| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
- Adds magic number/versioning to make future extensions possible
- Adds key identifier to avoid needless decryption attempts, makes
supporting ticket key rotation easier in the future
- Avoids key collision; in current format if the seed is duplicated
the same key + nonce are generated. This does not leak the master
ticket key but is still bad. Now nonce is random, and key is
generated via a distinct 128-bit long input. Chances of a duplicated
key/nonce are now about 2^-112.
- Include the whole header incl nonce as associated data
- Use SHA-512-256 instead of SHA-256
This breaks all saved encrypted sessions as well as saved session
tickets. But the cost then is just a full renegotiation. The session
ticket format is not guaranteed to be stable even across minor
releases.
|
|
|
|
| |
Introduced in 3657639ab. Add a test that would have caught this
|
|
|
|
| |
See also #1526
|
|
|
|
|
| |
It was never supported and never will be. Removing negotiation entirely
simplifies the code a bit.
|
| |
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|\
| |
| |
| | |
Merged recent changes and resolved minor conflicts in tls record classes.
|
| |
| |
| |
| | |
warnings.
|
|/
|
|
|
|
| |
Introduced a countermeasure against the logjam attack
Short TLS records (AES-CBC) now return BAD_RECORD_MAC
Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
|
| |
|
|
|
|
| |
Interop tested with mbed TLS
|
|
|
|
| |
DB::spin now returns the number of rows affected
|
| |
|
| |
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Github issue 27.
Refactor server hello handling to make it easier to handle other extensions.
The manual specified that 224 bit NIST primes were disabled by default
for TLS but they were not. Additionaly disable the 256k1 curve and
reorder the remaining curves by size.
Rewrite the max fragment length extension code to roughly what an
ideal compiler would have turned the original code into, using a
switch instead of a lookup into a small constant std::map.
|
| |
|
|
|