Age | Commit message (Collapse) | Author |
|
* ingela/ssl/upgrade-cuddle:
ssl: Upgrade cert generation for upgrade test
|
|
|
|
* raimo/ssl/tls-dist-fun-day/OTP-14792:
Skip all benchmark groups
Benchmark report relative core load
Improve printouts
Polish sched util benchmark
Improve printouts
Dist handshake with nodelay
Implement inet_crypto_dist benchmark example
|
|
|
|
|
|
|
|
|
|
|
|
Optimization to concatenate small user data packages recived
closely after each other has invalidated assumptions in the test case.
|
|
The test are moved to ssl_cipher_suite_SUITE
|
|
This group has started to fail as our default has diverged from OpenSSL
defaults and we are not really interested in testing OpenSSL defaults.
|
|
|
|
This is a simplistic distribution protocol module for
encrypted distribution using a shared secret and only
the crypto module, and AEAD ciphers.
It is intended to be a benchmark reference for how fast
encrypted distribution may get.
How secure it would be and also how useful, for actual production use,
remains to be investigated.
|
|
|
|
* ingela/ssl/default-supported-versions/OTP-14865:
ssl: Remove default support for legacy versions
|
|
* peterdmv/ssl/tls13-conn-info:
ssl: Fix ssl:connection_information/1 in TLS 1.3
Change-Id: I492b0973bb4ee44354edf22ed3bc2a6e5c7b90c5
|
|
TLS-1.0, TLS-1.1 and DTLS-1.0 are now considered legacy
|
|
Conflicts:
lib/ssl/src/ssl.erl
lib/ssl/src/tls_connection.erl
|
|
Store cipher suite information in session record.
Test ssl:connection_information/1 in a TLS 1.3 connection.
Change-Id: I7193e6dd2544540e446b5777b5768806cecf2bd3
|
|
Remove function ssl:set_log_level/1. Its functionality is already
implemented by logger:set_application_level/2.
Set log level for ssl modules to debug at application start.
Former implementation required an extra call to
logger:set_application_level/2 (beside setting ssl option
{log_level, debug}) to enable debug logging.
Change-Id: Id21be7fd58915e11124cc136bb92d8a7526b8a74
|
|
Change-Id: I433924f9c590efa94423db5df52dd3f5d53d9d20
|
|
|
|
Change-Id: I6504d99a96ed6fc75dbdff78a6148ed39d3776c9
|
|
Change-Id: I09c0501ea790941001b11a3f6d12a96f18da2bea
|
|
Test client authentication when client responds with empty
Certificate.
Change-Id: I725ae60c6d097ca13c5f4354e35377ecacf98dea
|
|
* peterdmv/ssl/hello-retry-request/OTP-15590:
ssl: Fix type spec for handshake_history()
ssl: Add tests for hello_retry_request and groups
ssl: Implement 'hello_retry_request'
Change-Id: I04ad2860d0ba81462a1e36c7d6fcee6bc5c98c32
|
|
* maint:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
|
|
Change-Id: I0e4a9337d5d52a0e39ccc16d2d2e2b123ea2f9b5
|
|
* essen:erlang/otp:
fixup! ssl: Add support for {active,N}
ssl: Use common fonction to update {active,N}
ssl: Document {active,N}
ssl: Add support for {active,N}
Conflicts:
lib/ssl/src/ssl_connection.erl
|
|
* maint:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
Conflicts:
lib/ssl/src/ssl_cipher.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/ssl_logger.erl
lib/ssl/src/ssl_record.erl
lib/ssl/src/ssl_record.hrl
lib/ssl/src/tls_connection.erl
lib/ssl/src/tls_record.erl
lib/ssl/src/tls_sender.erl
|
|
* raimo/ssl/tls-optimization/OTP-15529:
Inline local function
Optimize binary matching
Clean up module boundaries
Remove redundant return of CipherState
Use iovec() internally in send path
Small binary handling optimizations
Optimize read_application_data with Okasaki queue
Try to optimize decode_cipher_text/3
Optimize application data aggregation
Optimize TLS record parsing with Okasaki queue
Cache strong_random_bytes for IV
Optimize padding
Produce less garbage in encrypt loop
Reorganize #data{}
Tidy up state machine
Add server GC info to bench results
|
|
* ingela/ssl/bench:
ssl: Improve bench SUITE
|
|
Add shorter time trap, modernize code and make sure help process
terminates.
|
|
|
|
* ingela/ssl/shrink-state:
ssl: Remove duplicate record_cb handling
ssl: Add test case for continued handshake with a timeout
ssl: Use gen_statem named timers to handle connection and recv timeouts
ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keys
ssl: Move key_algorithm to handshake_env
ssl: srp
ssl: Rename
ssl: Move diffie_hellman_params to handshake_env
ssl: Move and rename psk_identity state record field
ssl: Move premaster_secret to handshake_env
ssl: Make flight_state DTLS specific
ssl: Add private_key to connection_env
ssl: Remove unused record field
ssl: Add erl_dist_handle to connection_env
ssl: Add negotiated_version to connection_env
ssl: Add key exchange items to handshake_env
ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_env
ssl: Add downgrade handling to connection_env
ssl: Create connection_env
ssl: Handle renegotiation and extensions in handshake_env
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/tls_connection.erl
|
|
* ingela/ssl/shrink-state:
ssl: Remove duplicate record_cb handling
ssl: Add test case for continued handshake with a timeout
ssl: Use gen_statem named timers to handle connection and recv timeouts
ssl: Move and rename diffie_hellman_keys and srp_keys to kex_keys
ssl: Move key_algorithm to handshake_env
ssl: srp
ssl: Rename
ssl: Move diffie_hellman_params to handshake_env
ssl: Move and rename psk_identity state record field
ssl: Move premaster_secret to handshake_env
ssl: Make flight_state DTLS specific
ssl: Add private_key to connection_env
ssl: Remove unused record field
ssl: Add erl_dist_handle to connection_env
ssl: Add negotiated_version to connection_env
ssl: Add key exchange items to handshake_env
ssl: Add hashsign_algorithm and cert_hashsign_algorithm to handshake_env
ssl: Add downgrade handling to connection_env
ssl: Create connection_env
ssl: Handle renegotiation and extensions in handshake_env
|
|
* peterdmv/ssl/server-process-client-finished:
ssl: Test TLS 1.3 connectivity
ssl: Fix crash when sending Alerts
ssl: Fix dialyzer warning
ssl: Improve TLS 1.3 statem
Change-Id: I258e0309ba3a132d5ab2056151935a3df8646344
|
|
|
|
* maint:
ssl: Fix renegotiation testcases
ssl: Fix failing rizzo testcases
ssl: Use IPv4 addresses with openssl s_client
ssl: Use sha256 in test certificates if supported
Change-Id: I8a604d607333d029b170e3d3ad31ea01890202ea
|
|
* peterdmv/ssl/fix-failing-testcases:
ssl: Fix renegotiation testcases
ssl: Fix failing rizzo testcases
ssl: Use IPv4 addresses with openssl s_client
ssl: Use sha256 in test certificates if supported
Change-Id: I11a326be027545e20fbef6f90996b0c8be8c3e50
|
|
Fix failing renegotiation testcases with openssl-1.1.1a.
openssl s_client sends the renegotiation "R\n" connected command
to the server side causing testcase failure.
This commit updates ssl_to_openssl_SUITE:erlang_ssl_receive to
swallow the unexpected packet.
Change-Id: I1f5d040ac65c25652f7101ddf109fc84acc4c915
|
|
|
|
|
|
Filter out the cipher 'chacha20_poly1305' when running the
testcase 'rizzo_one_n_minus_one'.
Change-Id: If3a18b0782b747b91155553e0659faebd7c5dd05
|
|
This commit fixes failing testcases on OpenBSD 12.0 systems. It
forces openssl s_client to use an IPv4 address if openssl supports
IPv6.
When s_client is called with the argument "localhost" it binds
to the first address returned by getaddrinfo. As the first address
is an IPv6 address on OpenBSD 12.0, the client fails to send
UDP packets to the ssl server that is listening on an IPv4 address.
Change-Id: Ie662d10f4f0d9c803f7a341c9ea7dbe2ac80b556
|
|
This commit fixes ssl_test_lib:appropriate_sha/1 that returns sha256
if it is supported by crypto. It returns sha1 otherwise.
Change-Id: I0bfa4d50bbe3c788551a81d418db2cabc36a4344
|
|
Test TLS 1.3 connectivity between ssl server and
openssl s_client.
Change-Id: I926229d6bc9e6670ebe0190b491257876845b570
|
|
- Store FinishedKey in cipher_state.
- Implement state 'wait_finished'.
- Calculate traffic secrets in 'wait_finished' after Finished
received from client and go to state 'Connection'.
- Drop 'change_cipher_spec' messages (middlebox compatibility mode).
- Extend tests of 1-RTT.
Change-Id: Id69619ec5da053ffaaef75378678a27afeef6916
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher_format.erl
lib/ssl/src/tls_handshake.erl
|