|
|
- Updated message generators:
ClientHello, ServerHello and EncryptedExtensions
- Fixed encoding of the extensions 'signature_algorithms' and
'signature_algorithms_cert'
- Updated empty extension definitions
Change-Id: I9415e2d022744b9ed4667d20aee2553637ed49f8
|
|
other purposes than handshaking
|
|
|
|
ssl: fix timezone-related bug in ssl_pem_cache
OTP-15402
|
|
|
|
Fix the default implementation of address_please
|
|
Caught with unit test in ssl_pem_cache_SUITE.
When local timezone is PST (Pacific Standard Time), PEM cache was not evicting
expired entries due to file time converstion was done using
calendar:now_to_datetime, while file modification time is actually in local time.
Use os:system_time() to align with file_info modified time.
|
|
Change-Id: I42d7779bb3558aa3a2bea5be065c559d01c0a32b
|
|
Change-Id: I4b382a7907247cc2099951fdefa40f1511b1123e
|
|
Change-Id: I80bc21b2dee82f4d5641fa8443882838f7c602ba
|
|
* ingela/ssl/tls-1.3-record:
ssl: TLS-1.3 TLS record protocol handling
|
|
|
|
|
|
|