aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2018-08-06ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-07-20Prepare releaseErlang/OTP
2018-07-20Merge branch 'ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193' into maint-20Erlang/OTP
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193: ssl: Engine key trumps certfile option
2018-07-17ssl: Engine key trumps certfile optionIngela Anderton Andin
2018-07-10ssl: Prepare for releaseIngela Anderton Andin
2018-07-10ssl: Fix test case to only check relevant info for the testIngela Anderton Andin
Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2018-07-10ssl: Correct connection_information on ECC-curvesIngela Anderton Andin
2018-07-10ssl: No cipher suite sign restriction in TLS-1.2Ingela Anderton Andin
Conflicts: lib/ssl/test/ssl_ECC_SUITE.erl
2018-07-10ssl: Add psk as anonymous key exchange in ssl_handshake:select_hashsign/5Ingela Anderton Andin
Failing to recognize psk as an anonymous key exchange would fail the connection when trying to decode an undefined certificate.
2018-07-10ssl: anon test should use dh or ecdh anon keyexchangeIngela Anderton Andin
2018-07-10ssl: Correct key_usage checkIngela Anderton Andin
The Key Usage extension is described in section 4.2.1.3 of X.509, with the following possible flags: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), -- recent editions of X.509 have -- renamed this bit to contentCommitment keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) } In SSL/TLS, when the server certificate contains a RSA key, then: either a DHE or ECDHE cipher suite is used, in which case the RSA key is used for a signature (see section 7.4.3 of RFC 5246: the "Server Key Exchange" message); this exercises the digitalSignature key usage; or "plain RSA" is used, with a random value (the 48-byte pre-master secret) being encrypted by the client with the server's public key (see section 7.4.7.1 of RFC 5246); this is right in the definition of the keyEncipherment key usage flag. dataEncipherment does not apply, because what is encrypted is not directly meaningful data, but a value which is mostly generated randomly and used to derive symmetric keys. keyAgreement does not apply either, because that one is for key agreement algorithms which are not a case of asymmetric encryption (e.g. Diffie-Hellman). The keyAgreement usage flag would appear in a certificate which contains a DH key, not a RSA key. nonRepudiation is not used, because whatever is signed as part of a SSL/TLS key exchange cannot be used as proof for a third party (there is nothing in a SSL/TLS tunnel that the client could record and then use to convince a judge when tring to sue the server itself; the data which is exchanged within the tunnel is not signed by the server). When a ECDSA key is used then "keyAgreement" flag is needed for beeing ECDH "capable" (as opposed to ephemeral ECDHE)
2018-07-10ssl: Fix ECDSA key decode clauseIngela Anderton Andin
2018-07-10ssl: Avoid hardcoding of cipher suites and fix ECDH suite handlingIngela Anderton Andin
ECDH suite handling did not use the EC parameters form the certs as expected. Conflicts: lib/ssl/src/ssl_cipher.erl
2018-07-10ssl: Run all test case combinationsIngela Anderton Andin
Fix test case code to use keyAgreement for ECDH_ECDSA Conflicts: lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl lib/ssl/test/ssl_to_openssl_SUITE.erl
2018-07-10ssl: Correct ECC suite and DTLS ECC handlingIngela Anderton Andin
When test handling was corrected it was obvious that DTLS ECC handling was not compleated. Conflicts: lib/ssl/src/ssl.erl lib/ssl/test/Makefile lib/ssl/test/ssl_ECC.erl lib/ssl/test/ssl_ECC_SUITE.erl lib/ssl/test/ssl_ECC_openssl_SUITE.erl
2018-05-02Update release notesErlang/OTP
2018-04-27ssl: Prepare for releaseIngela Anderton Andin
2018-04-27ssl: Proper handling of clients that choose to send an emptyIngela Anderton Andin
answer to a certificate request Solves ERL-599
2018-03-15Update release notesErlang/OTP
2018-03-15ssl: Prepare for releaseIngela Anderton Andin
2018-03-15ssl: Remove duplicate release noteIngela Anderton Andin
2018-03-15ssl: Fix filter function to not discard AEAD cipher suitesIngela Anderton Andin
2018-03-09Update release notesErlang/OTP
2018-03-09Update version numbersErlang/OTP
2018-03-06ssl: Fix anonymous suites regression and protocol errorBram Verburg
Anonymous cipher suites were broken altogether, and there was an earlier issue where the server would send a signature in the server key exchange if a certificate was configured, even if an anonymous suite was actually negotiated. Backport of PR-1729
2018-03-05[ssl] Fix hanging test case on outdated lab machineLars Thorsen
2018-03-05ssl: Correct AEAD handlingIngela Anderton Andin
Cipher suite handling improvments missed to make a few changes for AEAD to be handled correctly see ERL-568
2018-03-02Merge branch 'maint-19' into maintHans Nilsson
* maint-19: Updated OTP version Prepare release ssl: Prepare for release ssl: Backport PR-1709 ssh: Fix cli ssh: Test for disabled shell Conflicts: OTP_VERSION lib/ssh/doc/src/notes.xml lib/ssh/src/ssh.erl lib/ssh/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/vsn.mk otp_versions.table
2018-02-28Prepare releaseErlang/OTP
2018-02-19ssl: Prepare for releaseIngela Anderton Andin
2018-02-19ssl: Backport PR-1709Ingela Anderton Andin
2018-02-12Merge pull request #1709 from ↵Ingela Andin
dumbbell/dumbbell/ssl/fix-active-once-dropped-when-handling-alert/ERL-562 ssl: Fix alert handling so that unexpected messages are logged and alerted correctly
2018-02-09ssl: Add the unexpected message to #alert{}Jean-Sébastien Pédron
... in handle_common_event(), instead of passing it to handle_own_alert() after wrapping it in a tuple with `StateName` (i.e. `{StateName, Msg}`). The `StateName` is passed to handle_normal_shutdown() and to alert_user(). The latter has a clause matching it against `connection`. Unfortunately, when the argument was in fact `{StateName, Msg}`, another clause was executed which dropped the `active` flag value and forced it to `false`, even if the state was actually `connection`. It meant that later in send_or_reply(), the alert was not propagated to the user, even though it should (`active` set to `true` or `once`). Now that handle_common_event() always passes the actual `StateName`, the problem is fixed. ERL-562
2018-02-07ssl: Make sure anonymous suites are handled separatelyIngela Anderton Andin
Preferably customized cipher suites will be based on the default value. But all may be used as base and hence it will be good to handle anonymous suites separately as they are intended for testing purposes.
2018-02-05ssl: Add UG examlesIngela Anderton Andin
2018-02-05ssl: Uses aead as mac value in AEAD cipher suitesIngela Anderton Andin
Authenticated encryption (AE) and authenticated encryption with associated data (AEAD, variant of AE) is a form of encryption which simultaneously provides confidentiality, integrity, and authenticity assurances on the data. This is more logical value then null that was used, this happened to work as the AEAD property was derived form other data, but it is confusing!
2018-02-05ssl: Add new API functions for cipher suite handlingIngela Anderton Andin
2018-01-25ssl: Check OpenSSL version for DSS (DSA) supportIngela Anderton Andin
LibreSSL-2.6.3 dropped DSS (DSA) support
2018-01-23ssl: Add record version sanity checkIngela Anderton Andin
2018-01-15Merge branch 'ingela/ssl/test-cuddle' into maintIngela Anderton Andin
* ingela/ssl/test-cuddle: ssl: Call clean version function
2018-01-15ssl: Call clean version functionIngela Anderton Andin
Make sure tests are run with intended version settings.
2018-01-11ssl: Correct function for listing RC4 suitesIngela Anderton Andin
2018-01-11Merge branch 'ingela/ssl/timeout-cuddle' into maintIngela Anderton Andin
* ingela/ssl/timeout-cuddle: ssl: Tune timeouts
2018-01-11ssl: Tune timeoutsIngela Anderton Andin
2018-01-07dtls: Filter out rc4 for DTLS psk suitesIngela Anderton Andin
Stream ciphers are not valid fro DTLS
2018-01-06dtls: We do not need to wait for DTLS over UDP serverIngela Anderton Andin
Client will retransmit until server becomes responsive
2018-01-04ssl: Prevent error handling race conditionIngela Anderton Andin
ERL-539
2017-12-20dtls: Add handling of lost key exchange in cipher stateIngela Anderton Andin
2017-12-20ssl: Correct DTLS client close handlingIngela Anderton Andin
2017-12-20Merge branch 'ingela/dtls-cuddling' into maintIngela Anderton Andin
* ingela/dtls-cuddling: dtls: Correct UDP listener cleanup dtls: Correct return value in UDP listener initialization