aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2017-06-14Merge remote-tracking branch 'ingela/ingela/dtls/client-hello-verify/ERL-434'Hans Nilsson
2017-06-13dtls: Make HelloVerifyRequest version adhere to RFCIngela Anderton Andin
ERL-434 RFC6347 says about hello_verify_request version field as follow https://tools.ietf.org/html/rfc6347#page-16 The server_version field has the same syntax as in TLS. However, in order to avoid the requirement to do version negotiation in the initial handshake, DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be negotiated. But current DTLS server responses DTLS1.2 instead of DTLS1.0.
2017-06-13ssl: Correct epoch handlingIngela Anderton Andin
Consideration of which Epoch a message belongs to is needed in the dtls_connection:next_record function too.
2017-06-13Merge branch 'ingela/ssl/dtls-doc'Ingela Anderton Andin
* ingela/ssl/dtls-doc: ssl: Document DTLS
2017-06-10dtls: Handle getopts and setopts for DTLSIngela Anderton Andin
2017-06-07ssl: Document DTLSIngela Anderton Andin
2017-06-07dtls: Fetch next DTLS record when dropping resent handshake dataIngela Anderton Andin
2017-06-07dtls: Use enter actionsIngela Anderton Andin
Using enter actions for retransmission timers makes the code easier to understand. Previously the retransmission timer was incorrectly started in the connection state. Using enter actions feels like a cleaner approach than bloating the state with more flags.
2017-06-02Merge pull request #1479 from weisslj/fix-missing-ssl-closeIngela Andin
Correct close semantics for active once connections. This was a timing dependent bug the resulted in the close message not always reaching the ssl user process. OTP-14443
2017-05-31Revert "Prepare release"Hans Nilsson
This reverts commit eaf8ca41dfa4850437ad270d3897399c9358ced0.
2017-05-30Better fix for non-delivery of ssl_closed message in active onceIngela Andin
This is taken from https://github.com/erlang/otp/pull/1479#issuecomment-304667528 with permission from Ingela Andin and improves commit 8abe16c22d.
2017-05-30Prepare releaseErlang/OTP
2017-05-25Fix non-delivery of ssl_closed message in active onceJohannes Weißl
The commit 8b10920 (OTP 19.3.1) fixed the non-delivery of final TLS record in {active, once}, but this causes the ssl_closed message to be lost when the TCP connection closes before ssl:close/1. The patch restores the behavior of OTP 18. This is the second part to fix https://bugs.erlang.org/browse/ERL-420
2017-05-23dtls: Check for retransmitted changes_cipher_spec messagesIngela Anderton Andin
Make sure to use current epoch as input to send_handshake_flight.
2017-05-23dtls: Ask for next DTLS record when disregarding future packetIngela Anderton Andin
2017-05-22ssl: Handle econnreset windows obscuritiesIngela Anderton Andin
An UDP socket does note have a connection and should not recive econnreset, however this happens on on some windows versions. Just ignoring it appears to make things work as expected!
2017-05-19ssl: Improve testsIngela Anderton Andin
Test should check that we get the expected key exchange algorithm for the provided server cert. We do not want to test OpenSSL s_server. Do not try to test cipher suites against OpenSSL that it does not support.
2017-05-19ssl: Add missing algorithm ecdh_ecdsaIngela Anderton Andin
2017-05-16Merge branch 'ingela/dtls/opts'Ingela Anderton Andin
* ingela/dtls/opts: ssl: Adopt setopts and getopts for DTLS
2017-05-16ssl: Adopt setopts and getopts for DTLSIngela Anderton Andin
2017-05-16ssl: Remove debug printoutIngela Anderton Andin
2017-05-16Merge branch 'ingela/dtls/replay-protect/OTP-14077'Ingela Anderton Andin
* ingela/dtls/replay-protect/OTP-14077: dtls: Implement replay protection
2017-05-16dtls: Implement replay protectionIngela Anderton Andin
See RFC 6347 section 3.3
2017-05-15Merge branch 'ingela/ssl/bench-certs'Ingela Anderton Andin
* ingela/ssl/bench-certs: ssl: Disable Server Name verification in bench tests for now
2017-05-15ssl: Disable Server Name verification in bench tests for nowIngela Anderton Andin
2017-05-12Merge branch 'maint'Hans Nilsson
Conflicts: OTP_VERSION lib/inets/vsn.mk lib/ssl/vsn.mk
2017-05-11Prepare releaseErlang/OTP
2017-05-11removed ct:pal call in ssl_connectionJoe DeVivo
2017-05-11Merge branch 'ingela/ssl/windows-cuddle'Ingela Anderton Andin
* ingela/ssl/windows-cuddle: ssl: Only run sslv2 reject tests on old OpenSSL version ssl: Try to workaround OpenSSL windows obscurities
2017-05-09ssl: Only run sslv2 reject tests on old OpenSSL versionIngela Anderton Andin
2017-05-08ssl: Try to workaround OpenSSL windows obscuritiesIngela Anderton Andin
2017-05-06ssl: Add hostname check of server certificateIngela Anderton Andin
When the server_name_indication is sent automatize the clients check of that the hostname is present in the servers certificate. Currently server_name_indication shall be on the dns_id format. If server_name_indication is disabled it is up to the user to do its own check in the verify_fun.
2017-05-05Revert "Prepare release"Raimo Niskanen
This reverts commit dc57404252c47520f352834ad9be45ad684f96c9.
2017-05-04Prepare releaseErlang/OTP
2017-05-04Update copyright yearRaimo Niskanen
2017-05-03ssl: Move missing release note fix to correct placeIngela Anderton Andin
Commit 87584ae85893df917ca83cb0c40748fd4da0f3bc added missing release note but not in the correct place.
2017-05-02ssl: Add missing release noteIngela Anderton Andin
2017-04-28ssl: Prepare for releaseIngela Anderton Andin
2017-04-28Merge branch 'ingela/ssl/cacha-default/OTP-14382'Ingela Anderton Andin
* ingela/ssl/cacha-default/OTP-14382: ssl: Cacha is currently not tested enough to be most prefered.
2017-04-28ssl: Cacha is currently not tested enough to be most prefered.Ingela Anderton Andin
2017-04-26ssl: Correct DTLS mac handlingIngela Anderton Andin
2017-04-21ssl: TLS-1.2 clients will now always send hello messages on its own format.Ingela Anderton Andin
Note this is a change form how it works for earlier versions that will send the first hello message on the lowest supported version. From RFC 5246 Appendix E. Backward Compatibility E.1. Compatibility with TLS 1.0/1.1 and SSL 3.0 Since there are various versions of TLS (1.0, 1.1, 1.2, and any future versions) and SSL (2.0 and 3.0), means are needed to negotiate the specific protocol version to use. The TLS protocol provides a built-in mechanism for version negotiation so as not to bother other protocol components with the complexities of version selection. TLS versions 1.0, 1.1, and 1.2, and SSL 3.0 are very similar, and use compatible ClientHello messages; thus, supporting all of them is relatively easy. Similarly, servers can easily handle clients trying to use future versions of TLS as long as the ClientHello format remains compatible, and the client supports the highest protocol version available in the server. A TLS 1.2 client who wishes to negotiate with such older servers will send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in ClientHello.client_version. If the server does not support this version, it will respond with a ServerHello containing an older version number. If the client agrees to use this version, the negotiation will proceed as appropriate for the negotiated protocol. If the version chosen by the server is not supported by the client (or not acceptable), the client MUST send a "protocol_version" alert message and close the connection. If a TLS server receives a ClientHello containing a version number greater than the highest version supported by the server, it MUST reply according to the highest version supported by the server. A TLS server can also receive a ClientHello containing a version number smaller than the highest supported version. If the server wishes to negotiate with old clients, it will proceed as appropriate for the highest version supported by the server that is not greater than ClientHello.client_version. For example, if the server supports TLS 1.0, 1.1, and 1.2, and client_version is TLS 1.0, the server will proceed with a TLS 1.0 ServerHello. If server supports (or is willing to use) only versions greater than client_version, it MUST send a "protocol_version" alert message and close the connection. Whenever a client already knows the highest protocol version known to a server (for example, when resuming a session), it SHOULD initiate the connection in that native protocol. Note: some server implementations are known to implement version negotiation incorrectly. For example, there are buggy TLS 1.0 servers that simply close the connection when the client offers a version newer than TLS 1.0. Also, it is known that some servers will refuse the connection if any TLS extensions are included in ClientHello. Interoperability with such buggy servers is a complex topic beyond the scope of this document, and may require multiple connection attempts by the client. Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed). Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello. TLS clients that wish to negotiate with older servers MAY send any value {03,XX} as the record layer version number. Typical values would be {03,00}, the lowest version number supported by the client, and the value of ClientHello.client_version. No single value will guarantee interoperability with all old servers, but this is a complex topic beyond the scope of this document.
2017-04-21Merge branch 'ingela/ssl/AEAD'Ingela Anderton Andin
* ingela/ssl/AEAD: ssl, dtls: Refactor so that DTLS records are handled correctly together with AEAD handling ssl, dtls: Correct integer type for sequence number
2017-04-21ssl: Rewrite test data generationIngela Anderton Andin
With the new help functions for creating test data we can simplify the code. And sometimes corrections have been made so that the test actually perform the test intended.
2017-04-13ssl, dtls: Refactor so that DTLS records are handled correctly together with ↵Ingela Anderton Andin
AEAD handling
2017-04-13ssl, dtls: Correct integer type for sequence numberIngela Anderton Andin
2017-04-13dtls: Correct cookie map nameIngela Anderton Andin
2017-04-13dtls: Fix active once emulation for DTLSIngela Anderton Andin
2017-04-12ssl: Generate correct certificate chains for the ECC testsIngela Anderton Andin
The certificate chain handling had become quite entangled and was not correct.
2017-04-05Merge branch 'ingela/ssl/dtls-cookie/OTP-14076'Ingela Anderton Andin
* ingela/ssl/dtls-cookie/OTP-14076: dtls: Implement DTLS cookie secret generation