| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
|
| |
|
|
| |
protocol handler was specified to the Server constructor. GH #252
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Github issue 27.
Refactor server hello handling to make it easier to handle other extensions.
The manual specified that 224 bit NIST primes were disabled by default
for TLS but they were not. Additionaly disable the 256k1 curve and
reorder the remaining curves by size.
Rewrite the max fragment length extension code to roughly what an
ideal compiler would have turned the original code into, using a
switch instead of a lookup into a small constant std::map.
|
| |
|
|
|
| |
with the setting set in the constructor. This prevents various surprising
things from happening to applications and simplifies record processing.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
