| Age | Commit message (Collapse) | Author |
|---|
|
The MSS might change between sending the a flight and possible
resend. We therefore have to be able to fragment the records
differently for resent.
Encoding and fragmenting of handshake record therefor needs to
be done independently.
With this change the handshake is encoded to it's full length
first, then queued to a flight. The fragmentation is handled
during assembly of the flights datagram.
Conflicts:
lib/ssl/src/dtls_connection.erl
|
|
Conflicts:
lib/ssl/src/dtls_connection.erl
|
|
Sync initial_state overall functionality with TLS and
add a few DTLS specific initalizers.
Conflicts:
lib/ssl/src/dtls_connection.erl
|
|
|
|
The flight concept was introduced by DTLS (RFC 4347) to optimize
the packing of DTLS records into UDP packets. This change
implments the flight concept in the the generic SSL connection
logic and add the queue logic to the TLS and DTLS stack.
The DTLS required resend handling is not implemented yet.
While the flight handling is only required for DTSL, it turns
out that the same mechanism can be usefull to TCP based TLS as
well.
With the current scheme each TLS record will be mapped into a
separate TCP frame. This causes more TCP frames to be generate
that necessary. On fast network this will have no impact, but
reducing the number of frames and thereby the number of
round trips can result in significant speedups on slow and
unreliable networks.
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
available_signature_algs is also needed for DTLS, move it
into a shared place and export it.
Conflicts:
lib/ssl/src/tls_handshake.erl
|
|
|
|
* ingela/maint/ssl/max-session-table/OTP-13490:
ssl: Mitigate load increase when the whole session table is invalidated
|
|
* joedevivo/maint/ssl/PR-1063/OTP-13635:
ssl:recv timeout() can be 0
|
|
maint-18
* ingela/maint/ssl/tls-1.2-available-hashsigns/OTP-13670:
ssl: ordsets:intersection/2 did not give the expected result
|
|
into maint-18
* kennethlakin/maint/tls-use-negotiated-prf/PR-1042/OTP-13546:
ssl: Use cipher suite's PRF in prf/5
|
|
|
|
|
|
Use the negotiated cipher suite's PRF algorithm in calls to
ssl:prf/5, rather than a hard-coded one.
For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This
was correct 100% of the time.
For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256.
This was correct only some of the time for TLS 1.2 and none of the
time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5
through another path, the handshaking process used the negotiated
PRF and did not encounter this bug.
A new test (prf) has been added to ssl_basic_SUITE to guard against future
breakage.
|
|
gen_tcp:recv allows this, and if you're doing something like
Transport:recv(Socket, 0, 0), TCP will work and SSL will exit with
function_clause
There were other cases of this throughout the module. This PR cleans
them all up.
|
|
Turns out we can not count on the "hashsigns" sent by the client and
the supported "hashigns" sets to have required properties of ordsets.
|
|
* ingela/ssl/crl-find-issuer/OTP-13656:
ssl: Propagate error so that public_key crl validation process continues correctly and determines what should happen.
|
|
correctly and determines what should happen.
|
|
These functions call getstat on the underlying TCP socket.
The only way to do this before now was to use a hack, either
by looking inside the #sslsocket{} record directly, or by
not using the SSL listen/accept functions and upgrading
from a TCP socket that is kept around for the purpose of
calling getstat later on.
|
|
* ingela/ssl/unexpected-client-cert/OTP-13651:
ssl: Reject unrequested client cert
|
|
* ingela/ssl/max-session-table/OTP-13490:
ssl: Mitigate load increase when the whole session table is invalidated
|
|
|
|
* ingela/ssl/phase-out-sslv2-hello/OTP-13465:
ssl: Add option to phase out support for sslv2 client hello
|
|
|
|
|
|
ssl servers can recognize sslv2 client hellos to interop with clients
that support higher version of SSL/TLS but also offers sslv2
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
|
|
|
|
This reverts commit e020f75c10410a6943cd055bfa072a2641eab7da.
|
|
|
|
|
|
* ingela/ssl/DH/OTP-13636:
ssl: Stronger default DH prime
|
|
* legoscia/ssl/tls-dist-more-opts/PR-956/OTP-13429:
Quote curly brackets in command line options
Avoid disappearing ETS tables in ssl_dist_SUITE
Fix db handle for TLS distribution crl_cache opts
Fix ssl_dist_SUITE logging on Windows
More logging in ssl_dist_SUITE
TLS distribution: crl_check and crl_cache options
Allow passing verify_fun for TLS distribution
More informative malformed_ssl_dist_opt error
|
|
|
|
|
|
|
|
The selection of CA cert files in ssl_ECC_SUITE and ssl_test_lib
ought to be refactored, it is quite confusing.
But use this workaround until we get time to make a refactor.
|
|
* joedevivo/ssl/PR-1063/OTP-13635:
ssl:recv timeout() can be 0
|
|
Some shells i.e the bash emulating sh regard curly brackets
as special characters so e.g {a,b,{}} is expanded to a b {} which
is by erlang regarded as 3 arguments instead of a 3-tuple.
Other shells e.g Bourne classic /bin/sh, the ash/dash variants
and public domain Korn shell all avoid this surprise.
|
|
* ingela/ssl/test-timeouts:
ssl: Increase timeouts due to slow test machines
|
|
|
|
gen_tcp:recv allows this, and if you're doing something like
Transport:recv(Socket, 0, 0), TCP will work and SSL will exit with
function_clause
There were other cases of this throughout the module. This PR cleans
them all up.
|
|
We do not want error reports that can leek secret information
into the logs.
|
|
|
|
There are a lot of cases where `ssl` application just returns unhelpful
`handshake failure` or `internal error`. This patch tries to provide
better diagnostics so operator can debug his SSL misconfiguration
without doing hardcore erlang debugging.
Here is an example escript that incorrectly uses server certificate as a
client one:
https://gist.github.com/binarin/35c34c2df7556bf04c8a878682ef3d67
With the patch it is properly reported as an error in "extended key
usage".
|
|
|
|
* ingela/ssl/doc-enhancment/ERL-131:
ssl: Add default values and clarifications
|
|
|
|
* kennethlakin/beast-mitigation-options/PR-1041/OTP-13629:
ssl: Add BEAST mitigation selection option
|
|
Some legacy TLS 1.0 software does not tolerate the 1/n-1 content
split BEAST mitigation technique. This commit adds a beast_mitigation
SSL option (defaulting to one_n_minus_one) to select or disable the
BEAST mitigation technique.
Valid option values are (one_n_minus_one | zero_n | disabled).
|
