aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual/tls.rst
Commit message (Collapse)AuthorAgeFilesLines
* Update manual to avoid use of old integer typedefs.Jack Lloyd2017-11-141-15/+15
|
* Add support for ARIA GCM ciphersuitesJack Lloyd2017-11-031-1/+2
| | | | Tested against OpenSSL master
* Merge GH #872 Add ability for TLS servers to prohibit renegotiationJack Lloyd2017-09-191-0/+8
|\
| * Add TLS::Policy::allow_client_initiated_renegotiationJack Lloyd2017-02-191-0/+8
| | | | | | | | Parallel of the server policy flag.
* | Add documentation that SNI must be FQDN.Alexander Bluhm2017-03-271-0/+4
| | | | | | | | server_info parameter of TLS::Client must not be an IP address.
* | Fix the default value (2048) of minimum_dh_group_size in the documentationlouiz’2017-03-071-1/+1
|/
* Add minimal example code to tls handbookRené Korthaus2017-02-131-2/+237
|
* Add note about CECPQ1 in TLS manualJack Lloyd2016-12-281-0/+16
| | | | [ci skip]
* Update tls_verify_cert_chain docs to reflect OCSP stapling changesJack Lloyd2016-12-041-5/+19
| | | | | | GH #755 [ci skip]
* Document TLS::Policy::require_cert_revocation_infoJack Lloyd2016-11-281-0/+20
|
* Address review comments from @cordneyJack Lloyd2016-11-251-2/+2
| | | | | | | | | | | | Primarily doc updates but also expose some more logic in PKIX namespace, overall_status and merge_revocation_status. This allows calling more or less all of the logic used by the monolitic x509_path_validate in any way needed by an application. Add Certificate_Store_In_Memory::add_crl variant taking shared_ptr Add optional Certificate_Store_In_Memory* pointer to check_crl_online, valid CRLs are saved there.
* Move TLS cert verification callback from Credentials_Manager to TLS::CallbacksJack Lloyd2016-11-231-2/+28
| | | | | | It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
* Order default TLS ECC curve preferences by performanceJack Lloyd2016-11-191-2/+3
| | | | | | | | | | | | Moves x25519 to the front for best by-default side channel resistance, and orders remaining NIST/BP curves by performance rather than size. That means putting P-521 before P-384, since P-521 is much faster at least in Botan (due to much simpler modular reduction for P-521 prime), and Brainpools to the end due to being quite slow (no fast reductions). All of the supported curves seem strong enough, and if someone can break P-256 they can probably break P-384 as well so there doesn't seem much advantage in preferring slower curves by default.
* Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-171-2/+2
| | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* Change TLS default policy to disable DSA, CCM-8, and static RSAJack Lloyd2016-11-021-18/+60
| | | | | | | | | | | | | | | Disables static RSA by default. The advantage here is twofold: enforcing forward security and protecting TLS servers from oracle attacks since by default they will never negotiate a suite which forces them to act as a decryption oracle. Some applications/users may be forced to enable RSA in order to speak with old or misconfigured peers, but these can be the exception not the default. Disable DSA and CCM-8 by default: if you need to enable these things, you know it. Adds TLS policy hooks to enforce DSA key sizes, default 2048 bits. Remove an incorrect warning about DTLS in the manual; the sequence number window check prevents this scenario from occuring.
* Merge GH #673 X25519 TLS key exchangeJack Lloyd2016-10-241-1/+1
|\
| * X25519 key exchange for TLSJack Lloyd2016-10-211-1/+1
| | | | | | | | | | Client interops with google.com, server not tested against an independent client yet.
* | Build the docs during CIJack Lloyd2016-10-221-3/+3
|/ | | | Fix various doc building problems/warnings.
* Update manualRené Korthaus2016-10-031-0/+13
|
* Add a Callbacks function for ALPNJack Lloyd2016-08-161-14/+30
|
* Changes to TLS::Callbacks for GH PR #457Jack Lloyd2016-08-161-76/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works Split out the compat (std::function) based interface to Compat_Callbacks. This avoids the overhead of empty std::functions when using the virtual interface, and ensures the virtual interface works since there is no callback path that does not involve a vtable lookup. Rename the TLS::Callback functions. Since the idea is that often an owning class will pass *this as the callbacks argument, it is good to namespace the virtual functions so as not to conflict with other names chosen by the class. Specifically, prefixes all cb functions with tls_ Revert changes to use the old style alert callback (with no longer used data/len params) so no API changes are required for old code. The new Callbacks interface continues to just receive the alert code itself. Switch to virtual function interface in CLI tls_client for testing. Inline tls_server_handshake_state.h - only used in tls_server.cpp Fix tests - test looked like it was creating a new client object but it was not actually being used. And when enabled, it failed because the queues were not being emptied in between. So, fix that.
* Fix formatting bugs in TLS docJack Lloyd2016-04-131-11/+6
| | | | | | | Fixes GH #460 Closes GH #474 [ci skip]
* Remove support for TLS v1.2 MD5 and SHA-224 signatures.Jack Lloyd2016-03-171-7/+4
| | | | | | | | | Remove support for weak ECC curves (anything under P-256) from TLS. This includes secp256k1 since we don't take advantage of the special form for any performance advantage; might as well use P-256. The manual still mentioned that it was possible to use MD5 in Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
* Misc doc updatesJack Lloyd2016-01-041-0/+7
| | | | [ci skip]
* Replace path src/cmd/ by new src/cli/ in documentationSimon Warta2015-12-111-4/+2
| | | | | | Closes #356. [ci skip]
* Add TLS_PSK testsJack Lloyd2015-11-131-1/+2
| | | | | | | | | | | Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
* Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-261-2/+4
|\ | | | | TLS improvements
| * TLS improvementsJack Lloyd2015-10-251-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Remove redundant function definitions from docsSimon Warta2015-10-201-10/+0
| | | | | | | | [ci skip]
* | Make Version_Code an enum type for documentationSimon Warta2015-10-201-1/+1
| | | | | | | | | | | | Confirm http://sphinx-doc.org/domains.html#directive-cpp:enum-struct [ci skip]
* | Update TLC::Client constructor documentationSimon Warta2015-10-201-13/+14
| | | | | | | | [ci skip]
* | Update TLS::Server signature in docsSimon Warta2015-10-201-14/+15
|/ | | | [ci skip]
* Fix typosSimon Warta2015-07-241-1/+1
| | | | Thanks to @vlajos https://github.com/vlajos/misspell_fixer
* Remove RC4 (and all support for stream ciphers) from TLSlloyd2015-05-151-2/+2
|
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-201-22/+17
|
* Doc updateslloyd2015-02-281-0/+3
|
* Add typedefs for function signatures/types used in TLS for easier readinglloyd2015-01-271-31/+37
|
* Add Strict_Policy. Disable server initiated renegotiation by default.lloyd2015-01-231-5/+8
|
* Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00lloyd2015-01-211-0/+3
| | | | | and enable them in the default build, though still not enabled in the runtime policy.
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-111-22/+15
|
* Convert the asio server from a weird example server to a generic proxy server.lloyd2015-01-101-7/+3
|
* Change TLS session encryption to use AES-256/GCM instead of CBC+HMAClloyd2015-01-081-3/+5
|
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-4/+5
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-311-9/+10
|
* Update TLS doclloyd2014-12-201-11/+26
|
* Make the connection between calling TLS::Channel::send and a newlloyd2014-12-131-3/+9
| | | | wire record being created more clear.
* A TLS Server can now process either TLS or DTLS but not either,lloyd2014-11-151-7/+12
| | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing.
* Correct documentationlloyd2014-10-141-1/+1
|
* Some documentation updates WRT DTLS and X.509 cert path processinglloyd2014-10-061-11/+14
|
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-101-0/+753
Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool