aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2016-05-27ssl: Fix TLS version handling in dtls adepted testsIngela Anderton Andin
2016-05-27Merge branch 'ingela/ssl/doc-enhancment/ERL-131'Ingela Anderton Andin
* ingela/ssl/doc-enhancment/ERL-131: ssl: Add default values and clarifications
2016-05-27ssl: Add default values and clarificationsIngela Anderton Andin
2016-05-27Merge branch 'kennethlakin/beast-mitigation-options/PR-1041/OTP-13629'Ingela Anderton Andin
* kennethlakin/beast-mitigation-options/PR-1041/OTP-13629: ssl: Add BEAST mitigation selection option
2016-05-26ssl: Add BEAST mitigation selection optionKenneth Lakin
Some legacy TLS 1.0 software does not tolerate the 1/n-1 content split BEAST mitigation technique. This commit adds a beast_mitigation SSL option (defaulting to one_n_minus_one) to select or disable the BEAST mitigation technique. Valid option values are (one_n_minus_one | zero_n | disabled).
2016-05-25Use the -epmd_module flag consistentlyMagnus Henoch
If the -epmd_module flag has been specified on the command line, use that module to register and look up node names instead of the default, erl_epmd. Also document this option.
2016-05-23Merge branch 'ingela/ssl-httpc/ERL-144'Ingela Anderton Andin
* ingela/ssl-httpc/ERL-144: ssl: Send correct close message
2016-05-20ssl: Send correct close messageIngela Anderton Andin
2016-05-20ssl: Increase timeoutIngela Anderton Andin
We want to avoid tests timeing out regularly on slow test machines.
2016-05-20ssl: Remove use of test_server config macroIngela Anderton Andin
2016-05-20ssl: Disable DTLS test for nowIngela Anderton Andin
We are working on including DTLS support. And we want to include the contributed tests now before making planned enhancements to the test suits.
2016-05-20ssl: move TLS/DTLS version logging into helperAndreas Schultz
Consolidate code that logs TLS/DTLS version during testing into ssl_test_lib.
2016-05-20ssl: tests for DTLSAndreas Schultz
2016-05-19ssl: Setopts should be allowed in all statesIngela Anderton Andin
2016-05-16Merge branch 'ingela/ssl/cipher-suites-refactor'Ingela Anderton Andin
* ingela/ssl/cipher-suites-refactor: ssl: Refactor to make code easier to understand
2016-05-12ssl: Refactor to make code easier to understandIngela Anderton Andin
2016-05-12Revert "Prepare release"Erlang/OTP
This reverts commit bd64ad8e15d66e48b36dbe3584315dd5cfc8b59a.
2016-05-11Prepare releaseErlang/OTP
2016-05-10ssl: Correct test suiteIngela Anderton Andin
2016-05-10ssl: ordsets:intersection/2 did not give the expected resultIngela Anderton Andin
Turns out we can not count on the "hashsigns" sent by the client and the supported "hashigns" sets to have required properties of ordsets.
2016-05-09Merge branch 'ingela/ssl/prepare-for-release'Ingela Anderton Andin
* ingela/ssl/prepare-for-release: ssl: Prepare for release Conflicts: lib/ssl/vsn.mk
2016-05-09Merge branch 'kennethlakin/tls-use-negotiated-prf/PR-1042/OTP-13546'Ingela Anderton Andin
* kennethlakin/tls-use-negotiated-prf/PR-1042/OTP-13546: ssl: Use cipher suite's PRF in prf/5
2016-05-05ssl: Add reinitialization of handshake data lost in gen_statem refactorizationIngela Anderton Andin
2016-05-05ssl: Use cipher suite's PRF in prf/5Kenneth Lakin
Use the negotiated cipher suite's PRF algorithm in calls to ssl:prf/5, rather than a hard-coded one. For TLS 1.0 the PRF algorithm was hard-coded to MD5/SHA1. This was correct 100% of the time. For TLS 1.1 and 1.2 the PRF algorithm was hard-coded to SHA256. This was correct only some of the time for TLS 1.2 and none of the time for TLS 1.1. Because the TLS handshake code calls tls_v1:prf/5 through another path, the handshaking process used the negotiated PRF and did not encounter this bug. A new test (prf) has been added to ssl_basic_SUITE to guard against future breakage.
2016-05-04Merge branch 'maint-18'Henrik Nord
Conflicts: OTP_VERSION lib/common_test/test/ct_hooks_SUITE_data/cth/tests/ct_update_config_SUITE.erl lib/common_test/vsn.mk
2016-05-04Merge branch 'ingela/ssl-gen-statem/OTP-13464'Ingela Anderton Andin
* ingela/ssl-gen-statem/OTP-13464: ssl: Adapt DTLS to gen_statem ssl: Use gen_statem instead of gen_fsm
2016-05-04ssl: Correct and clean test suiteIngela Anderton Andin
Active option was not handled correctly in all places. Dead code has been removed.
2016-05-03ssl: Adapt DTLS to gen_statemIngela Anderton Andin
DTLS is not in working mode yet, but the gen_statem rewrite should make completion easier.
2016-05-03ssl: Use gen_statem instead of gen_fsmIngela Anderton Andin
Also reduce timing issues in tests
2016-05-03Prepare releaseErlang/OTP
2016-05-02Merge branch 'ingela/ssl-max-session-table/OTP-13490'Ingela Anderton Andin
* ingela/ssl-max-session-table/OTP-13490: ssl: Adjust max table to work as expected from documentation
2016-05-02Merge branch 'ingela/ssl/signature_algs_bug'Ingela Anderton Andin
* ingela/ssl/signature_algs_bug: ssl: Correct guard expression
2016-05-02Merge branch 'ingela/ssl/cipher_suites'Ingela Anderton Andin
* ingela/ssl/cipher_suites: ssl: Correct cipher suites conversion
2016-04-29ssl: Correct guard expressionIngela Anderton Andin
The guard should check that the TLS version is at least TLS-1.2.
2016-04-29ssl: Correct cipher suites conversionIngela Anderton Andin
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb Please enter the commit message for your changes. Lines starting
2016-04-29ssl: Correct guard expressionIngela Anderton Andin
The guard should check that the TLS version is at least TLS-1.2.
2016-04-29ssl: Correct cipher suites conversionIngela Anderton Andin
Correct conversion errors form commit d2381e1a8d7cd54f7dc0a5105d172460b005a8fb
2016-04-27Merge branch 'maint-18'Henrik Nord
Conflicts: OTP_VERSION lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl_cipher.erl lib/ssl/src/tls_v1.erl lib/ssl/test/ssl_basic_SUITE.erl
2016-04-26Update release notesErlang/OTP
2016-04-26Merge branch 'ingela/ssl/config-signature-algs/OTP-13261' into maint-18Erlang/OTP
* ingela/ssl/config-signature-algs/OTP-13261: ssl: Prepare for release ssl: Add option signature_algs
2016-04-25ssl: Corrections to cipher suite handlingIngela Anderton Andin
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples Conflicts: lib/ssl/test/ssl_basic_SUITE.erl
2016-04-25ssl: Remove use of crypto:rand_bytes/1Ingela Anderton Andin
ssl already used crypto:strong_rand_bytes/1 for most operations as its use cases are mostly cryptographical. Now crypto:strong_rand_bytes/1 will be used everywhere. However crypto:rand_bytes/1 was used as fallback if crypto:strong_rand_bytes/1 throws low_entropy, this will no longer be the case. This is a potential incompatibility. The fallback was introduced a long time ago for interoperability reasons. Now days this should not be a problem, and if it is, the security compromise is not acceptable anyway.
2016-04-22ssl: Corrections to cipher suite handlingIngela Anderton Andin
It was not possible to mix ssl 3 and 4 tuple cipher suites in the ciphers option. Some ssl_cipher:suite/1 clauses wrongly returned 3-tuples that should have been 4 tuples
2016-04-14ssl: Adjust max table to work as expected from documentationIngela Anderton Andin
The session table max size should be the configurable value Max and not Max + 1.
2016-04-13Merge branch 'henrik/update-copyrightyear'Henrik Nord
* henrik/update-copyrightyear: update copyright-year
2016-04-06ssl: Prepare for releaseIngela Anderton Andin
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-04-06ssl: Remove default support for use of md5 in TLS 1.2 signature algorithmsIngela Anderton Andin
2016-04-06ssl: Add option signature_algsIngela Anderton Andin
In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
2016-04-05ssl: Prepare for releaseIngela Anderton Andin