Age | Commit message (Collapse) | Author |
|
* raimo/better-TLS-distribution/OTP-15058:
Test nodename whitelist
Use public_key to verify client hostname
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
In SSL/TLS, when the server certificate contains a RSA key, then:
either a DHE or ECDHE cipher suite is used, in which case the RSA key
is used for a signature (see section 7.4.3 of RFC 5246: the "Server
Key Exchange" message); this exercises the digitalSignature key usage;
or "plain RSA" is used, with a random value (the 48-byte pre-master
secret) being encrypted by the client with the server's public key
(see section 7.4.7.1 of RFC 5246); this is right in the definition of
the keyEncipherment key usage flag.
dataEncipherment does not apply, because what is encrypted is not
directly meaningful data, but a value which is mostly generated
randomly and used to derive symmetric keys. keyAgreement does not
apply either, because that one is for key agreement algorithms which
are not a case of asymmetric encryption (e.g. Diffie-Hellman). The
keyAgreement usage flag would appear in a certificate which contains a
DH key, not a RSA key. nonRepudiation is not used, because whatever is
signed as part of a SSL/TLS key exchange cannot be used as proof for a
third party (there is nothing in a SSL/TLS tunnel that the client
could record and then use to convince a judge when tring to sue the
server itself; the data which is exchanged within the tunnel is not
signed by the server).
When a ECDSA key is used then "keyAgreement" flag is needed for beeing
ECDH "capable" (as opposed to ephemeral ECDHE)
|
|
|
|
|
|
Depending on context trap_exit flag may be set or not.
So always set trap_exit and consume the EXIT signal and then set it back.
|
|
ECDH suite handling did not use the EC parameters form the certs
as expected.
|
|
Fix test case code to use keyAgreement for ECDH_ECDSA
|
|
|
|
* raimo/better-TLS-distribution/OTP-14969:
Fix distro CRL test cases short vs long names
Allow check for node name
Move check ip to before SSL handshake
Check client IP from server
Parse cert primarily for host names
Open for host and node allow list
Create plug-in for distro cert nodes
Rewrite TLS dist to handle node names in certs
Improve node allowed check
|
|
* ingela/ssl/test-cuddle:
ssl: Handle EXIT messages from test code correctly
|
|
|
|
answer to a certificate request
Solves ERL-599
|
|
answer to a certificate request
Solves ERL-599
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When test handling was corrected it was obvious that DTLS ECC handling
was not compleated.
|
|
|
|
|
|
|
|
The interoperability option to fallback to insecure renegotiation
now has to be explicitly turned on.
|
|
|
|
Anonymous cipher suites were broken altogether, and
there was an earlier issue where the server would send a signature
in the server key exchange if a certificate was configured, even
if an anonymous suite was actually negotiated.
Backport of PR-1729
|
|
|
|
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher.erl
lib/ssl/test/ssl_basic_SUITE.erl
lib/ssl/test/ssl_test_lib.erl
|
|
Preferably customized cipher suites will be based on the default value.
But all may be used as base and hence it will be good to
handle anonymous suites separately as they are intended for testing purposes.
|
|
|
|
|
|
* ingela/DTLS-supported:
ssl: Fix typo
dtls: Add DTLS handling to utility functions
ssl: Document enhancment
ssl: Document DTLS
|
|
LibreSSL-2.6.3 dropped DSS (DSA) support
|
|
|
|
|
|
* ingela/ssl/no-chacha-default-for-now/ERL-538/OTP-14882:
ssl: Remove chacha ciphers form default for now
|
|
We have discovered interoperability problems, ERL-538, that we
believe needs to be solved in crypto.
|
|
|
|
|