aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2018-03-14Merge branch 'ingela/ssl/no-sslv2-hello-support/OTP-14824'Ingela Anderton Andin
* ingela/ssl/no-sslv2-hello-support/OTP-14824: ssl: Remove interoperability option v2_hello_compatible
2018-03-13Merge branch 'hasse/dialyzer/extra-range/OTP-14970'Hans Bolinder
* hasse/dialyzer/extra-range/OTP-14970: ssl: Correct some specs os_mon: Correct a spec Fix broken spec in beam_asm Dialyzer should not throw away spec information because of overspec
2018-03-13ssl: Correct some specsHans Bolinder
2018-03-09Merge branch 'peterdmv/use_uri_string/OTP-14902'Péter Dimitrov
* peterdmv/use_uri_string/OTP-14902: common_test: Use uri_string ssl: Use uri_string public_key: Use uri_string observer: Use uri_string Change-Id: I4beac2289db039cc7d566807727c5aaf7fadf942
2018-03-09ssl: Remove interoperability option v2_hello_compatibleIngela Anderton Andin
2018-03-08ssl: Use uri_stringPéter Dimitrov
Change-Id: I1249b93b1e4a971cf1af2cb96a65563e23117e2b
2018-03-08Merge branch 'ingela/ssl/no-automated-fallback/OTP-14789'Ingela Anderton Andin
2018-03-08ssl: Increase security with safer defaultIngela Anderton Andin
The interoperability option to fallback to insecure renegotiation now has to be explicitly turned on.
2018-03-06Merge branch 'maint'Ingela Anderton Andin
2018-03-06ssl: Fix anonymous suites regression and protocol errorBram Verburg
Anonymous cipher suites were broken altogether, and there was an earlier issue where the server would send a signature in the server key exchange if a certificate was configured, even if an anonymous suite was actually negotiated. Backport of PR-1729
2018-03-06Merge branch 'maint'Anders Svensson
2018-03-05[ssl] Fix hanging test case on outdated lab machineLars Thorsen
2018-03-05Merge branch 'maint'Ingela Anderton Andin
2018-03-05ssl: Correct AEAD handlingIngela Anderton Andin
Cipher suite handling improvments missed to make a few changes for AEAD to be handled correctly see ERL-568
2018-03-02Merge branch 'maint'Hans Nilsson
* maint: Updated OTP version Prepare release ssl: Prepare for release ssl: Backport PR-1709 ssh: Fix cli ssh: Test for disabled shell
2018-03-02Merge branch 'maint-19' into maintHans Nilsson
* maint-19: Updated OTP version Prepare release ssl: Prepare for release ssl: Backport PR-1709 ssh: Fix cli ssh: Test for disabled shell Conflicts: OTP_VERSION lib/ssh/doc/src/notes.xml lib/ssh/src/ssh.erl lib/ssh/vsn.mk lib/ssl/doc/src/notes.xml lib/ssl/vsn.mk otp_versions.table
2018-02-28Prepare releaseErlang/OTP
2018-02-19ssl: Prepare for releaseIngela Anderton Andin
2018-02-19ssl: Backport PR-1709Ingela Anderton Andin
2018-02-12Merge branch 'maint'Ingela Anderton Andin
2018-02-12Merge pull request #1709 from ↵Ingela Andin
dumbbell/dumbbell/ssl/fix-active-once-dropped-when-handling-alert/ERL-562 ssl: Fix alert handling so that unexpected messages are logged and alerted correctly
2018-02-09ssl: Add the unexpected message to #alert{}Jean-Sébastien Pédron
... in handle_common_event(), instead of passing it to handle_own_alert() after wrapping it in a tuple with `StateName` (i.e. `{StateName, Msg}`). The `StateName` is passed to handle_normal_shutdown() and to alert_user(). The latter has a clause matching it against `connection`. Unfortunately, when the argument was in fact `{StateName, Msg}`, another clause was executed which dropped the `active` flag value and forced it to `false`, even if the state was actually `connection`. It meant that later in send_or_reply(), the alert was not propagated to the user, even though it should (`active` set to `true` or `once`). Now that handle_common_event() always passes the actual `StateName`, the problem is fixed. ERL-562
2018-02-07Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl lib/ssl/src/ssl_cipher.erl lib/ssl/test/ssl_basic_SUITE.erl lib/ssl/test/ssl_test_lib.erl
2018-02-07ssl: Make sure anonymous suites are handled separatelyIngela Anderton Andin
Preferably customized cipher suites will be based on the default value. But all may be used as base and hence it will be good to handle anonymous suites separately as they are intended for testing purposes.
2018-02-05ssl: Add UG examlesIngela Anderton Andin
2018-02-05ssl: Uses aead as mac value in AEAD cipher suitesIngela Anderton Andin
Authenticated encryption (AE) and authenticated encryption with associated data (AEAD, variant of AE) is a form of encryption which simultaneously provides confidentiality, integrity, and authenticity assurances on the data. This is more logical value then null that was used, this happened to work as the AEAD property was derived form other data, but it is confusing!
2018-02-05ssl: Add new API functions for cipher suite handlingIngela Anderton Andin
2018-01-26Merge branch 'maint'Ingela Anderton Andin
2018-01-25Merge branch 'ingela/DTLS-supported'Ingela Anderton Andin
* ingela/DTLS-supported: ssl: Fix typo dtls: Add DTLS handling to utility functions ssl: Document enhancment ssl: Document DTLS
2018-01-25ssl: Fix typoIngela Anderton Andin
2018-01-25ssl: Check OpenSSL version for DSS (DSA) supportIngela Anderton Andin
LibreSSL-2.6.3 dropped DSS (DSA) support
2018-01-24Merge branch 'maint'Ingela Anderton Andin
2018-01-23ssl: Add record version sanity checkIngela Anderton Andin
2018-01-22Merge branch 'ingela/ssl/no-chacha-default-for-now/ERL-538/OTP-14882'Ingela Anderton Andin
* ingela/ssl/no-chacha-default-for-now/ERL-538/OTP-14882: ssl: Remove chacha ciphers form default for now
2018-01-22ssl: Remove chacha ciphers form default for nowIngela Anderton Andin
We have discovered interoperability problems, ERL-538, that we believe needs to be solved in crypto.
2018-01-19ssl: Remove 3DES cipher suites from defaultIngela Anderton Andin
2018-01-17dtls: Add DTLS handling to utility functionsIngela Anderton Andin
2018-01-16Merge branch 'ingela/ssl/remove-rsa-keyexchange-from-default/OTP-14769'Ingela Anderton Andin
* ingela/ssl/remove-rsa-keyexchange-from-default/OTP-14769: ssl: RSA key exchange is considered broken do not support by default
2018-01-16ssl: RSA key exchange is considered broken do not support by defaultIngela Anderton Andin
2018-01-15Merge branch 'maint'Ingela Anderton Andin
* maint: ssl: Call clean version function
2018-01-15Merge branch 'ingela/ssl/test-cuddle' into maintIngela Anderton Andin
* ingela/ssl/test-cuddle: ssl: Call clean version function
2018-01-15ssl: Call clean version functionIngela Anderton Andin
Make sure tests are run with intended version settings.
2018-01-12Merge branch 'maint'Ingela Anderton Andin
2018-01-11ssl: Correct function for listing RC4 suitesIngela Anderton Andin
2018-01-11Merge branch 'maint'Ingela Anderton Andin
2018-01-11Merge branch 'ingela/ssl/timeout-cuddle' into maintIngela Anderton Andin
* ingela/ssl/timeout-cuddle: ssl: Tune timeouts
2018-01-11ssl: Tune timeoutsIngela Anderton Andin
2018-01-09Merge branch 'maint'Ingela Anderton Andin
2018-01-07dtls: Filter out rc4 for DTLS psk suitesIngela Anderton Andin
Stream ciphers are not valid fro DTLS
2018-01-06dtls: We do not need to wait for DTLS over UDP serverIngela Anderton Andin
Client will retransmit until server becomes responsive