aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
AgeCommit message (Collapse)Author
2017-04-21ssl: TLS-1.2 clients will now always send hello messages on its own format.Ingela Anderton Andin
Note this is a change form how it works for earlier versions that will send the first hello message on the lowest supported version. From RFC 5246 Appendix E. Backward Compatibility E.1. Compatibility with TLS 1.0/1.1 and SSL 3.0 Since there are various versions of TLS (1.0, 1.1, 1.2, and any future versions) and SSL (2.0 and 3.0), means are needed to negotiate the specific protocol version to use. The TLS protocol provides a built-in mechanism for version negotiation so as not to bother other protocol components with the complexities of version selection. TLS versions 1.0, 1.1, and 1.2, and SSL 3.0 are very similar, and use compatible ClientHello messages; thus, supporting all of them is relatively easy. Similarly, servers can easily handle clients trying to use future versions of TLS as long as the ClientHello format remains compatible, and the client supports the highest protocol version available in the server. A TLS 1.2 client who wishes to negotiate with such older servers will send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in ClientHello.client_version. If the server does not support this version, it will respond with a ServerHello containing an older version number. If the client agrees to use this version, the negotiation will proceed as appropriate for the negotiated protocol. If the version chosen by the server is not supported by the client (or not acceptable), the client MUST send a "protocol_version" alert message and close the connection. If a TLS server receives a ClientHello containing a version number greater than the highest version supported by the server, it MUST reply according to the highest version supported by the server. A TLS server can also receive a ClientHello containing a version number smaller than the highest supported version. If the server wishes to negotiate with old clients, it will proceed as appropriate for the highest version supported by the server that is not greater than ClientHello.client_version. For example, if the server supports TLS 1.0, 1.1, and 1.2, and client_version is TLS 1.0, the server will proceed with a TLS 1.0 ServerHello. If server supports (or is willing to use) only versions greater than client_version, it MUST send a "protocol_version" alert message and close the connection. Whenever a client already knows the highest protocol version known to a server (for example, when resuming a session), it SHOULD initiate the connection in that native protocol. Note: some server implementations are known to implement version negotiation incorrectly. For example, there are buggy TLS 1.0 servers that simply close the connection when the client offers a version newer than TLS 1.0. Also, it is known that some servers will refuse the connection if any TLS extensions are included in ClientHello. Interoperability with such buggy servers is a complex topic beyond the scope of this document, and may require multiple connection attempts by the client. Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed). Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello. TLS clients that wish to negotiate with older servers MAY send any value {03,XX} as the record layer version number. Typical values would be {03,00}, the lowest version number supported by the client, and the value of ClientHello.client_version. No single value will guarantee interoperability with all old servers, but this is a complex topic beyond the scope of this document.
2017-04-21Merge branch 'ingela/ssl/AEAD'Ingela Anderton Andin
* ingela/ssl/AEAD: ssl, dtls: Refactor so that DTLS records are handled correctly together with AEAD handling ssl, dtls: Correct integer type for sequence number
2017-04-21ssl: Rewrite test data generationIngela Anderton Andin
With the new help functions for creating test data we can simplify the code. And sometimes corrections have been made so that the test actually perform the test intended.
2017-04-13ssl, dtls: Refactor so that DTLS records are handled correctly together with ↵Ingela Anderton Andin
AEAD handling
2017-04-13ssl, dtls: Correct integer type for sequence numberIngela Anderton Andin
2017-04-13dtls: Correct cookie map nameIngela Anderton Andin
2017-04-13dtls: Fix active once emulation for DTLSIngela Anderton Andin
2017-04-12ssl: Generate correct certificate chains for the ECC testsIngela Anderton Andin
The certificate chain handling had become quite entangled and was not correct.
2017-04-05Merge branch 'ingela/ssl/dtls-cookie/OTP-14076'Ingela Anderton Andin
* ingela/ssl/dtls-cookie/OTP-14076: dtls: Implement DTLS cookie secret generation
2017-04-04Merge branch 'maint'Ingela Anderton Andin
Conflicts: OTP_VERSION erts/vsn.mk lib/crypto/c_src/crypto.c lib/crypto/src/crypto.erl lib/ssh/src/ssh.erl
2017-03-31Update release notesErlang/OTP
2017-03-30dtls: Implement DTLS cookie secret generationIngela Anderton Andin
2017-03-27ssl: Prepare for releaseIngela Anderton Andin
2017-03-27ssl: Avoid data loss in active onceIngela Anderton Andin
Emulate active once in such a way that data recived by the TLS connection process, but not fetch via active once option by the user, can be delivered at next active once before final close.
2017-03-23Merge branch 'ingela/ssl/make-cert-test-data/OTP-14294'Ingela Anderton Andin
* ingela/ssl/make-cert-test-data/OTP-14294: ssl, public_key: Add functionality for generating X509 cert test data
2017-03-23ssl, public_key: Add functionality for generating X509 cert test dataIngela Anderton Andin
For now this functionality is located in ssl. And existing public_key function is extended. However some of the functionality may be moved to public_key in a later stage.
2017-03-23Merge branch 'ingela/ssl/dtls-frag'Ingela Anderton Andin
* ingela/ssl/dtls-frag: dtls: Handle overlapping fragments
2017-03-23dtls: Handle overlapping fragmentsIngela Anderton Andin
Fragment reassembling needs to handle that a smaller fragment then sent originally might overlap an earlier received fragment.
2017-03-21ssl: Add connection information itemsIngela Anderton Andin
Add session_id and remove undocumented ssl:session_info/1 Add client_random, server_random and master_secret, they will not be included in ssl:connection_information/1 as they may affect the connections security if used recklessly.
2017-03-16ssl: Remove deprecated functionsIngela Anderton Andin
2017-03-16Merge branch 'ingela/ssl/dtls-test'Ingela Anderton Andin
* ingela/ssl/dtls-test: dtls: Correct version check dtls: Test case fixes
2017-03-14Merge branch 'maint'Rickard Green
* maint: Updated OTP version Prepare release Conflicts: OTP_VERSION lib/typer/doc/src/notes.xml lib/typer/vsn.mk
2017-03-14Prepare releaseErlang/OTP
2017-03-10Update copyright yearRickard Green
2017-03-10dtls: Correct version checkIngela Anderton Andin
2017-03-10dtls: Test case fixesIngela Anderton Andin
2017-03-08Merge branch 'maint'Ingela Anderton Andin
2017-03-08Merge branch 'ingela/ssl/next-maint-version' into maintIngela Anderton Andin
* ingela/ssl/next-maint-version: ssl: Version update
2017-03-08dtls: Only test this for TLS for nowIngela Anderton Andin
We want to avoid failing test cases but still be able to merge DTLS progress for 19.3
2017-03-07dtls: Avoid mixup of protocol to testIngela Anderton Andin
2017-03-07dtls: 'dtlsv1.2' corresponds to 'tlsv1.2'Ingela Anderton Andin
'dtlsv1.2' should not be included in MIN_DATAGRAM_SUPPORTED_VERSIONS as this is the default when crypto does not have sufficient support for 'tlsv1.2' and 'dtlsv1.2'
2017-03-06dtls: Correct dialyzer spec and postpone inclusion of testIngela Anderton Andin
The new_options_in_accept test is not working yet, however DTLS is still work in progress and we want to make a progress merge to avoid merge conflicts with other progress of the ssl application.
2017-03-06dtls: Erlang distribution over DTLS is not supportedIngela Anderton Andin
Erlang distribution requiers a reliable transport, which udp is not. Maybe could be interesting later when SCTP support is added to DTLS.
2017-03-06dtls: Enable some DTLS tests in ssl_to_openssl_SUITEIngela Anderton Andin
We need to figure out a good way of knowing if the OpenSSL-"DTLS server" is up. Some of the code in this commit is attempting this, but it is not really working yet, and hence only tests where OpenSSL is client are enabled.
2017-03-06dtls: Enable DTLS test in ssl_certificate_verify_SUITEIngela Anderton Andin
2017-03-06dtls: Hibernation and retransmit timersIngela Anderton Andin
Change retransmissions timers to use gen_statem state timeouts. We do not need a retransmission timer in the state connection as data traffic in DTLS over UDP is not retransmitted. If the last flight before transitioning into connection is lost, it will be resent when the peer resends its last flight. This will also make hibernation testing more straight forward. We need more adjustments later to handle a reliable DTLS transport such as SCTP.
2017-03-06dtls: Make sure retransmission timers are runIngela Anderton Andin
2017-03-06dtls: DTLS specific handling of socket and ciphersIngela Anderton Andin
DTLS does not support stream ciphers and needs diffrent handling of the "#ssl_socket{}" handle .
2017-03-06Merge branch 'maint'Siri Hansen
2017-03-06Merge branch 'siri/ct_hooks/callbacks-on-skip/OTP-10599' into maintSiri Hansen
* siri/ct_hooks/callbacks-on-skip/OTP-10599: [ct] Update built-in ct hooks with new Suite parameter [cth_surefire] Handle skips from test spec [ct] Remove excessive skipped/failed tag in hook function [ct] Send tc_start event on force_stop and failed sequence [ct] Correctly handle process died in init and end_per_testcase [ct] Fix faulty hook callbacks for skipped tests Add dummy end_per_suite/1 [ct] Fix hooks and fail when one of init/end_per_* does not exit [ct] Add Suite argument to hook callback functions [ct] Fix function_clause in ct_framework when hook function crashes
2017-02-22Merge branch 'maint'Ingela Anderton Andin
2017-02-22Merge branch 'ingela/ssl/default-ciphers-suites/OTP-14235' into maintIngela Anderton Andin
* ingela/ssl/default-ciphers-suites/OTP-14235: ssl: Always prefer AES over 3DES
2017-02-22Merge branch 'maint'Lukas Larsson
2017-02-21ssl: Always prefer AES over 3DESIngela Anderton Andin
AES256 was preferred over 3DES already, so this only makes sure AES128 is preferred over 3DES also. This changes the default but probably nobody will notice as a better algorithm will be chosen anyhow.
2017-02-21Document ssl_session_cache_api's size/1 callbackSteven Danna
The size/1 callback was added as a non-optional callback in 42b8a29dbae1d626f32bc16dd81a129caf741138 but wasn't added to the documentation for the ssl_session_cache_api behavior. Signed-off-by: Steven Danna <[email protected]>
2017-02-20Add dummy end_per_suite/1Siri Hansen
common_test requires that if init_per_suite/1 exists, then end_per_suite/1 must also exist. If end_per_suite/1 does not exist, then it will be marked in the log as failed with reason 'undef'. Some test suites are corrected to avoid this.
2017-02-15Merge branch 'fix-source-typos'Björn Gustavsson
* fix-source-typos: (25 commits) Fixed typos in system/doc Fixed typos in lib/xmerl Fixed typos in lib/wx Fixed typos in lib/stdlib Fixed typos in lib/snmp Fixed typos in lib/ssl Fixed typos in lib/ssh Fixed typos in PKCS-8.asn1 file Fixed typos in lib/parsetools Fixed typos in lib/orber Fixed typos in lib/mnesia Fixed typos in lib/megaco Fixed typos in lib/kernel Fixed typos in lib/jinterface Fixed typos in lib/inets Fixed typos in lib/hipe Fixed typos in lib/eunit Fixed typos in lib/erl_interface Fixed typos in lib/eldap Fixed typos in lib/edoc ...
2017-02-14Fixed typos in lib/sslAndrew Dryga
2017-02-14Merge branch 'maint'Ingela Anderton Andin
2017-02-13ssl: Test case robustnessIngela Anderton Andin