aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2014-01-28Merge branch 'ia/Vagabond/adt-honor-cipher-order/OTP-11621'Ingela Anderton Andin
* ia/Vagabond/adt-honor-cipher-order/OTP-11621: Implement 'honor_cipher_order' SSL server-side option
2014-01-24Merge tag 'OTP_R16B03-1'Magnus Lidén
The R16B03-1 release
2014-01-24Prepare releaseOTP_R16B03-1Erlang/OTP
2014-01-24Merge branch 'maint'Ingela Anderton Andin
Conflicts: otp_build
2014-01-22ssl: Incorrect inputed cipherlist lead server to think that the clientIngela Anderton Andin
did not support secure renegotiation
2014-01-22Merge branch 'dgud/test_unicode/OTP-10877'Dan Gudmundsson
* dgud/test_unicode/OTP-10877: sasl test: Quote executable paths (can contain spaces) rt_tools: Handle unicode chars in printouts kernel: code_SUITE fix unicode option Fix (unicode) debug info in test cases stdlib: Fix format if module resides in a unicode directory Fix testing with unicode paths test_server: Fix ts write unicode in config files
2014-01-21Implement 'honor_cipher_order' SSL server-side optionAndrew Thompson
HonorCipherOrder as implemented in Apache, nginx, lighttpd, etc. This instructs the server to prefer its own cipher ordering rather than the client's and can help protect against things like BEAST while maintaining compatability with clients which only support older ciphers. This code is mostly written by Andrew Thompson, only the test case was added by Andreas Schultz.
2014-01-21Merge branch 'ia/ssl/openssl-reneogtiation-bug'Ingela Anderton Andin
* ia/ssl/openssl-reneogtiation-bug: ssl: Add versions to check for sane OpenSSL version for renegotiation
2014-01-21Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2014-01-21Fix (unicode) debug info in test casesDan Gudmundsson
2014-01-15ssl: Prepare for releaseIngela Anderton Andin
2014-01-14ssl: fix elliptic curve selection in server modeAndreas Schultz
The server code erroneously took the list of curves supported by the client from it's own hello extension, effectively breaking curve selection all together. Also the default fallback secp256k1 curve is not supported by all clients. secp256r1 is recommended as part of the NIST Suite B cryptographic suites. The chances are much better that all clients support it, so use that as fallback.
2014-01-14ssl: Prepare for releaseIngela Anderton Andin
2014-01-14ssl: Add missing options validation of server_name_indicationIngela Anderton Andin
2014-01-14ssl: Add versions to check for sane OpenSSL version for renegotiationIngela Anderton Andin
2014-01-13crypto: selective support for GF2m curvesAndreas Schultz
Newer OpenSSL versions allow to selectively disable GF2m elliptic curves. Selectively enable GF2m curves is support for them is available.
2014-01-13ssl: add brainpool elliptic curves to TLS (RFC-7027)Andreas Schultz
2013-12-10Merge tag 'OTP_R16B03'Magnus Lidén
The R16B03 release Conflicts: lib/sasl/vsn.mk
2013-12-09Prepare releaseOTP_R16B03Erlang/OTP
2013-12-02Merge branch 'maint'Ingela Anderton Andin
2013-12-02ssl: Trap exitsIngela Anderton Andin
2013-12-02ssl: Refactor connetion handlingIngela Anderton Andin
2013-12-02ssl: API and supervisorIngela Anderton Andin
2013-12-02ssl: Dialyzer fixesIngela Anderton Andin
2013-12-02ssl: Test case enhancementIngela Anderton Andin
Make sure that test cases does not fail due to timing circumstances, use selective receive even if it means we can not use test library functions in some cases. TCP does not have delivery guarantee to application layer, so sometimes a error message {error, Msg} or {error, closed} can be acceptable.
2013-12-02ssl: Refactor APIIngela Anderton Andin
New design : ssl - Main tls - Reflect tls specific semantics dtls - Reflect dtls specific semantics
2013-12-02ssl, public_key: Dialyzer fixesIngela Anderton Andin
2013-12-02ssl: Refactor premaster secret handlingIngela Anderton Andin
2013-12-02ssl: Refactor connection and handshake handlingIngela Anderton Andin
2013-12-02ssl: Refactor handshake and record handlingIngela Anderton Andin
2013-11-20Merge branch 'maint'Hans Nilsson
2013-11-19ftp,ssl: Fixes broken type link (ssloption).Hans Nilsson
2013-11-11Merge branch 'maint'Fredrik Gustafsson
2013-11-06Update documentationJulien Barbot
2013-11-06Add a new server_name_indication option to ssl:connectJulien Barbot
- Set to disable to explicitly disable SNI support. - Set to a hostname when upgrading from TCP to TLS.
2013-11-06Add SSL Server Name Indication (SNI) client supportJulien Barbot
See RFC 6066 section 3
2013-11-04Merge branch 'maint'Fredrik Gustafsson
2013-11-01Fix client_preferred_next_protocols documentationJulien Barbot
2013-10-31Merge branch 'maint'Fredrik Gustafsson
2013-10-31Remove extraneous dev debug code left in the close function.Ken Key
We do not need a traceback on every close in inet_tls_dist and this breaks using nodetool in control scripts on SSL clustered nodes
2013-10-23Merge branch 'RoadRunnr/fix_dtls_fragment_decoder/OTP-11376'Fredrik Gustafsson
* RoadRunnr/fix_dtls_fragment_decoder/OTP-11376: ssl: fix initialization of DTLS fragment reassembler
2013-10-14Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2013-10-14ssl: Fix dialyzer specIngela Anderton Andin
2013-10-14ssl: Honor TLS client ECC extensionIngela Anderton Andin
Also the server should only send ECC point formats extension not ECC curve extension.
2013-09-29ssl: fix initialization of DTLS fragment reassemblerAndreas Schultz
The DTLS fragment reassembler use a list [{Start, End}] for the fragments. When the first received fragment was not the starting fragment, that list got initialized with [{Start, Length}], causing the merge of following fragment to fail.
2013-09-17Merge tag 'OTP_R16B02'Magnus Lidén
The R16B02 release Conflicts: lib/sasl/vsn.mk
2013-09-16Prepare releaseOTP_R16B02Erlang/OTP
2013-09-10Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
2013-09-10ssl: Prepare for releaseIngela Anderton Andin
2013-09-10Merge remote-tracking branch 'upstream/maint'Ingela Anderton Andin
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 17:34:30 +0000