aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
Commit message (Collapse)AuthorAgeFilesLines
* Change TLS session encryption to use AES-256/GCM instead of CBC+HMAClloyd2015-01-082-12/+26
|
* Support setting the number of pad bytes in a heartbeat message. Uselloyd2015-01-075-70/+86
| | | | | random instead of all-zero padding. Check on sanity of received pads to the extent possible. Bugzilla 269.
* Remove config used for testing DTLS-SRTPlloyd2015-01-041-3/+2
|
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-0411-134/+293
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-317-95/+122
|
* Fix a couple things pointed out by VC++ warnings.lloyd2014-12-221-4/+0
|
* Add abstract database interface so applications can easily store infolloyd2014-12-207-244/+321
| | | | | | in places other than sqlite3, though sqlite3 remains the only implementation. The interface is currently limited to precisely the functionality the TLS session manager needs and will likely expand.
* Not helpfullloyd2014-11-161-1/+0
|
* A TLS Server can now process either TLS or DTLS but not either,lloyd2014-11-1510-75/+181
| | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing.
* Replace Transformatio::nstart with start_raw so we can do a full setlloyd2014-11-051-3/+3
| | | | of overloads in the base class with the same name.
* Let TLS policy disable putting the timestamp in the hello random fieldslloyd2014-11-046-11/+25
|
* Typolloyd2014-11-041-1/+1
|
* Cleanup handling of TLS AEAD nonce sizes, push all knowledge of whatlloyd2014-11-036-186/+193
| | | | the nonce sizes should be down to the ciphersuite generating script.
* Various small fixes and cleanups, new is_prime utillloyd2014-11-031-4/+4
|
* Fix various warnings from VC++ 2014 and add missing includelloyd2014-10-314-6/+13
|
* No need to pass version by referencelloyd2014-10-312-2/+2
|
* Add TLS fallback signalling (draft-ietf-tls-downgrade-scsv-00)lloyd2014-10-319-26/+69
|
* If the server offers us a SCSV instead of a real ciphersuite send a fatal alertlloyd2014-10-303-0/+17
|
* Add support for DTLS handshake timeouts and retransmissions.lloyd2014-10-068-65/+224
|
* Specify version number in message when we reject due to policylloyd2014-10-062-2/+4
|
* Avoid initializer lists here, VC2013 doesn't like it. Github #18lloyd2014-05-012-5/+7
|
* Compile fixlloyd2014-04-131-2/+2
|
* Have TLS_Data_Reader decoding errors include the actual msg type namelloyd2014-04-1212-44/+47
|
* Verify that the server did not send any extension that the client didn'tlloyd2014-04-116-12/+41
| | | | offer. Previously the client only checked a couple of special cases.
* A std::deque's memory is not guaranteed to be contiguouslloyd2014-04-061-1/+1
|
* Add ECDHE_ECDSA CCM suiteslloyd2014-04-051-2/+14
|
* Compile fixeslloyd2014-02-082-1/+2
|
* Fix algo factory compilelloyd2014-01-182-2/+0
|
* Guess I won't be needing theselloyd2014-01-1817-17/+0
|
* More unique_ptrlloyd2014-01-182-2/+2
|
* Rename the various pubkey padding schemes to match the common names.lloyd2014-01-181-2/+2
| | | | Way back when, following IEEE 1363 naming seemed like a good idea. But not so much.
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-101-0/+2
| | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool
* Move lib into srclloyd2014-01-1057-0/+11634