Age | Commit message (Collapse) | Author |
|
* ingela/dtls/opts:
ssl: Adopt setopts and getopts for DTLS
|
|
|
|
|
|
* ingela/dtls/replay-protect/OTP-14077:
dtls: Implement replay protection
|
|
See RFC 6347 section 3.3
|
|
* ingela/ssl/bench-certs:
ssl: Disable Server Name verification in bench tests for now
|
|
|
|
Conflicts:
OTP_VERSION
lib/inets/vsn.mk
lib/ssl/vsn.mk
|
|
|
|
|
|
* ingela/ssl/windows-cuddle:
ssl: Only run sslv2 reject tests on old OpenSSL version
ssl: Try to workaround OpenSSL windows obscurities
|
|
|
|
|
|
When the server_name_indication is sent automatize the
clients check of that the hostname is present in the
servers certificate. Currently server_name_indication shall
be on the dns_id format. If server_name_indication is disabled
it is up to the user to do its own check in the verify_fun.
|
|
This reverts commit dc57404252c47520f352834ad9be45ad684f96c9.
|
|
|
|
|
|
Commit 87584ae85893df917ca83cb0c40748fd4da0f3bc added missing release note
but not in the correct place.
|
|
|
|
|
|
* ingela/ssl/cacha-default/OTP-14382:
ssl: Cacha is currently not tested enough to be most prefered.
|
|
|
|
|
|
Note this is a change form how it works for earlier versions that will
send the first hello message on the lowest supported version.
From RFC 5246
Appendix E. Backward Compatibility
E.1. Compatibility with TLS 1.0/1.1 and SSL 3.0
Since there are various versions of TLS (1.0, 1.1, 1.2, and any
future versions) and SSL (2.0 and 3.0), means are needed to negotiate
the specific protocol version to use. The TLS protocol provides a
built-in mechanism for version negotiation so as not to bother other
protocol components with the complexities of version selection.
TLS versions 1.0, 1.1, and 1.2, and SSL 3.0 are very similar, and use
compatible ClientHello messages; thus, supporting all of them is
relatively easy. Similarly, servers can easily handle clients trying
to use future versions of TLS as long as the ClientHello format
remains compatible, and the client supports the highest protocol
version available in the server.
A TLS 1.2 client who wishes to negotiate with such older servers will
send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in
ClientHello.client_version. If the server does not support this
version, it will respond with a ServerHello containing an older
version number. If the client agrees to use this version, the
negotiation will proceed as appropriate for the negotiated protocol.
If the version chosen by the server is not supported by the client
(or not acceptable), the client MUST send a "protocol_version" alert
message and close the connection.
If a TLS server receives a ClientHello containing a version number
greater than the highest version supported by the server, it MUST
reply according to the highest version supported by the server.
A TLS server can also receive a ClientHello containing a version
number smaller than the highest supported version. If the server
wishes to negotiate with old clients, it will proceed as appropriate
for the highest version supported by the server that is not greater
than ClientHello.client_version. For example, if the server supports
TLS 1.0, 1.1, and 1.2, and client_version is TLS 1.0, the server will
proceed with a TLS 1.0 ServerHello. If server supports (or is
willing to use) only versions greater than client_version, it MUST
send a "protocol_version" alert message and close the connection.
Whenever a client already knows the highest protocol version known to
a server (for example, when resuming a session), it SHOULD initiate
the connection in that native protocol.
Note: some server implementations are known to implement version
negotiation incorrectly. For example, there are buggy TLS 1.0
servers that simply close the connection when the client offers a
version newer than TLS 1.0. Also, it is known that some servers will
refuse the connection if any TLS extensions are included in
ClientHello. Interoperability with such buggy servers is a complex
topic beyond the scope of this document, and may require multiple
connection attempts by the client.
Earlier versions of the TLS specification were not fully clear on
what the record layer version number (TLSPlaintext.version) should
contain when sending ClientHello (i.e., before it is known which
version of the protocol will be employed). Thus, TLS servers
compliant with this specification MUST accept any value {03,XX} as
the record layer version number for ClientHello.
TLS clients that wish to negotiate with older servers MAY send any
value {03,XX} as the record layer version number. Typical values
would be {03,00}, the lowest version number supported by the client,
and the value of ClientHello.client_version. No single value will
guarantee interoperability with all old servers, but this is a
complex topic beyond the scope of this document.
|
|
* ingela/ssl/AEAD:
ssl, dtls: Refactor so that DTLS records are handled correctly together with AEAD handling
ssl, dtls: Correct integer type for sequence number
|
|
With the new help functions for creating test data we can simplify the
code. And sometimes corrections have been made so that the test actually
perform the test intended.
|
|
AEAD handling
|
|
|
|
|
|
|
|
The certificate chain handling had become quite entangled and
was not correct.
|
|
* ingela/ssl/dtls-cookie/OTP-14076:
dtls: Implement DTLS cookie secret generation
|
|
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/crypto/c_src/crypto.c
lib/crypto/src/crypto.erl
lib/ssh/src/ssh.erl
|
|
|
|
|
|
|
|
Emulate active once in such a way that data recived by the TLS
connection process, but not fetch via active once option
by the user, can be delivered at next active once before final close.
|
|
* ingela/ssl/make-cert-test-data/OTP-14294:
ssl, public_key: Add functionality for generating X509 cert test data
|
|
For now this functionality is located in ssl. And existing
public_key function is extended. However some of the functionality may
be moved to public_key in a later stage.
|
|
* ingela/ssl/dtls-frag:
dtls: Handle overlapping fragments
|
|
Fragment reassembling needs to handle that a smaller
fragment then sent originally might overlap an earlier
received fragment.
|
|
Add session_id and remove undocumented ssl:session_info/1
Add client_random, server_random and master_secret, they will not be included
in ssl:connection_information/1 as they may affect the connections security if
used recklessly.
|
|
|
|
* ingela/ssl/dtls-test:
dtls: Correct version check
dtls: Test case fixes
|
|
* maint:
Updated OTP version
Prepare release
Conflicts:
OTP_VERSION
lib/typer/doc/src/notes.xml
lib/typer/vsn.mk
|
|
|
|
|
|
|
|
|
|
|