aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2014-01-21Implement 'honor_cipher_order' SSL server-side optionAndrew Thompson
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz.
2014-01-21Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2014-01-15ssl: Prepare for releaseIngela Anderton Andin
2014-01-14ssl: fix elliptic curve selection in server modeAndreas Schultz
The server code erroneously took the list of curves supported by the client from it's own hello extension, effectively breaking curve selection all together. Also the default fallback secp256k1 curve is not supported by all clients. secp256r1 is recommended as part of the NIST Suite B cryptographic suites. The chances are much better that all clients support it, so use that as fallback.
2014-01-14ssl: Prepare for releaseIngela Anderton Andin
2014-01-14ssl: Add missing options validation of server_name_indicationIngela Anderton Andin
2014-01-13crypto: selective support for GF2m curvesAndreas Schultz
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves. Selectively enable GF2m curves is support for them is available.
2014-01-13ssl: add brainpool elliptic curves to TLS (RFC-7027)Andreas Schultz
2013-12-10Merge tag 'OTP_R16B03'Magnus Lidén
The R16B03 release Conflicts: lib/sasl/vsn.mk
2013-12-09Prepare releaseOTP_R16B03Erlang/OTP
2013-12-02Merge branch 'maint'Ingela Anderton Andin
2013-12-02ssl: Trap exitsIngela Anderton Andin
2013-12-02ssl: Refactor connetion handlingIngela Anderton Andin
2013-12-02ssl: API and supervisorIngela Anderton Andin
2013-12-02ssl: Dialyzer fixesIngela Anderton Andin
2013-12-02ssl: Test case enhancementIngela Anderton Andin
Make sure that test cases does not fail due to timing circumstances, use selective receive even if it means we can not use test library functions in some cases. TCP does not have delivery guarantee to application layer, so sometimes a error message {error, Msg} or {error, closed} can be acceptable.
2013-12-02ssl: Refactor APIIngela Anderton Andin
New design : ssl - Main tls - Reflect tls specific semantics dtls - Reflect dtls specific semantics
2013-12-02ssl, public_key: Dialyzer fixesIngela Anderton Andin
2013-12-02ssl: Refactor premaster secret handlingIngela Anderton Andin
2013-12-02ssl: Refactor connection and handshake handlingIngela Anderton Andin
2013-12-02ssl: Refactor handshake and record handlingIngela Anderton Andin
2013-11-20Merge branch 'maint'Hans Nilsson
2013-11-19ftp,ssl: Fixes broken type link (ssloption).Hans Nilsson
2013-11-11Merge branch 'maint'Fredrik Gustafsson
2013-11-06Update documentationJulien Barbot
2013-11-06Add a new server_name_indication option to ssl:connectJulien Barbot
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS.
2013-11-06Add SSL Server Name Indication (SNI) client supportJulien Barbot
See RFC 6066 section 3
2013-11-04Merge branch 'maint'Fredrik Gustafsson
2013-11-01Fix client_preferred_next_protocols documentationJulien Barbot
2013-10-31Merge branch 'maint'Fredrik Gustafsson
2013-10-31Remove extraneous dev debug code left in the close function.Ken Key
We do not need a traceback on every close in inet_tls_dist and this breaks using nodetool in control scripts on SSL clustered nodes
2013-10-23Merge branch 'RoadRunnr/fix_dtls_fragment_decoder/OTP-11376'Fredrik Gustafsson
* RoadRunnr/fix_dtls_fragment_decoder/OTP-11376: ssl: fix initialization of DTLS fragment reassembler
2013-10-14Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2013-10-14ssl: Fix dialyzer specIngela Anderton Andin
2013-10-14ssl: Honor TLS client ECC extensionIngela Anderton Andin
Also the server should only send ECC point formats extension not ECC curve extension.
2013-09-29ssl: fix initialization of DTLS fragment reassemblerAndreas Schultz
The DTLS fragment reassembler use a list [{Start, End}] for the fragments. When the first received fragment was not the starting fragment, that list got initialized with [{Start, Length}], causing the merge of following fragment to fail.
2013-09-17Merge tag 'OTP_R16B02'Magnus Lidén
The R16B02 release Conflicts: lib/sasl/vsn.mk
2013-09-16Prepare releaseOTP_R16B02Erlang/OTP
2013-09-10Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2013-09-10ssl: Prepare for releaseIngela Anderton Andin
2013-09-10Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2013-09-10ssl: Refactor TLS/DTLS record handlingIngela Anderton Andin
2013-09-10ssl: Dialyzer fixesIngela Anderton Andin
2013-09-10ssl: Solve rebase issuesIngela Anderton Andin
2013-09-10ssl: DTLS record handlingIngela Anderton Andin
Also refactor so that TLS and DTLS can have common functions when possible.
2013-09-10ssl: Add DTLS record primitivesAndreas Schultz
This code is to 99 % written by Andreas Schultz only some small changes to start integrating with OTPs DTLS solution.
2013-09-10ssl: Refactor to provide common handshake functions for TLS/DTLSIngela Anderton Andin
Common functions will be located in ssl_handshake.erl while specific functions will be located in tls_handshake.erl and dtls_handshake.erl
2013-09-10ssl: Add DTLS handshake primitivs.Andreas Schultz
This code is to 99 % written by Andreas Schultz only some small changes to start integrating with OTPs DTLS solution.
2013-09-03Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2013-09-02ssl: Do not advertise support for algorithms not supported by cryptoIngela Anderton Andin
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 20:15:26 +0000