aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
Commit message (Collapse)AuthorAgeFilesLines
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-163-15/+108
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Mark modules pulling in external deps (zlib, boost, etc) as such, andlloyd2015-02-061-40/+22
| | | | | | notify the user when they are enabled. Drop botan-config, replaced by `botan config` command added in 1.11.8
* Add typedefs for function signatures/types used in TLS for easier readinglloyd2015-01-271-31/+37
|
* Add Strict_Policy. Disable server initiated renegotiation by default.lloyd2015-01-231-5/+8
|
* Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00lloyd2015-01-211-0/+3
| | | | | and enable them in the default build, though still not enabled in the runtime policy.
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-111-22/+15
|
* Convert the asio server from a weird example server to a generic proxy server.lloyd2015-01-101-7/+3
|
* Change TLS session encryption to use AES-256/GCM instead of CBC+HMAClloyd2015-01-081-3/+5
|
* Fix doc bugslloyd2015-01-052-2/+2
|
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-4/+5
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-311-9/+10
|
* More info on AEAD decryption handlinglloyd2014-12-311-0/+10
|
* Update TLS doclloyd2014-12-201-11/+26
|
* Make the connection between calling TLS::Channel::send and a newlloyd2014-12-131-3/+9
| | | | wire record being created more clear.
* A TLS Server can now process either TLS or DTLS but not either,lloyd2014-11-151-7/+12
| | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing.
* Replace Transformatio::nstart with start_raw so we can do a full setlloyd2014-11-051-1/+1
| | | | of overloads in the base class with the same name.
* Various small fixes and cleanups, new is_prime utillloyd2014-11-031-0/+8
|
* Correct documentationlloyd2014-10-141-1/+1
|
* Some documentation updates WRT DTLS and X.509 cert path processinglloyd2014-10-062-25/+100
|
* Any fixed MR iterations is probably wrong for somebody. Allow the userlloyd2014-04-251-9/+19
| | | | | | to specify a probability as well as if n was randomly chosen or not. If the input is random use a better bounds to reduce the number of needed tests.
* Doc fixlloyd2014-04-161-1/+1
|
* Link to instructions for Android by Daniel Seitherlloyd2014-01-231-5/+2
|
* Fix binary nameslloyd2014-01-201-6/+6
|
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-1023-0/+4364
Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool