| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
the ciphersuite code and a set of strings specifying the underlying
suite algorithms. Remove it entirely.
Some things are likely broken. One I know about is that we always send
the hash/signature type indicator but should only do so for TLS >= 1.2
|
| |
|
|
|
|
| |
remain broken.
New interface for querying the TLS extensions, much cleaner.
|
| |
|
|
|
|
|
|
| |
basic connection with a GnuTLS server does work. Currently we don't
respect the signature_algorithms extension at all, and using SHA-256
with a 12-byte finished value is hardcoded though the spec is that it
can depend on the ciphersuite (likely relevant for GOST ciphersuites
in particular).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
entire handshake state in many cases makes things simpler to update,
in that each message type already knows what it needs depending on the
version, params, etc, and this way a) that knowledge doesn't need to
percolate up the the actual client and server handshake code and b)
each message type can be updated for new formats/version without
having to change its callers. Downside is it hides the dependency
information away, and makes it non-obvious what needs to be created
beforehand for each message to work correctly. However this is
(almost) entirely predicated on the handshake message flows, and these
we control with the next expected message scheme, so this should be
fairly safe to do.
This checkin only updates the ones where it was immediately relevant
but for consistency probably all of them should be updated in the same
way.
|
| |
|
|
|
|
| |
Add getters for major and minor protocoll version on TLS_Session.
Add Certificate_Type code points for ECC certs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pure RSA ciphersuite was negotiated.
Detection of version rollback attacks with pure RSA ciphersuites was
incorrect and would cause failures if the client supported a version
we didn't (eg GnuTLS with TLS 1.2 enabled).
Improve detection of SSLv2 client hellos. In particular, if a client
that only supports SSLv2 connects, we will detect this case and send a
protocol_version alert (which the SSLv2-only client will not
understand, but a packet analyzer probably will) plus an exception
with the message "Client claims to only support SSLv2, rejecting"
instead of the previous much less helpful "Unknown record type"
message.
Remove vestigial support for RSA export ciphersuite key exchange.
|
| |
|
|
|
|
|
|
|
| |
Currently has the same behavior in client and server; if we got a
NO_RENEGOTIATION alert, and we appear to be renegotiating, delete the
state if it exists.
Noticed when talking to OpenSSL 0.9.8g which rejects all renegotiation
requests.
|
| |
|
|
| |
per-se, it's a notification by the client. Rename accordingly.
|
| |
|
|
| |
tested with google.com:443
|
| |
|
|
|
| |
the cache. The current handshake will complete, but the session can
not be resumed later.
|
| | |
|
| |
|
|
| |
specifying if the session should be saved to the session cache.
|
| |
|
|
|
| |
what certs, keys, etc are available to the app. Needs polishing but it
seems like it should be sound.
|
| | |
|
| | |
|
| |
|
|
| |
its own file. Rename tls_state to tls_handshake_state.
|
| |
|
|
|
|
|
|
| |
Add a new callback that is called with the session info when a
handshake completes. Currently only called on the server side as
the client doesn't have session resumption yet.
Rename CipherSuite to TLS_Cipher_Suite.
|
| |
|
|
|
| |
has been completed and if the connection has been definitely closed by
a fatal alert or a close notify.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
client and server. Server side can handle SCSV values as well,
client always sends the extension instead.
Handle an empty SNI extension coming back from the server - this is
used to indicate that it understood the name. Also add better checking
for extensions by passing in what the supposed size of the extension
is.
Only send the secure negotiation extension in the server hello if the
client indicated support for it.
|
| |
|
|
|
| |
extension (client side only at the moment). Add an interface that
allows applications to request renegotiation.
|
| | |
|
| |
|
|
|
|
|
|
| |
Add support for sending and reading the SRP identifier extension.
Add some helper classes for managing TLS extensions
Add ciphersuite codes for SRP key exchange.
|
| | |
|
| |
|
|
|
|
|
|
| |
send out inputs as they are available. Thus, flushing is never
required, and we avoid some unnecessary copying.
If we are using a CBC mode cipher in SSLv3/TLSv1.0, send a 1-byte
fragment to start to prevent the adaptive plaintext attack.
|
| |
|
|
| |
hashing.
|
| |
|
|
|
| |
TLS 1.0/1.1, SSLv3 uses a different hash format. Only RSA certs tested
so far.
|
| |
|
|
|
|
| |
Pass a session manager to TLS_Client's constructor. Currently unused.
Add time-based session expiration to the in-memory session cache.
|
| | |
|
| |
|
|
| |
with TLS at the moment, SessionKeys is a mess.
|
| |
|
|
|
|
|
|
| |
handshake, keep track of exactly which handshake message type(s) we
can expect and assert before processing that what we recieved is what
we expected. Contrast with previous 'checking' which was more in the
style 'could we perhaps plausibly do something with this message?'
aka broken.
|
| | |
|
| |
|
|
| |
Also delete the obsolete/never worked CMS examples
|
| |
|
