aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/msg_server_hello.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Add TLS v1.3 downgrade indicatorJack Lloyd2019-07-121-2/+37
|
* Let TLS serialization know which side we are sending asJack Lloyd2019-05-241-1/+1
| | | | Since this matters for some extensions
* Add support for supported versions extension from TLS 1.3Jack Lloyd2019-05-241-1/+1
|
* Add BoGo tests and fix resumption caseJack Lloyd2019-05-221-4/+0
|
* Fix various issues in TLS found using BoGoJack Lloyd2019-05-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | - BoGo sends unparseable OCSP responses, so we have to accomodate for this by delaying decoding until verification and simply ignoring OCSP responses that we can't parse. - Check that there is no trailing garbage at the end of various messages. - Don't send empty SNI - Check the TLS record header versions (previously ignored) - For CBC 1/n-1 splitting split every record instead of just first. I think this is not a problem but it is what BoGo expects. - New Channel::application_protocol virtual (previously was implemented on both Client and Server but not shared). - Changes to resumption version handling. - Fix server version selection when newer versions are disabled. New policy hooks added in service of BoGo: - maximum_certificate_chain_size gives the maximum cert chain in bytes that we'll accept. - allow_resumption_for_renegotiation specifies if a renegotiation attempt can be simply (re-)resumed instead. - abort_handshake_on_undesired_renegotiation - previously we just ignored it with a warning alert. Now behavior is configurable. - request_client_certificate_authentication - require_client_certificate_authentication
* Fix server use of EC point format extensionJack Lloyd2018-02-131-1/+1
| | | | | In the resumption case it would use that extension for any ECC ciphersuite, but is only allowed to do so if the client sent the extension.
* Add an examine callback alsoJack Lloyd2018-01-271-2/+2
|
* Add ability for application to control which TLS extensions are usedJack Lloyd2018-01-271-0/+7
| | | | GH #1186
* Remove vestigial support for TLS compressionJack Lloyd2018-01-211-2/+2
| | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit.
* Add copyright statements to files modified in the preceding 2 commitsHarry Reimann2017-12-041-0/+1
|
* Make support for certificate status messages optional via policyHarry Reimann2017-12-041-7/+2
| | | | | | | | Don't postpone the verification of a server certificate if certificate status messages are not expected in client handshake. When using an external crypto device it may be necessary to verify the certificate before using the public key for verification of the signature in the server key exchange message.
* Fix errors caught with tlsfuzzerJack Lloyd2017-11-261-1/+1
| | | | | | | | | | | Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.)
* Export tls_messages.h as a public headerRené Korthaus2016-12-231-2/+3
| | | | | | | TLS::Callbacks::inspect_handshake_message() allows applications to inspect all handshake messages, but this requires access to the types in tls_messages.h. As a matter of fact, this also exports tls_extensions.h as a public header.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-16/+16
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add OCSP stapling support to TLS clientJack Lloyd2016-11-261-3/+15
|
* Fix incompatability with (some) common TLS stackJack Lloyd2016-11-161-3/+8
| | | | | | | | Several sites including oracle.com seem to send extension 11 (point format) even if we (the client) did not send it. Then the handshake fails. To workaround this problem, simply always send this extension as the client, instead of only sending it if we wished to support compressed points.
* Maintainer mode fixesJack Lloyd2016-10-171-4/+4
|
* Support encoding of supported point formats extensionRené Korthaus2016-10-031-1/+7
|
* Merge master into this branch, resolving conflicts with #457/#576Jack Lloyd2016-08-311-11/+8
|\ | | | | | | which recently landed on master.
| * Removed Handshake_Info class.Matthias Gierlings2016-06-191-4/+6
| | | | | | | | | | - Undid changes replacing Hanshake_IO, Handshake_Hash with Handshake_Info.
| * Reduction of code complexity in TLS classes.Matthias Gierlings2016-06-191-17/+12
| | | | | | | | | | | | | | -reduced number of parameters in various methods -reduced cyclomatic complexity (McCabe-Metric) -removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover from heartbeat extension removal?)
* | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-111-0/+14
|/ | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
* Remaining cppcheck fixes that are not covered by GH #444Daniel Neus2016-03-051-1/+1
|
* Remove support for the TLS min fragment length extension.Jack Lloyd2016-02-071-6/+0
|
* Remove TLS heartbeat support.Jack Lloyd2016-02-071-6/+0
| | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* String comparision fixesDaniel Neus2016-01-041-2/+2
| | | | fix PVS-Studio perfomance warnings
* Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-031-1/+7
| | | | Interop tested with mbed TLS
* Silence some extra ';' warningsSimon Warta2015-07-221-1/+1
|
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-201-6/+6
|
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-111-8/+0
|
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-22/+76
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Let TLS policy disable putting the timestamp in the hello random fieldslloyd2014-11-041-1/+1
|
* Have TLS_Data_Reader decoding errors include the actual msg type namelloyd2014-04-121-1/+1
|
* Move lib into srclloyd2014-01-101-0/+142
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 19:02:10 +0000