Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-04-24 | Parse cert primarily for host names | Raimo Niskanen | |
2018-04-20 | Create plug-in for distro cert nodes | Raimo Niskanen | |
2018-04-19 | Rewrite TLS dist to handle node names in certs | Raimo Niskanen | |
2018-03-27 | ssl: Cleaner test setup to avoid unintentional test case dependencies | Ingela Anderton Andin | |
2018-03-27 | ssl: Correct ECC suite and DTLS ECC handling | Ingela Anderton Andin | |
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. | |||
2018-03-09 | ssl: Remove interoperability option v2_hello_compatible | Ingela Anderton Andin | |
2018-03-08 | Merge branch 'ingela/ssl/no-automated-fallback/OTP-14789' | Ingela Anderton Andin | |
2018-03-08 | ssl: Increase security with safer default | Ingela Anderton Andin | |
The interoperability option to fallback to insecure renegotiation now has to be explicitly turned on. | |||
2018-03-06 | Merge branch 'maint' | Ingela Anderton Andin | |
2018-03-06 | ssl: Fix anonymous suites regression and protocol error | Bram Verburg | |
Anonymous cipher suites were broken altogether, and there was an earlier issue where the server would send a signature in the server key exchange if a certificate was configured, even if an anonymous suite was actually negotiated. Backport of PR-1729 | |||
2018-03-06 | Merge branch 'maint' | Anders Svensson | |
2018-03-05 | [ssl] Fix hanging test case on outdated lab machine | Lars Thorsen | |
2018-02-07 | Merge branch 'maint' | Ingela Anderton Andin | |
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl lib/ssl/test/ssl_test_lib.erl | |||
2018-02-07 | ssl: Make sure anonymous suites are handled separately | Ingela Anderton Andin | |
Preferably customized cipher suites will be based on the default value. But all may be used as base and hence it will be good to handle anonymous suites separately as they are intended for testing purposes. | |||
2018-02-05 | ssl: Add new API functions for cipher suite handling | Ingela Anderton Andin | |
2018-01-26 | Merge branch 'maint' | Ingela Anderton Andin | |
2018-01-25 | Merge branch 'ingela/DTLS-supported' | Ingela Anderton Andin | |
* ingela/DTLS-supported: ssl: Fix typo dtls: Add DTLS handling to utility functions ssl: Document enhancment ssl: Document DTLS | |||
2018-01-25 | ssl: Check OpenSSL version for DSS (DSA) support | Ingela Anderton Andin | |
LibreSSL-2.6.3 dropped DSS (DSA) support | |||
2018-01-24 | Merge branch 'maint' | Ingela Anderton Andin | |
2018-01-23 | ssl: Add record version sanity check | Ingela Anderton Andin | |
2018-01-22 | Merge branch 'ingela/ssl/no-chacha-default-for-now/ERL-538/OTP-14882' | Ingela Anderton Andin | |
* ingela/ssl/no-chacha-default-for-now/ERL-538/OTP-14882: ssl: Remove chacha ciphers form default for now | |||
2018-01-22 | ssl: Remove chacha ciphers form default for now | Ingela Anderton Andin | |
We have discovered interoperability problems, ERL-538, that we believe needs to be solved in crypto. | |||
2018-01-19 | ssl: Remove 3DES cipher suites from default | Ingela Anderton Andin | |
2018-01-17 | dtls: Add DTLS handling to utility functions | Ingela Anderton Andin | |
2018-01-16 | Merge branch 'ingela/ssl/remove-rsa-keyexchange-from-default/OTP-14769' | Ingela Anderton Andin | |
* ingela/ssl/remove-rsa-keyexchange-from-default/OTP-14769: ssl: RSA key exchange is considered broken do not support by default | |||
2018-01-16 | ssl: RSA key exchange is considered broken do not support by default | Ingela Anderton Andin | |
2018-01-15 | Merge branch 'maint' | Ingela Anderton Andin | |
* maint: ssl: Call clean version function | |||
2018-01-15 | ssl: Call clean version function | Ingela Anderton Andin | |
Make sure tests are run with intended version settings. | |||
2018-01-11 | Merge branch 'maint' | Ingela Anderton Andin | |
2018-01-11 | Merge branch 'ingela/ssl/timeout-cuddle' into maint | Ingela Anderton Andin | |
* ingela/ssl/timeout-cuddle: ssl: Tune timeouts | |||
2018-01-11 | ssl: Tune timeouts | Ingela Anderton Andin | |
2018-01-09 | Merge branch 'maint' | Ingela Anderton Andin | |
2018-01-07 | dtls: Filter out rc4 for DTLS psk suites | Ingela Anderton Andin | |
Stream ciphers are not valid fro DTLS | |||
2018-01-06 | dtls: We do not need to wait for DTLS over UDP server | Ingela Anderton Andin | |
Client will retransmit until server becomes responsive | |||
2017-12-20 | Merge branch 'raimo/ssl-dist-bench/OTP-14657' | Raimo Niskanen | |
* raimo/ssl-dist-bench/OTP-14657: Skip ssl_bench_SUITE, normally | |||
2017-12-12 | Skip ssl_bench_SUITE, normally | Raimo Niskanen | |
2017-12-05 | Merge branch 'maint' | Ingela Anderton Andin | |
Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_handshake.erl | |||
2017-12-05 | ssl: Use maps for cipher suites internally | Ingela Anderton Andin | |
This is a preparation for improvements to come in option handling and support for TLS-1.3 | |||
2017-12-04 | Write SSL distribution benchmarks | Raimo Niskanen | |
2017-11-10 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-11-08 | ssl: Add private key configuration for crypto engine | Ingela Anderton Andin | |
2017-10-18 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-10-18 | Merge branch 'ingela/dtls/no-packet-upd/OTP-14664' into maint | Ingela Anderton Andin | |
* ingela/dtls/no-packet-upd/OTP-14664: ssl: No support for packet option over unreliable transport | |||
2017-10-17 | Merge branch 'maint' | Ingela Anderton Andin | |
2017-10-17 | ssl: No support for packet option over unreliable transport | Ingela Anderton Andin | |
2017-10-16 | ssl: Fix test cases to work on all test platforms | Ingela Anderton Andin | |
Use hradcoded rsa keys as this will work on all legacy platforms. In test case dns_name_reuse only do the relevant client check in the final test. | |||
2017-10-13 | ssl: Sessions must be registered with SNI if exists | Ingela Anderton Andin | |
2017-10-13 | ssl: Extend hostname check to fallback to checking IP-address | Ingela Anderton Andin | |
If no SNI is available and the hostname is an IP-address also check for IP-address match. This check is not as good as a DNS hostname check and certificates using IP-address are not recommended. | |||
2017-10-12 | public_key, ssl: Handles keys so that APIs are preserved correctly | Ingela Anderton Andin | |
2017-10-02 | Merge branch 'maint' | Ingela Anderton Andin | |