Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Change TLS session encryption to use AES-256/GCM instead of CBC+HMAC | lloyd | 2015-01-08 | 2 | -12/+26 |
| | |||||
* | Support setting the number of pad bytes in a heartbeat message. Use | lloyd | 2015-01-07 | 5 | -70/+86 |
| | | | | | random instead of all-zero padding. Check on sanity of received pads to the extent possible. Bugzilla 269. | ||||
* | Remove config used for testing DTLS-SRTP | lloyd | 2015-01-04 | 1 | -3/+2 |
| | |||||
* | Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC). | lloyd | 2015-01-04 | 11 | -134/+293 |
| | | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map. | ||||
* | Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementation | lloyd | 2014-12-31 | 7 | -95/+122 |
| | |||||
* | Fix a couple things pointed out by VC++ warnings. | lloyd | 2014-12-22 | 1 | -4/+0 |
| | |||||
* | Add abstract database interface so applications can easily store info | lloyd | 2014-12-20 | 7 | -244/+321 |
| | | | | | | in places other than sqlite3, though sqlite3 remains the only implementation. The interface is currently limited to precisely the functionality the TLS session manager needs and will likely expand. | ||||
* | Not helpful | lloyd | 2014-11-16 | 1 | -1/+0 |
| | |||||
* | A TLS Server can now process either TLS or DTLS but not either, | lloyd | 2014-11-15 | 10 | -75/+181 |
| | | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing. | ||||
* | Replace Transformatio::nstart with start_raw so we can do a full set | lloyd | 2014-11-05 | 1 | -3/+3 |
| | | | | of overloads in the base class with the same name. | ||||
* | Let TLS policy disable putting the timestamp in the hello random fields | lloyd | 2014-11-04 | 6 | -11/+25 |
| | |||||
* | Typo | lloyd | 2014-11-04 | 1 | -1/+1 |
| | |||||
* | Cleanup handling of TLS AEAD nonce sizes, push all knowledge of what | lloyd | 2014-11-03 | 6 | -186/+193 |
| | | | | the nonce sizes should be down to the ciphersuite generating script. | ||||
* | Various small fixes and cleanups, new is_prime util | lloyd | 2014-11-03 | 1 | -4/+4 |
| | |||||
* | Fix various warnings from VC++ 2014 and add missing include | lloyd | 2014-10-31 | 4 | -6/+13 |
| | |||||
* | No need to pass version by reference | lloyd | 2014-10-31 | 2 | -2/+2 |
| | |||||
* | Add TLS fallback signalling (draft-ietf-tls-downgrade-scsv-00) | lloyd | 2014-10-31 | 9 | -26/+69 |
| | |||||
* | If the server offers us a SCSV instead of a real ciphersuite send a fatal alert | lloyd | 2014-10-30 | 3 | -0/+17 |
| | |||||
* | Add support for DTLS handshake timeouts and retransmissions. | lloyd | 2014-10-06 | 8 | -65/+224 |
| | |||||
* | Specify version number in message when we reject due to policy | lloyd | 2014-10-06 | 2 | -2/+4 |
| | |||||
* | Avoid initializer lists here, VC2013 doesn't like it. Github #18 | lloyd | 2014-05-01 | 2 | -5/+7 |
| | |||||
* | Compile fix | lloyd | 2014-04-13 | 1 | -2/+2 |
| | |||||
* | Have TLS_Data_Reader decoding errors include the actual msg type name | lloyd | 2014-04-12 | 12 | -44/+47 |
| | |||||
* | Verify that the server did not send any extension that the client didn't | lloyd | 2014-04-11 | 6 | -12/+41 |
| | | | | offer. Previously the client only checked a couple of special cases. | ||||
* | A std::deque's memory is not guaranteed to be contiguous | lloyd | 2014-04-06 | 1 | -1/+1 |
| | |||||
* | Add ECDHE_ECDSA CCM suites | lloyd | 2014-04-05 | 1 | -2/+14 |
| | |||||
* | Compile fixes | lloyd | 2014-02-08 | 2 | -1/+2 |
| | |||||
* | Fix algo factory compile | lloyd | 2014-01-18 | 2 | -2/+0 |
| | |||||
* | Guess I won't be needing these | lloyd | 2014-01-18 | 17 | -17/+0 |
| | |||||
* | More unique_ptr | lloyd | 2014-01-18 | 2 | -2/+2 |
| | |||||
* | Rename the various pubkey padding schemes to match the common names. | lloyd | 2014-01-18 | 1 | -2/+2 |
| | | | | Way back when, following IEEE 1363 naming seemed like a good idea. But not so much. | ||||
* | Split up docs into the reference manual, the website, and everything else. | lloyd | 2014-01-10 | 1 | -0/+2 |
| | | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool | ||||
* | Move lib into src | lloyd | 2014-01-10 | 57 | -0/+11634 |