Age | Commit message (Collapse) | Author |
|
|
|
Anonymous cipher suites were broken altogether, and
there was an earlier issue where the server would send a signature
in the server key exchange if a certificate was configured, even
if an anonymous suite was actually negotiated.
Backport of PR-1729
|
|
|
|
|
|
|
|
Cipher suite handling improvments missed to make a few changes
for AEAD to be handled correctly see ERL-568
|
|
* maint:
Updated OTP version
Prepare release
ssl: Prepare for release
ssl: Backport PR-1709
ssh: Fix cli
ssh: Test for disabled shell
|
|
* maint-19:
Updated OTP version
Prepare release
ssl: Prepare for release
ssl: Backport PR-1709
ssh: Fix cli
ssh: Test for disabled shell
Conflicts:
OTP_VERSION
lib/ssh/doc/src/notes.xml
lib/ssh/src/ssh.erl
lib/ssh/vsn.mk
lib/ssl/doc/src/notes.xml
lib/ssl/vsn.mk
otp_versions.table
|
|
|
|
|
|
|
|
|
|
dumbbell/dumbbell/ssl/fix-active-once-dropped-when-handling-alert/ERL-562
ssl: Fix alert handling so that unexpected messages are logged and alerted correctly
|
|
... in handle_common_event(), instead of passing it to
handle_own_alert() after wrapping it in a tuple with `StateName` (i.e.
`{StateName, Msg}`).
The `StateName` is passed to handle_normal_shutdown() and to
alert_user(). The latter has a clause matching it against `connection`.
Unfortunately, when the argument was in fact `{StateName, Msg}`, another
clause was executed which dropped the `active` flag value and forced it
to `false`, even if the state was actually `connection`. It meant that
later in send_or_reply(), the alert was not propagated to the user, even
though it should (`active` set to `true` or `once`).
Now that handle_common_event() always passes the actual `StateName`, the
problem is fixed.
ERL-562
|
|
Conflicts:
lib/ssl/doc/src/ssl.xml
lib/ssl/src/ssl.erl
lib/ssl/src/ssl_cipher.erl
lib/ssl/test/ssl_basic_SUITE.erl
lib/ssl/test/ssl_test_lib.erl
|
|
Preferably customized cipher suites will be based on the default value.
But all may be used as base and hence it will be good to
handle anonymous suites separately as they are intended for testing purposes.
|
|
|
|
Authenticated encryption (AE) and authenticated encryption with
associated data (AEAD, variant of AE) is a form of encryption which
simultaneously provides confidentiality, integrity, and authenticity
assurances on the data.
This is more logical value then null that was used, this happened to
work as the AEAD property was derived form other data, but it is confusing!
|
|
|
|
|
|
* ingela/DTLS-supported:
ssl: Fix typo
dtls: Add DTLS handling to utility functions
ssl: Document enhancment
ssl: Document DTLS
|
|
|
|
LibreSSL-2.6.3 dropped DSS (DSA) support
|
|
|
|
|
|
* ingela/ssl/no-chacha-default-for-now/ERL-538/OTP-14882:
ssl: Remove chacha ciphers form default for now
|
|
We have discovered interoperability problems, ERL-538, that we
believe needs to be solved in crypto.
|
|
|
|
|
|
* ingela/ssl/remove-rsa-keyexchange-from-default/OTP-14769:
ssl: RSA key exchange is considered broken do not support by default
|
|
|
|
* maint:
ssl: Call clean version function
|
|
* ingela/ssl/test-cuddle:
ssl: Call clean version function
|
|
Make sure tests are run with intended version settings.
|
|
|
|
|
|
|
|
* ingela/ssl/timeout-cuddle:
ssl: Tune timeouts
|
|
|
|
|
|
Stream ciphers are not valid fro DTLS
|
|
Client will retransmit until server becomes responsive
|
|
Conflicts:
lib/ssl/src/tls_connection.erl
|
|
ERL-539
|
|
* raimo/ssl-dist-bench/OTP-14657:
Skip ssl_bench_SUITE, normally
|
|
|
|
|
|
|
|
|
|
* ingela/dtls-cuddling:
dtls: Correct UDP listener cleanup
dtls: Correct return value in UDP listener initialization
|