aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_session.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Pull the code doing TLS session crypto out to cryptobox for generallloyd2013-03-041-101/+4
| | | | use and call it.
* Add TLS::Server_Information to encapsulate the hostname/port pair.lloyd2012-10-131-7/+19
| | | | | | | Add a service identifier as well, to help out clients which may want to negotiate multiple protocols over a single port and need to keep the sessions disambiguated. Not sure if that is useful, but it might be.
* It seems other implementations define the secure renegotiation flag tolloyd2012-09-121-4/+0
| | | | | | | | be part of the connection rather than part of the session. That really does make more sense, so go with it. Changes the format of serialized sessions, but we already broke that with the crypto change.
* Instead of using static salts in the KDF for generating the cipher andlloyd2012-08-091-7/+22
| | | | | | MAC keys for session encryption, randomly generate two 80-bit salt values which are included in the session blob and run the KDF over the master key and the random salts to create the keys.
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-181-13/+13
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* Huge pile of post merge fixups, mtn really fucked that mergelloyd2012-04-251-10/+13
|
* Limit the lifetime of tickets to Policy::session_ticket_lifetime()lloyd2012-04-041-0/+5
| | | | | | | | | | | | | | | | | seconds and report that value to the client in the NewSessionTicket message. After that point, a session ticket is ignored and a full renegotiation is forced. Only send a new session ticket on a new session, or on a resumed session where the client indicated it supports session tickets but for whatever reason didn't send one in the hello. Perhaps in this case, we should also remove the session from the session manager? Clean up server selection of the ciphersuite a bit, all in an anon function in tls_server instead of scattered over Server, Policy, and Server_Hello. Add Session::session_age and Session_Manager::session_lifetime
* Rework session crypto code. Drop the 4 bytes of zeros reserved forlloyd2012-03-281-37/+53
| | | | | | | | | flags; if params change just regen the magic value and drop old sessions. Check the magic value right from the start. Use constants for internal sizes. Increase default PBKDF2 iterations in the SQLite session manager to 64K.
* Add encryption for the SQLite sessions databaselloyd2012-03-221-6/+6
|
* Server side handling of session tickets, though currently with alloyd2012-03-221-1/+1
| | | | hard-coded key.
* propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-03-221-2/+0
|\ | | | | | | | | | | f761c340d4390c232d1a9896f3fde5c9dec7858b) to branch 'net.randombit.botan.tls-session-ticket' (head bf9feb245aa7185e22948a21a3099acac7237b44)
| * Remove extra BER_Decoder objectlloyd2012-03-221-2/+0
| |
* | Basic protocol message flow for session ticketslloyd2012-03-201-40/+48
| |
* | Small fixes, cleanupslloyd2012-03-191-1/+1
| |
* | Various merge fixups.lloyd2012-03-161-16/+17
| | | | | | | | | | Use AES-256 so we don't encrypt session tickets with a weaker algo than the ciphersuites.
* | propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-03-161-33/+69
|\| | | | | | | | | | | c24b5d6b012131b177d38bddb8b06d73f81f70c4) to branch 'net.randombit.botan.tls-session-ticket' (head 9977d4c118e1ac26425cef676ebf26cd5b2a470e)
| * Indentationlloyd2012-02-271-10/+10
| |
| * PEM encoding. Fix BER decoding. Encode the entire cert chain in thelloyd2012-01-241-20/+48
| | | | | | | | session.
| * Make the version number a proper class, makes many things much easierlloyd2012-01-231-3/+8
| | | | | | | | for such a minor change.
| * Since this branch is hugely API breaking already, go ahead and putlloyd2012-01-231-3/+7
| | | | | | | | | | everything into a new namespace (Botan::TLS), removing the TLS_ prefixes on everything.
* | Outline of RFC 5077 session ticketslloyd2012-01-111-1/+91
|/
* Rename the session type to 'TLS_Session'. Split the manager out intolloyd2011-12-301-0/+94
its own file. Rename tls_state to tls_handshake_state.