aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_version.h
Commit message (Collapse)AuthorAgeFilesLines
* Deprecate many publically available headersJack Lloyd2019-09-061-3/+3
|
* Add support for supported versions extension from TLS 1.3Jack Lloyd2019-05-241-2/+4
|
* Fix various issues in TLS found using BoGoJack Lloyd2019-05-201-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | - BoGo sends unparseable OCSP responses, so we have to accomodate for this by delaying decoding until verification and simply ignoring OCSP responses that we can't parse. - Check that there is no trailing garbage at the end of various messages. - Don't send empty SNI - Check the TLS record header versions (previously ignored) - For CBC 1/n-1 splitting split every record instead of just first. I think this is not a problem but it is what BoGo expects. - New Channel::application_protocol virtual (previously was implemented on both Client and Server but not shared). - Changes to resumption version handling. - Fix server version selection when newer versions are disabled. New policy hooks added in service of BoGo: - maximum_certificate_chain_size gives the maximum cert chain in bytes that we'll accept. - allow_resumption_for_renegotiation specifies if a renegotiation attempt can be simply (re-)resumed instead. - abort_handshake_on_undesired_renegotiation - previously we just ignored it with a warning alert. Now behavior is configurable. - request_client_certificate_authentication - require_client_certificate_authentication
* Address various GCC warningsJack Lloyd2017-10-061-1/+1
| | | | | Things like -Wconversion and -Wuseless-cast that are noisy and not on by default.
* Apply final annotations to the library alsoJack Lloyd2017-09-221-1/+1
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-191-1/+1
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-6/+6
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Improve tls doxygen [ci skip]René Korthaus2016-10-191-0/+6
|
* Internal header cleanupsJack Lloyd2015-09-191-1/+1
| | | | Only user-visible change is the removal of get_byte.h
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-111-1/+0
|
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add TLS fallback signalling (draft-ietf-tls-downgrade-scsv-00)lloyd2014-10-311-7/+0
|
* Move lib into srclloyd2014-01-101-0/+151
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 17:16:00 +0000