aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_policy.cpp
Commit message (Expand)AuthorAgeFilesLines
* Avoid negotiating CECPQ1 if x25519 ECC is disabledJack Lloyd2017-01-051-0/+10
* Increase default TLS DH min to 2048 bits, and add BSI policy class.Jack Lloyd2016-12-301-2/+1
* Prohibit SHA256/SHA384 ciphersuites in TLS 1.0/1.1 (GH #496)Jack Lloyd2016-12-281-3/+10
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-7/+7
* Add TLS::Policy::require_cert_revocation_infoJack Lloyd2016-11-281-0/+5
* Add TLS::Policy::to_stringJack Lloyd2016-11-261-0/+7
* Add minimum_signature_strenght to Text_PolicyJack Lloyd2016-11-251-1/+2
* Add TLS::Policy::minimum_signature_strengthJack Lloyd2016-11-251-0/+5
* Order default TLS ECC curve preferences by performanceJack Lloyd2016-11-191-4/+6
* Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-171-1/+2
* Pubkey cleanupsJack Lloyd2016-11-121-3/+1
* Change TLS default policy to disable DSA, CCM-8, and static RSAJack Lloyd2016-11-021-8/+23
* X25519 key exchange for TLSJack Lloyd2016-10-211-0/+1
* TLS: Split CBC+HMAC modes to standalone AEAD_ModeJack Lloyd2016-10-071-1/+8
* Support encoding of supported point formats extensionRené Korthaus2016-10-031-0/+5
* Address some issues with PR 492Jack Lloyd2016-08-131-9/+60
* Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-111-0/+2
* TLS Policy supportChristian Mainka2016-05-031-11/+39
* Remove support for TLS v1.2 MD5 and SHA-224 signatures.Jack Lloyd2016-03-171-11/+0
* Client must verify that the server sent an ECC curve which policy accepts.Jack Lloyd2016-03-171-0/+5
* Check that TLS signature type is accepted by the policy.Jack Lloyd2016-03-061-0/+5
* Make SRP6 support optional in TLSJack Lloyd2016-02-071-2/+2
* Remove TLS heartbeat support.Jack Lloyd2016-02-071-2/+0
* Avoid set<Ciphersuite>Jack Lloyd2016-01-171-6/+7
* Remove all remaining uses of throwing a std:: exception directlyJack Lloyd2015-12-191-1/+1
* Add TLS_PSK testsJack Lloyd2015-11-131-5/+2
* TLS improvementsJack Lloyd2015-10-251-2/+11
* Add a runtime map of string->func() which when called returnlloyd2015-01-281-14/+42
* Add Strict_Policy. Disable server initiated renegotiation by default.lloyd2015-01-231-9/+6
* Add support for configuring a TLS::Policy by text filelloyd2015-01-231-2/+46
* Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00lloyd2015-01-211-0/+2
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
* Remove config used for testing DTLS-SRTPlloyd2015-01-041-3/+2
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-9/+16
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-311-0/+1
* A TLS Server can now process either TLS or DTLS but not either,lloyd2014-11-151-3/+1
* No need to pass version by referencelloyd2014-10-311-1/+1
* Add TLS fallback signalling (draft-ietf-tls-downgrade-scsv-00)lloyd2014-10-311-1/+14
* Verify that the server did not send any extension that the client didn'tlloyd2014-04-111-0/+10
* Move lib into srclloyd2014-01-101-0/+286