aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2018-08-24Merge branch 'maint'Lars Thorsen
* maint: Updated OTP version Prepare release Updated the engine load functionality inets: Prepare for release inets: Use status code 501 when no mod_* handles the request ssl: Prepare for release ssl: Make sure that a correct cipher suite is selected ssl: Make sure that a correct cipher suite is selected
2018-08-24Merge branch 'maint-21' into maintLars Thorsen
* maint-21: Updated OTP version Prepare release Updated the engine load functionality inets: Prepare for release inets: Use status code 501 when no mod_* handles the request ssl: Prepare for release ssl: Make sure that a correct cipher suite is selected ssl: Make sure that a correct cipher suite is selected
2018-08-23Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/tls_v1.erl
2018-08-23ssl: Correct dialyzer specsIngela Anderton Andin
2018-08-23Prepare releaseErlang/OTP
2018-08-22Merge branch 'maint'Ingela Anderton Andin
Conflicts: lib/ssl/src/ssl_cipher.erl
2018-08-21ssl: Move formatting code to own moduleIngela Anderton Andin
The conversion code for different representations of cipher suites is long an repetitive. We want to hide it in a module that does not have other functions that we like to look at.
2018-08-21ssl: Remove legacy filesIngela Anderton Andin
When starting to implement DTLS, it was assumed that the APIs for TLS and DTLS would differ more. This assumption turned out to be wrong.
2018-08-20Merge branch 'maint'Rickard Green
* maint: erts/time_correction.xml: remove extra closing parenthesis use ssl:handshake/1 function
2018-08-20Merge pull request #1901 from getong/fix_ssl_exampleIngela Andin
Modernized example
2018-08-14Merge branch 'maint'Ingela Anderton Andin
2018-08-14Merge branch 'ingela/ssl/ERL-668/improve-err-msg/OTP-15234' into maintIngela Anderton Andin
* ingela/ssl/ERL-668/improve-err-msg/OTP-15234: ssl: Improve error message
2018-08-14Merge branch 'maint'Ingela Anderton Andin
2018-08-14Merge branch 'ingela/ssl/ERL-686/OTP-15224' into maintIngela Anderton Andin
* ingela/ssl/ERL-686/OTP-15224: ssl: Error handling improvment
2018-08-13ssl: Prepare for releaseIngela Anderton Andin
2018-08-10Merge branch 'maint'Rickard Green
* maint: Updated OTP version Update release notes Update version numbers crypto: Fix crash in compute_key(ecdh, ...) on badarg Relax add_table_copy restriction Fixed #Ref ordering bug Test #Ref ordering in lists and ets Do NOT disc_load from ram_copies when master_node is set ssl: Make sure that a correct cipher suite is selected ssl: Correct handling of empty server SNI extension
2018-08-10Merge branch 'maint-20' into maintRickard Green
* maint-20: Updated OTP version Update release notes Update version numbers crypto: Fix crash in compute_key(ecdh, ...) on badarg Relax add_table_copy restriction Fixed #Ref ordering bug Test #Ref ordering in lists and ets Do NOT disc_load from ram_copies when master_node is set ssl: Make sure that a correct cipher suite is selected ssl: Correct handling of empty server SNI extension
2018-08-09Update release notesErlang/OTP
2018-08-09Update version numbersErlang/OTP
2018-08-09Merge branch 'ingela/ssl/empty-sni/OTP-15168' into maint-20Erlang/OTP
* ingela/ssl/empty-sni/OTP-15168: ssl: Correct handling of empty server SNI extension
2018-08-09Merge branch 'maint'Ingela Anderton Andin
2018-08-09Merge branch 'ingela/maint/ssl/ECC/ERIERL-210/OTP-15203' into maintIngela Anderton Andin
* ingela/maint/ssl/ECC/ERIERL-210/OTP-15203: ssl: Make sure that a correct cipher suite is selected
2018-08-09ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-08-09ssl: Error handling improvmentIngela Anderton Andin
2018-08-09Merge branch 'maint'Ingela Anderton Andin
2018-08-08use ssl:handshake/1 functiongetong
2018-08-07ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-08-07ssl: Correct close handlingIngela Anderton Andin
Transport accepted sockets that are in the error state, was not closed properly.
2018-08-07Merge branch 'maint'Ingela Anderton Andin
2018-08-07ssl: Fix typosIngela Anderton Andin
2018-08-06ssl: Make sure that a correct cipher suite is selectedIngela Anderton Andin
The keyexchange ECDHE-RSA requires an RSA-keyed server cert (corresponding for ECDHE-ECDSA), the code did not assert this resulting in that a incorrect cipher suite could be selected. Alas test code was also wrong hiding the error.
2018-07-27Change "can not" into "cannot"Raimo Niskanen
I did not find any legitimate use of "can not", however skipped changing e.g RFCs archived in the source tree.
2018-07-24Merge branch 'peterdmv/ssl/version_downgrade_protection/OTP-15189'Péter Dimitrov
* peterdmv/ssl/version_downgrade_protection/OTP-15189: ssl: Implement downgrade protection mechanism (TLS 1.3) Change-Id: I29a281c1278509608fdea9b0346ad91c62f886a8
2018-07-24Merge branch 'maint'John Högberg
* maint: Fix typo in xmerl_scan:string/1 Updated OTP version Prepare release ssl: Engine key trumps certfile option inets: Prepare for release inets: Improve error handling
2018-07-24Merge branch 'maint-20' into maintJohn Högberg
* maint-20: Updated OTP version Prepare release ssl: Engine key trumps certfile option inets: Prepare for release inets: Improve error handling
2018-07-20Merge branch 'peterdmv/ssl/version_extension_updates/OTP-15059'Péter Dimitrov
* peterdmv/ssl/version_extension_updates/OTP-15059: ssl: Fix handling of TLS record versions ssl: Update hello state (TLS 1.3) ssl: Implement 'supported_versions' extension ssl: Sort supported versions in handle_options ssl: Add experimental version 'tlsv1.3' Change-Id: I071d24242103cc066c5ee8154effc5ee01b04703
2018-07-20Prepare releaseErlang/OTP
2018-07-20Merge branch 'ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193' into maint-20Erlang/OTP
* ingela/ssl/engine-vs-certfile/ERLERL-211/OTP-15193: ssl: Engine key trumps certfile option
2018-07-19ssl: Implement downgrade protection mechanism (TLS 1.3)Péter Dimitrov
If negotiating TLS 1.2, TLS 1.3 servers MUST set the last eight bytes of their Random value to the bytes: 44 4F 57 4E 47 52 44 01 If negotiating TLS 1.1 or below, TLS 1.3 servers MUST and TLS 1.2 servers SHOULD set the last eight bytes of their Random value to the bytes: 44 4F 57 4E 47 52 44 00 Change-Id: If35112f63f42a9af351f4ca9b1846fd3f5b08167
2018-07-19ssl: Fix handling of TLS record versionsPéter Dimitrov
- Introduce new macro ALL_TLS_RECORD_VERSIONS to decouple ALL_AVAILABLE_VERSIONS from the list of valid TLS record versions. It consists of versions allowed in TLSCiphertext.version (TLS 1.2 and prior) and TLSCiphertext.legacy_record_version (TLS 1.3). - TLS 1.3 sets TLSCiphertext.legacy_record_version to 0x0303 for all records generated other than an initial ClientHello, where it MAY also be 0x0301. - TLSPlaintext.legacy_record_version is ignored. Change-Id: Iabb1a954ab21f8be012e6460ae99ab533e31e123
2018-07-19ssl: Update hello state (TLS 1.3)Péter Dimitrov
Update hello state to handle the "supported_versions" extension defined by TLS 1.3: - If "supported_versions" is present in ServerHello, the client will aboirt the handshake with an "illegal_parameter" alert. - If "supported_versions" is present in ClientHello, the server will select a version from "supported_versions" and ignore ClientHello.legacy_version. If it only supports versions greater than "supported_versions", the server aborts the handshake with a "protocol_version" alert. - If "supported_versions" is absent in ClientHello, the server negotiates the minimum of ClientHello.legacy_version and TLS 1.2. If it only supports version greater than ClientHello.legacy_version, the server aborts the handshake with a "protocol_version" alert. Change-Id: I16eef15d77bf21209c6cc103546ddddca518483b
2018-07-19ssl: Implement 'supported_versions' extensionPéter Dimitrov
Change-Id: I8bb015e97ab4c317ef380123cf94350ed509c36f
2018-07-19ssl: Sort supported versions in handle_optionsPéter Dimitrov
Sort supported versions (highest first) in handle options to reflect the order expected by TLS 1.3. Change-Id: I06bb43ac81eeaca681c122d815a024c8444e3726
2018-07-19ssl: Add experimental version 'tlsv1.3'Péter Dimitrov
- Add 'tlsv1.3' to the available versions. It can be used to trigger experimental behavior while implementing TLS 1.3. - Add dummy clauses for handling version {3,4} of TLS. - Update ssl_logger to handle unknown versions of TLS. Change-Id: I564ffa47dca18b59f0dc16c9809dfd7adaf2d333
2018-07-17ssl: Improve error messageIngela Anderton Andin
2018-07-17ssl: Engine key trumps certfile optionIngela Anderton Andin
2018-07-16Merge branch 'maint'Lukas Larsson
2018-07-13docs: make clean all XMLDIRLukas Larsson
2018-07-11Merge branch 'maint'Ingela Anderton Andin
2018-07-11Merge pull request #1869 from ↵Ingela Andin
IngelaAndin/ingela/ssl/unexpected-call/ERL-664/OTP-15174 ssl: Improve error handling
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-22 20:04:44 +0000