aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Update for 1.11.6 release1.11.6lloyd2013-12-292-6/+7
|
* Add 1.10.7 release noteslloyd2013-12-293-9/+16
|
* Make Boost easier to disable with minimal feature losslloyd2013-12-283-10/+17
|
* Move clmul to its own file (for abi flags)lloyd2013-12-271-0/+2
|
* Add CPUID check for AVX-512lloyd2013-12-251-1/+2
|
* Add Threefish-512 in AVX2lloyd2013-12-241-7/+9
| | | | Tested using Intel's SDE, but no idea how fast it will be on hardware.
* Fix TLS-SRP examplelloyd2013-12-211-1/+1
|
* merge of 'c55938af0026b98297194116c1553d467104b41a'lloyd2013-12-193-3/+13
|\ | | | | | | and 'd0c532af92ea0940685dd0e99d2946329efbc917'
| * Add cpuid support for new x86 feature flags like AVX2 and RDSEEDlloyd2013-12-141-2/+5
| |
| * s/default_nonce_size/default_nonce_length/lloyd2013-12-101-0/+6
| |
| * Have default TLS policy reject SSLv3. Add TLS::Policy::acceptable_ciphersuitelloyd2013-12-101-1/+2
| | | | | | | | | | to allow either party to filter out specific ciphersuites they don't wish to support for whatever reason.
* | Fix OAEP key size check during encoding, and an array over-read whenlloyd2013-12-061-0/+5
|/ | | | | decoding a message that was so large we decided it was invalid and truncated it.
* Turn off asking for client cert in TLS server examplelloyd2013-12-051-2/+10
|
* Add SIVlloyd2013-12-051-1/+3
|
* Support the normal names for CCM in TLS policy configlloyd2013-12-041-3/+3
|
* Disable RC4 in TLS by defaultlloyd2013-11-292-2/+4
|
* Have OCSP responses return an enum allowing a range of conditions to be ↵lloyd2013-11-291-14/+9
| | | | | | | | | | expressed (good status, cert revoked, some other error, etc). Add a certificate store backed by files (requiring boost filesystem). Change Certificate_Store interface somewhat to support retrieval without copying.
* Add OCSP example. Fix minor compile issues.lloyd2013-11-285-4/+28
|
* TLS in-memory session manager now requires a rng object as alloyd2013-11-282-11/+24
| | | | | constructor argument, previously it used the global rng which caused a serialization point across server threads.
* Add a simple HTTP 1.0 GET using asio (for CRLs and OCSP)lloyd2013-11-271-1/+2
|
* merge of '022cd3c92c37dee696d0c3c0c197f8df8981ccbb'lloyd2013-11-201-0/+5
|\ | | | | | | and '83151ac7a83013a2874f78978df5c4739b879775'
| * Direct people interested in TLS to 1.11lloyd2013-11-201-0/+5
| |
* | Add HKDFlloyd2013-11-171-0/+3
| |
* | Enable all the GCC warning flags, as we now require at least GCC 4.7 anywaylloyd2013-11-161-0/+2
| | | | | | | | Fix a few nullptr and cast warnings.
* | Forgot to relnote thislloyd2013-11-101-0/+4
|/
* Remove download link to 1.8lloyd2013-11-101-8/+0
|
* Release 1.11.51.11.5lloyd2013-11-102-7/+7
|
* Add 1.10.6 release noteslloyd2013-11-102-0/+49
|
* Remove obsolete documentation on thread_safe param to lib initializerlloyd2013-11-091-9/+0
|
* Previously, AutoRNG was just a reference to the global rng, which canlloyd2013-11-081-1/+6
| | | | | | | | | | | cause a huge amount of lock contention in heavily multithreaded code. Now each AutoRNG is its own uniquely seeded HMAC_RNG. The set of entropy sources is shared rather than being per-RNG (so there is only one open fd to /dev/random, etc). So reseeding is still a global lock, but sharing the resources (open file descriptors, etc) across RNGs seems worth the contention. Remove Randpool, which was only used if HMAC_RNG was disabled at build.
* Start updating release noteslloyd2013-11-081-7/+30
|
* Split TLS callbacks into a data callback and an alert callback.lloyd2013-11-054-88/+90
| | | | | In practice applications treated these two cases completely differently, so there was no reason to combine them into a single callback.
* Add Brainpool curves to TLS, and prefer them by default.lloyd2013-09-081-4/+5
| | | | Remove 224-bit NIST curve from default parameter list.
* Enable CCM ciphersuites in TLS. Disable SHA-1 for signatures in TLS v1.2lloyd2013-09-061-3/+5
|
* Add CCM modelloyd2013-09-052-1/+3
|
* Support 64 and 96 bit tags in OCB, using the nonce formatting rulelloyd2013-08-261-0/+2
| | | | added in the latest CFRG internet draft.
* Update build version to 1.11.5 prelloyd2013-08-191-0/+6
|
* Avoid undefined operation in rotation operationslloyd2013-07-311-0/+11
|
* merge of '2139fa117e35116a6d728cc58b050fd5fa20994f'lloyd2013-07-302-4/+4
|\ | | | | | | and 'a25b72d98eb3f88fcf577fabfcd430ef0758debc'
| * Update for 1.11.4 release1.11.4lloyd2013-07-252-4/+4
| |
* | Add build instructions for iOS, sent by Jeffery Walton.lloyd2013-07-261-1/+40
|/
* Change default policy to prohibit DTLS to minimize surprise.lloyd2013-07-103-10/+42
| | | | | | | | | | Allow applications to send arbirary alert messages. Add a new optional parameter to Channel which specifies how large to make the IO buffers by default. Add Channel::reset_state, and reset the IO buffers and cipher specs after a fatal alert.
* Fix ReST syntaxlloyd2013-07-101-3/+2
|
* Fix RST syntaxlloyd2013-05-011-1/+1
|
* Some small TLS doc updateslloyd2013-04-192-29/+37
|
* Rename ARC4 to RC4lloyd2013-04-192-1/+3
|
* Initial notes for 1.11.4lloyd2013-04-181-0/+17
|
* Always include modules requiring ISA extensions as long as thelloyd2013-04-172-1/+3
| | | | | | | | | | | compiler and target platform might support it. For instance the AES SSSE3 code is now always in any x86 build, with just that specific file being compiled with -mssse3. Since we'll only call that code if cpuid confirms it works at runtime, we don't have portability issues, and it can be safely included in generic builds (eg for distributions). Tweak how machine specific compiler flags are generated to be a bit easier to maintain.
* Update for 1.11.3 release1.11.3lloyd2013-04-112-4/+4
|
* Add support for AEAD modes in TLS. Add GCM ciphersuites.lloyd2013-04-111-0/+2
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 02:08:54 +0000