Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-06-12 | ssl: Fix dialyzer specs to reflect reality | Ingela Anderton Andin | |
2014-06-12 | Merge branch 'ia/ssl/CSS/OTP-11975' into maint | Ingela Anderton Andin | |
* ia/ssl/CSS/OTP-11975: ssl: Make sure change cipher spec is correctly handled | |||
2014-06-11 | Merge branch 'ia/ssl/version-argument' into maint | Ingela Anderton Andin | |
* ia/ssl/version-argument: ssl: Version argument to ssl_cipher:anonymous_suites should not be added yet! | |||
2014-06-11 | ssl: Make sure change cipher spec is correctly handled | Ingela Anderton Andin | |
2014-06-11 | Merge branch 'qrilka/ssl-seconds-in-24h' into maint | Henrik Nord | |
* qrilka/ssl-seconds-in-24h: ssl: Fix incorrect number of seconds in 24 hours | |||
2014-06-05 | ssl: Version argument to ssl_cipher:anonymous_suites should not be added yet! | Ingela Anderton Andin | |
2014-06-05 | Merge branch 'ia/ssl/dumb-clients/OTP-11969' into maint | Ingela Anderton Andin | |
* ia/ssl/dumb-clients/OTP-11969: ssl: Avoid creating a huge session table | |||
2014-06-04 | Merge branch 'RoadRunnr/ssl/fix-tests' into maint | Marcus Arendt | |
* RoadRunnr/ssl/fix-tests: SSL: fix OpenSSL known renegotiation bug detection SSL: in tests, filter ssl client ciphers for version compatibility | |||
2014-06-04 | Merge branch 'ia/ssl/default-ciphers/OTP-11966' into maint | Ingela Anderton Andin | |
* ia/ssl/default-ciphers/OTP-11966: ssl: Workaround that gen_fsm does not call CB:format_status when CB:terminate crashes. SSL: always filter the full list of supported ciphers against the supported algorithms ssl: Filter default ciphers for supported Crypto algorihms | |||
2014-06-03 | ssl: Workaround that gen_fsm does not call CB:format_status when CB:terminate | Ingela Anderton Andin | |
crashes. | |||
2014-06-03 | SSL: always filter the full list of supported ciphers against the supported ↵ | Andreas Schultz | |
algorithms With the addition of more ciphers that are not supported in all configurations, using a manually prefiltered cipher list (e.g. EC vs. non-EC ciphers) becomes to complex. Replace the manual split with ssl_cipher:filter_suites/1 in all places. Conflicts: lib/ssl/src/ssl.erl lib/ssl/src/tls_v1.erl | |||
2014-05-28 | ssl: Fix incorrect number of seconds in 24 hours | Kirill Zaborsky | |
24 hours in seconds should be equal to 86400 and 86400000 in milliseconds | |||
2014-05-28 | SSL: fix OpenSSL known renegotiation bug detection | Andreas Schultz | |
The OpenSSL detection match would actually consider all 1.0.1 versions as affected when really only 1.0.1 - 1.0.1c are. | |||
2014-05-28 | SSL: in tests, filter ssl client ciphers for version compatibility | Andreas Schultz | |
Some psk and some not yet supported anonymous suites are only supported with TLS version >= 1.2. This adds them to the tests and makes sure that they are not tested on TLS versions that do not support them. | |||
2014-05-28 | ssl: Filter default ciphers for supported Crypto algorihms | Ingela Anderton Andin | |
2014-05-28 | ssl: Prepare for release | Ingela Anderton Andin | |
2014-05-27 | ssl: Correct test SUITE | Ingela Anderton Andin | |
2014-05-27 | ssl: Add format_status function to ssl connection process | Ingela Anderton Andin | |
2014-05-26 | ssl: Add ssl options to listen options tracker | Ingela Anderton Andin | |
2014-05-26 | ssl: Move init | Ingela Anderton Andin | |
2014-05-22 | Merge branch 'dz/fix_ssl_max_seq_num' into maint | Marcus Arendt | |
* dz/fix_ssl_max_seq_num: ssl: fix max sequence number so it does not overflow | |||
2014-05-14 | ssl: Fix dialyzer spec | Ingela Anderton Andin | |
2014-05-13 | ssl: Only allow one next protocol handsake message | Ingela Anderton Andin | |
2014-05-12 | Merge branch 'ia/ssl/inherit/OTP-11897' into maint | Ingela Anderton Andin | |
* ia/ssl/inherit/OTP-11897: ssl: Handle socket option inheritance when pooling of accept sockets is used | |||
2014-05-10 | ssl: fix max sequence number so it does not overflow | Danil Zagoskin | |
The old value of 18446744073709552000 was calculated using math:pow which returns float therefore isn't precise. And it would overflow: erlang:integer_to_list(18446744073709552000, 16) = "10000000000000180" This patch changes MAX_SEQENCE_NUMBER to value calculated with bitwise shift: (1 bsl 64) - 1 = 18446744073709551615 | |||
2014-05-09 | Merge branch 'ia/ssl/false-alerts/OTP-11890' into maint | Ingela Anderton Andin | |
* ia/ssl/false-alerts/OTP-11890: ssl: Add checks to avoid processing of illegal alerts | |||
2014-05-09 | ssl: Handle socket option inheritance when pooling of accept sockets is used | Ingela Anderton Andin | |
Implement a listen socket tracker process that holds the emulated socket options so that it is possible to implement a destructive ssl:setopts on SSL/TLS listen sockets without changing the options of the internal socket as we want that socket to have the internal socket option values. | |||
2014-05-07 | ssl: SSL/TLS version input list shall not be order dependent | Ingela Anderton Andin | |
2014-04-30 | ssl: Add checks to avoid processing of illegal alerts | Ingela Anderton Andin | |
2014-04-24 | ssl: Fixes ssl_crl_SUITE errors on mixed ipv6-v4 interfaces | Hans Nilsson | |
2014-04-24 | ssl: Remove outdated documentation | Ingela Anderton Andin | |
2014-04-23 | ssl: Fix crash on garbage during handshake | Danil Zagoskin | |
If a client sends some garbage in ssl record instead of valid fragment, server crashes with function_clause while receiving next record from client. This patch makes server raise handshake failure instead of crashing and exposing internal state to user code. | |||
2014-04-23 | ssl: Refactor so that there is only one source for the default hashsign values | Ingela Anderton Andin | |
Also fix DTLS call to supply its corresponding TLS version | |||
2014-04-23 | ssl: always pass negotiated version when selecting hashsign | Danil Zagoskin | |
Negotiated version is now always passed to ssl_handshake:select_hashsign because ssl_handshake:select_cert_hashsign has different rsa defaults on tlsv1.2 and older versions. | |||
2014-04-23 | ssl: TLSv1.2: proper default sign algo for RSA | Danil Zagoskin | |
2014-04-22 | Merge branch 'ia/ssl/decrypt-alert/OTP-11880' into maint | Ingela Anderton Andin | |
* ia/ssl/decrypt-alert/OTP-11880: ssl: Correct decryption error handling | |||
2014-04-22 | Merge branch 'ia/ssl/recv/OTP-11878' into maint | Ingela Anderton Andin | |
* ia/ssl/recv/OTP-11878: ssl: recv shall ruturn {error, einval} on active socket | |||
2014-04-22 | Merge branch 'ia/ssl/suites-match-negotiated-version/OTP-11875' into maint | Ingela Anderton Andin | |
* ia/ssl/suites-match-negotiated-version/OTP-11875: ssl: Select supported cipher suites for the negotiated SSL/TLS-version | |||
2014-04-17 | ssl: Correct decryption error handling | Ingela Anderton Andin | |
2014-04-17 | ssl: recv shall ruturn {error, einval} on active socket | Ingela Anderton Andin | |
2014-04-17 | ssl: Graceful handling of warning alerts | Ingela Anderton Andin | |
Generalize last warning alert function clause | |||
2014-04-16 | ssl: Select supported cipher suites for the negotiated SSL/TLS-version | Ingela Anderton Andin | |
When selecting the available cipher suites for the server all cipher suites for the highest supported SSL/TLS-version would be selected, and not all supported for the negotiated SSL/TLS-version. This could lead to that faulty clients could negotiate cipher suites that they can not support. This change will enable the faulty client to negotiate another cipher suite that it can support. | |||
2014-04-11 | ssl: Avoid creating a huge session table | Ingela Anderton Andin | |
2014-04-07 | Update release notes | Erlang/OTP | |
2014-03-31 | Merge branch 'ia/ssl/accept-with-options' | Ingela Anderton Andin | |
* ia/ssl/accept-with-options: ssl: Add possibility to specify ssl options when calling ssl:ssl_accept | |||
2014-03-31 | ssl: Add possibility to specify ssl options when calling ssl:ssl_accept | Ingela Anderton Andin | |
2014-03-28 | ssl: Testing - sha256 digest not supported on all platforms | Björn-Egil Dahlberg | |
Certificates uses: default_md = sha256 This is not supported on all test platforms, use md5 instead for testing. | |||
2014-03-28 | ssl: fix crl test suite error with unexpected web server response | Hans Nilsson | |
2014-03-26 | ssl, pubkey: Code and test adjustments | Hans Nilsson | |
2014-03-26 | Rework IDP validation according to the RFC, fix public_key tests | Andrew Thompson | |