| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
using a custom allocator. Currently our allocator just does new/delete
with a memset before deletion, and the mmap and mlock allocators have
been removed.
|
| |
|
|
|
|
|
|
| |
Add SRP hooks in the examples
Fix next protocol support in the tls_server example.
|
|
|
|
|
|
|
|
|
|
| |
Initial outline of server side SRP support. Need to figure out how to
transfer the v, b, B params from the server key exchange message to
the client key exchange. The DH variants do this by passing a
Private_Key via server_kex_key call, but wrapping SRP params in a
Private_Key really doesn't feel right. Not sure what to do here.
Possibly both SRP and DH should return a Key_Exchange_Material* that a
client key exchange knows how to dynamic cast on.
|
|
|
|
|
| |
1.0.1, only the certificate versions tested currently as OpenSSL
doesn't support anon SRP.
|
|
|
|
|
|
|
|
| |
quite differently).
Avoid using a queue for reading certificates.
Hide the version code in the handshake state with a getter and setter.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
up a PSK from an identity.
|
| |
|
|
|
|
| |
the Alert class for namespacing.
|
|
|
|
|
|
|
|
|
|
|
|
| |
ephemeral RSA, and key exchange == "" meant RSA via the key in the
server certificate. However we don't support any of the export suites
anymore (and in fact that code probably never worked), so use kex algo
== "RSA" to represent the server cert case as it's much easier to read
the code and to understand from a policy configuration perspective.
Also fix the default policy, "TripleDES" != "3DES" so we would not
offer (as a client) and would reject (as a server) any 3DES
ciphersuites.
|
|
|
|
|
| |
server handshake flow and into the server and client key exchange
message types. It already was hidden from the client handshake code.
|
| |
|
| |
|
|
|
|
|
|
|
| |
there.
Only named curves supported, likely won't ever support explicit curves
cause that's just asking for problems.
|
|
|
|
|
|
| |
That happens to be true for DH and export RSA key exchanges but isn't
true for ECDH or SRP. (It's almost true for SRP, but if the salt had a
leading zero byte it would be lost in the conversion).
|
|
|
|
| |
for such a minor change.
|
|
|
|
|
| |
everything into a new namespace (Botan::TLS), removing the TLS_
prefixes on everything.
|
|
|
|
|
| |
the client key exchange object to interpret the message on the basis
of the chosen ciphersuite.
|
|
|
|
|
|
|
| |
directly (if it was sent), so that the client implementation doesn't
have to know what key exchange mechanisms we actually support.
Return a value in ECC curves extension serialization method.
|
|
|
|
|
|
|
|
| |
the ciphersuite code and a set of strings specifying the underlying
suite algorithms. Remove it entirely.
Some things are likely broken. One I know about is that we always send
the hash/signature type indicator but should only do so for TLS >= 1.2
|
|
|
|
|
|
| |
Instead deserialize directly in the constructors that are passed the
raw message data. This makes it easier to pass contextual information
needed for decoding (eg, version numbers) where necessary.
|
|
|
|
|
|
| |
stripped out. Would cause failures with DHE in one out of every few
hundred connection attempts where the finished message would not
decrypt properly and the handshake would be rejected.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pure RSA ciphersuite was negotiated.
Detection of version rollback attacks with pure RSA ciphersuites was
incorrect and would cause failures if the client supported a version
we didn't (eg GnuTLS with TLS 1.2 enabled).
Improve detection of SSLv2 client hellos. In particular, if a client
that only supports SSLv2 connects, we will detect this case and send a
protocol_version alert (which the SSLv2-only client will not
understand, but a packet analyzer probably will) plus an exception
with the message "Client claims to only support SSLv2, rejecting"
instead of the previous much less helpful "Unknown record type"
message.
Remove vestigial support for RSA export ciphersuite key exchange.
|
|
|
|
|
|
|
|
| |
Add a new callback that is called with the session info when a
handshake completes. Currently only called on the server side as
the client doesn't have session resumption yet.
Rename CipherSuite to TLS_Cipher_Suite.
|
| |
|
|
|
|
|
| |
TLS 1.0/1.1, SSLv3 uses a different hash format. Only RSA certs tested
so far.
|
| |
|
|
|