Age | Commit message (Collapse) | Author |
|
* maint:
ssl: Improve openssl interop tests
Change-Id: I5eec73687e9693ab5b08953c5e3db0d09cfd1690
|
|
* peterdmv/ssl/improve_openssl_interop_tests:
ssl: Improve openssl interop tests
Change-Id: I65b63ddb8c8948d246e341f8c821b3b499507cb6
|
|
openssl 1.1.x changed the default ECC curves that made testcases
fail in the ECC suite. openssl s_server and s_client sent
'Illegal Parameter' alert when the CertificateVerify (client) or
ServerKeyExchange (server) message was signed with a curve that
was not present in openssl's default ECC curve list (x25519,
secp256r1, secp521r1, secp384r1, brainpoolP256r1, brainpoolP384r1,
brainpool512r1).
This commit changes the default curve of make_ec_cert_chains to
'secp256r1' and explicitly configures the default curve in
those testcases where the default curve of the ssl application
is expected.
Change-Id: I81ebe1a30b8f863b0e2836b1dad3d8bc767cc47e
|
|
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
* ingela/ssl/continue-optimize/OTP-15445:
ssl: If possible assemble several received application data records
|
|
|
|
Conflicts:
lib/ssl/src/ssl_connection.erl
lib/ssl/src/ssl_connection.hrl
lib/ssl/src/tls_connection.erl
|
|
We want to decrease the size of the outer state tuple, and gain
ease of understanding by better grouping. This is the first step
of creating a hs_env (handshake environment) part of the state.
This change will be performed gradually to reduce merge conflicts
complexity and risk of introducing errors.
|
|
|
|
|
|
* ingela/ssl/test-cuddle:
ssl: Correct test input
|
|
|
|
|
|
* ingela/ssl/DES-EDE/OTP-15539:
ssl: Correct 3des_ede_cbc check
|
|
Could cause ssl to claim to support 3des_ede_cbc when cryptolib does not
|
|
* maint:
Updated OTP version
Prepare release
|
|
* maint-21:
Updated OTP version
Prepare release
|
|
|
|
|
|
|
|
maint-21
* peterdmv/ssl/fix-srp-encode-decode/ERL-790/OTP-15477:
ssl: Fix encoding/decoding of the SRP extension
|
|
* ingela/ssl/enhance-error-handling/OTP-15505:
ssl: Cuddle test cases
ssl: Fix test case
ssl: Fix two invalid gen_statem returns
|
|
* lukas/ssl/benchmark_basic_test:
inets: Decrease benchmark TC timeout
inets: Fix crypto:rand_bytes usage in benchmarks
ssl: Only run a basic fast test in test cycle
|
|
Some of the slower machines takes 20-30 minutes to run
one iteration of the payload test.
|
|
Conflicts:
lib/ssl/src/ssl.erl
|
|
We want to be able to save a specific session to reuse, and make sure
it is reusable immediatly when the connection has been established.
Add client option {reuse_session, SessionID::binary()}
We also do not want clients to save sessions that it did not verify.
Additionaly change behaviour of the client and server to not save sessions
if reuse_session is set to false.
|
|
Modernize test case option handling
|
|
No need for this test case to set a specific cipher suite. An appropriate cipher suite
will be negotiated and it will of course be the same for clients with the same configuration.
|
|
|
|
TLS 1.3 test suites requires TLS 1.3 support in crypto that is
openssl 1.1.1 or later shall be available.
This commit tests support for RSASSA-PSS signature algorithm
and x448 Diffie-Hellman key agreement.
Change-Id: I003ab376339b003fbbd3d0a66e10c368a16023ad
|
|
Change-Id: I16dccce4a0a8980fe0f888969945aef8ed38a9bc
|
|
Change-Id: I9269825c833d1461369828a9228f384ccf2543a9
|
|
- Update calculation of nonce and additional data
- Update cipher_aead, decipher_aead
- Add test for TLS 1.3 encode/decode
Change-Id: Id0a5cc68d8746079fb42c0192c0c64405f6d7a72
|
|
Change-Id: I1a2e9b1b639cae0d78b6d25d7b6e761a2d90b7b1
|
|
Change-Id: Iab7148f609b4965cd1a815d04507a59cc1b8fb5f
|
|
Change-Id: I206b851fc616c53475f4a2935f6f52baf8f3e1e6
|
|
Change-Id: I03be63e9f436f60cdaee6583c930f235fd5eb24c
|
|
Encode length of supported_versions in one octet instead of two.
Change-Id: If24b38f3d2a40f0aa7152bb05bc0392efca6454c
|
|
Filter all rsa_pss_rsae and rsa_pss_pss signature schemes if
rsa_pkcs1_pss_padding is not supported by crypto.
Change-Id: Ie6d7ca3736011c71462eac925055f831777f9c9d
|
|
Change-Id: I54ef4f946c64510ca6df073aefc30c0b28723b3b
|
|
Create a TLS 1.3 'Certificate' message in the 'negotiated' state.
Change-Id: I03115de2353324f8533146ba19809064da6b0866
|
|
Change-Id: Ifdf8978c58c15313e8a7973cff97dda3458f7721
|
|
Change-Id: I23a2faa5f07836333c9b50af388162d2bbb9a246
|
|
Change-Id: I5cc6b470ea19e32dd5516a86fe6750c5b51d5368
|
|
Change-Id: I465760b7001692367c68839219745e40abafdfa8
|
|
Change-Id: Icea7ba523b15d7db4c816f542a16fc92eb6b38ad
|
|
Accept only TLS 1.3 ciphers when TLS 1.3 is selected.
Change-Id: I4e934d344f52208263ffdeb31c357dd5727472b9
|
|
Change-Id: I284faa415c97eb533df0a7e5777fe5d929010e56
|
|
Change-Id: I0454890c604f47cffd3bd83c217ff571f73965fb
|
|
Change-Id: I08dbfb38b198ef24798a85d8bcf498d697123fad
|