aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/test/ssl_cipher_SUITE.erl
AgeCommit message (Collapse)Author
2013-06-04ssl: Structural perarparation to support DTLSIngela Anderton Andin
Also phase in tls module as main API instead of ssl. To make API clearer. As TLS is the new protocol name. Maybe keep some API functions in ssl
2013-01-11ssl: CTify test casesIngela Anderton Andin
2012-08-31Update copyright yearsBjörn-Egil Dahlberg
2012-08-22ssl: Update ssl_cipher_SUITE for TLS 1.1 and TLS 1.2Andreas Schultz
now that we handle TLS 1.1+ records correctly, the test suite have to take that into account.
2011-11-15Removed compiler warningsIngela Anderton Andin
2011-10-24fix handling of block_decipher/5 failureAndreas Schultz
A wrong decryption key would cause a badmatch in generic_block_cipher_from_bin/2. The try in block_decipher/5 was probably intendend to deal with that, but was misplace for this. Additionaly, generating a failure alert erly, without computing the record MAC, creates vector for a timing attack on CBC padding (for details check TLS 1.2 RFC 5246, Sect. 6.2.3.2.). This attach vector and the counter meassure applies to all SSL/TLS versions. As a counter messure, compute the MAC even when decryption or padding checks fail. A invalid padding will force a MAC failure by intentionaly invalidating the content.