aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_ciphersuite.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Limit the lifetime of tickets to Policy::session_ticket_lifetime()lloyd2012-04-041-0/+12
| | | | | | | | | | | | | | | | | seconds and report that value to the client in the NewSessionTicket message. After that point, a session ticket is ignored and a full renegotiation is forced. Only send a new session ticket on a new session, or on a resumed session where the client indicated it supports session tickets but for whatever reason didn't send one in the hello. Perhaps in this case, we should also remove the session from the session manager? Clean up server selection of the ciphersuite a bit, all in an anon function in tls_server instead of scattered over Server, Policy, and Server_Hello. Add Session::session_age and Session_Manager::session_lifetime
* Remove the Ciphersuite_Code enum and move all ciphersuitelloyd2012-03-301-257/+1
| | | | | | | | | | | | | | integer->info mapping to tls_suite_info.cpp which is mostly autogenerated by a Python script from the IANA parameters file. The SRP method now uses kex "SRP_SHA" which is what the RFC calls it. (And hypothetically, SRP_SHA256 might be defined at some point and we'd need to be able to distinguish them). Remove IDEA ciphersuite; we don't want to require IDEA be available due to the European patent still being valid (IIRC), but I didn't want to have to hand-edit the autogenerated switch with an #if check. Not a huge issue though as most sites don't support it anyway.
* Bad conditionallloyd2012-02-281-1/+1
|
* Support getting ciphersuites by name as well as suite IDlloyd2012-01-281-1/+17
|
* Add Camellia ciphersuites from RFC 4132.lloyd2012-01-281-4/+24
| | | | | | Fix Ciphersuite_Preference_Ordering which treated two ciphersuites with the same algos but different keylengths as equivalent, causing them to be lost. Always prefer the longer key.
* Add anon SRP ciphersuites to the list, add missing _CBC on thelloyd2012-01-281-6/+17
| | | | existing enum values.
* Support alternate PRF hashes in TLS 1.2. Add support for the SHA-384lloyd2012-01-281-1/+16
| | | | ciphersuites.
* Change naming convention to match RFCslloyd2012-01-271-14/+10
|
* Working though somewhat clumsy DHE_PSK and ECDHE_PSK. Tested against GnuTLSlloyd2012-01-271-9/+38
|
* Add client-side support for PSK kex. Tested against OpenSSL.lloyd2012-01-271-1/+11
|
* In earlier versions, key exchange == "RSA" meant export-stylelloyd2012-01-251-10/+10
| | | | | | | | | | | | ephemeral RSA, and key exchange == "" meant RSA via the key in the server certificate. However we don't support any of the export suites anymore (and in fact that code probably never worked), so use kex algo == "RSA" to represent the server cert case as it's much easier to read the code and to understand from a policy configuration perspective. Also fix the default policy, "TripleDES" != "3DES" so we would not offer (as a client) and would reject (as a server) any 3DES ciphersuites.
* Fix printing PSK ciphersuites. Better assert msg.lloyd2012-01-251-13/+15
|
* Go back to choosing the ciphersuite based on the server's preferences.lloyd2012-01-251-0/+20
| | | | | | | | | The client can constrain their offering if they want to. Add identifiers for PSK suites (not implemented) Rename hide_unknown_srp_users to hide_unknown_users as it can be used for PSK as well.
* s/tls_suites/tls_ciphersuite/lloyd2012-01-241-0/+228
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 11:17:28 +0000