Branch: Tag:

2019-12-04

2019-12-04 21:53:34 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.clientConnection: Session tickets (RFC 4507 and RFC 5077).

Client side support for session tickets.

Implementation only verified against itself.

Backported from 95ad6e4388b6576d7012110efe0edb3479a8422f by Tobias
Josefowitz.

2019-12-04 21:10:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ServerConnection: Session tickets (RFC 4507 and RFC 5077).

Server side support for session tickets.

Note that the default ticket encoding is to use the session_id,
it thus uses server side state. The ticket encoding can be changed
by overriding {en,de}code_ticket() in SSL.Context.

Implementation verified against OpenSSL's s_client.

Backported from 372b2a05d05fa0d0e052e6634d2acf8d03629ed4 by Tobias
Josefowitz.

2019-10-07

2019-10-07 10:46:53 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed typo.

2019-10-04

2019-10-04 16:05:36 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added SSL_invalid_suite.

2019-10-04 15:57:01 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added SSL_invalid_suite.

2019-06-27

2019-06-27 16:54:51 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed some fall out from the renamed EdDSA constants.

2019-06-24

2019-06-24 12:54:19 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Renamed some EdDSA-related constants for consistency.

2019-06-10

2019-06-10 13:50:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some constants for RSA PSS signatures.

2019-06-06

2019-06-06 10:08:02 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some support for Ed25519 certificates.

2019-06-02

2019-06-02 20:45:40 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Enable ECDHE with Curve 25519 by default.

Verified to work with www.google.com after the recent Curve25519 fix.

2019-05-31

2019-05-31 10:40:08 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some support for Ed25519 and Ed448 certificates.

2019-05-29

2019-05-29 14:52:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Documentation [SSL.Constants]: Updated AutoDoc.

2019-05-28

2019-05-28 11:38:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Use SignatureScheme instead of array({Hash,Signature}Algorithm).

2019-05-28 09:25:54 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Renumbered HASH_* in preparation for using SignatureScheme.

2019-05-26

2019-05-26 17:15:27 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed typo.

2019-05-26 10:48:40 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.constants: Added some entries from RFC 8422.

2019-05-24

2019-05-24 14:26:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Hide experimental cipher suites.

2019-03-19

2019-03-19 12:33:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Merge commit '722771973bd' into patches/lyslyskom22891031

* commit '722771973bd': (6177 commits)
Verify that callablep responses are aligned with reality.
...

2019-03-14

2019-03-14 10:39:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Merge commit '2470270f500c728d10b8895314d8d8b07016e37b' into grubba/typechecker-automap

* commit '2470270f500c728d10b8895314d8d8b07016e37b': (18681 commits)
Removed the old typechecker.
...

2018-11-04

2018-11-04 16:11:11 by Arne Goedeke <el@laramies.com>

Merge remote-tracking branch 'origin/master' into new_utf8

2018-11-03

2018-11-03 14:21:37 by Marcus Comstedt <marcus@mc.pp.se>

Merge remote-tracking branch 'origin/8.1' into gobject-introspection

2018-02-15

2018-02-15 15:54:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Merge commit '75c9d1806f1a69ca21c27a2c2fe1b4a6ea38e77e' into patches/pike63

* commit '75c9d1806f1a69ca21c27a2c2fe1b4a6ea38e77e': (19587 commits)
...

2017-12-31

2017-12-31 23:19:10 by Peter Bortas <bortas@gmail.com>

Merge remote-tracking branch 'origin/8.1' into peter/travis

2017-12-12

2017-12-12 13:41:02 by Martin Nilsson <nilsson@fastmail.com>

Sparse list of version support added.

2017-12-10

2017-12-10 01:14:30 by Martin Nilsson <nilsson@fastmail.com>

Added some new 1.3 constants.

2017-12-09

2017-12-09 10:12:14 by Martin Nilsson <nilsson@fastmail.com>

Remove 1.3 logic, as the handshake is completely overhauled.

2017-06-12

2017-06-12 00:17:57 by Martin Nilsson <nilsson@fastmail.com>

8.0 compat

2017-05-29

2017-05-29 15:25:08 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added lookup entries for Crypto.ECC.Curve25519.

2016-09-28

2016-09-28 09:50:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL [ECC]: Fixed multiple typos.

Fixes broken ECC_CURVES lookup table.

2016-09-28 09:45:39 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL [ECC]: Fixed multiple typos.

Fixes broken ECC_CURVES lookup table.

2016-09-24

2016-09-24 12:38:20 by Martin Nilsson <nilsson@fastmail.com>

Fix for missing SECP curves.

2016-09-24 12:32:55 by Martin Nilsson <nilsson@fastmail.com>

Fix for missing SECP curves.

2016-09-17

2016-09-17 12:03:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed typo in name of constant.

2016-09-17 12:03:18 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed typo in name of constant.

2016-08-29

2016-08-29 14:15:43 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants [Documentation]: Some notes about ALPN.

2016-08-20

2016-08-20 10:10:12 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added enum Extension.

Fixes some documentation references.

2016-08-16

2016-08-16 14:41:14 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Updated with references to RFC 7905.

2016-08-11

2016-08-11 13:44:43 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.DH [SSL]: Updated with references to RFC 7919.

2016-08-03

2016-08-03 10:21:20 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Documentation [SSL]: Document the fmt_*() functions.

2016-07-21

2016-07-21 07:16:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some values from RFC 5878.

2016-07-15

2016-07-15 09:03:21 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.clientConnection: Session tickets (RFC 4507 and RFC 5077).

Client side support for session tickets.

Implementation only verified against itself.

2016-07-12

2016-07-12 12:10:08 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Renamed some constants from RFC 4507 / RFC 5077.

They now follow the usual naming conventions.

2016-07-03

2016-07-03 11:14:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: The list of cipher suites is now an enum.

2016-05-16

2016-05-16 16:13:12 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added EXTENSION_draft_version.

2016-04-14

2016-04-14 22:01:00 by Martin Nilsson <nilsson@fastmail.com>

Don't use ECC whith unknown point format.

2016-03-16

2016-03-16 16:19:13 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added GROUP_ecdh_x*.

2016-02-26

2016-02-26 21:04:36 by Martin Nilsson <nilsson@fastmail.com>

Add TLS_ecdhe_psk_with_aes_128_gcm_sha256 from BoringSSL.

2016-02-19

2016-02-19 17:23:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added TLS_ecdhe_psk_with_aes_128_gcm_sha256.

This suite and constant is defined by BoringSSL.

2015-12-18

2015-12-18 13:52:09 by Martin Nilsson <nilsson@fastmail.com>

Rename preferred_auth_methods to client_auth_methods, and fill it with actual certificate type information.

2015-12-09

2015-12-09 10:41:16 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Reduce estimated strength of RC4 to 38 bits.

2015-12-07

2015-12-07 08:25:46 by Martin Nilsson <nilsson@fastmail.com>

Get rid of the undefined authlevel that used to be the default.

2015-12-02

2015-12-02 12:47:32 by Martin Nilsson <nilsson@fastmail.com>

Added AUTHLEVEL_verify that will not require any optional certificates, but will verify any it gets.

2015-11-01

2015-11-01 17:56:56 by Martin Nilsson <nilsson@fastmail.com>

Rename HASH_sha to HASH_sha1.

2015-10-30

2015-10-30 15:04:34 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some constants from RFC 4681.

2015-10-26

2015-10-26 16:53:45 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL [Notes]: Some more RFC updates.

More drafts that now are RFCs.

2015-10-26 11:16:45 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Protocol version handling cleanup.

The protocol version is now represented the same way everywhere;
a 16-bit integer with the major (ie 3) in the high 8 bits, and
the minor in the low 8 bits.

Previously there was a mix between having a two element array,
and just keeping track of the minor.

Also strengthens the types of version variables in a few places.

2015-10-26 10:23:17 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Renumber the CipherModes.

Attempt to have a the cipher modes in approximate order of strength,
so that cipher_suite_sort_key() doesn't need to get more complicated.

2015-10-26 10:22:46 by Martin Nilsson <nilsson@opera.com>

New temp assignment for padding extension. Added some RFC references.

2015-10-26 10:18:39 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing CCM constants from RFC 6655.

2015-10-26 10:17:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Applied errata to RFC 6367.

The constant TLS_psk_with_camellia_128_gcm_sha256 had a typo in the RFC,
which made it conflict with TLS_ecdh_rsa_with_camellia_256_gcm_sha384.

2015-10-25

2015-10-25 09:45:46 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL [Notes]: Updated list of RFCs.

Several drafts are now RFCs.

Also reduces claimed implementation level for RFC 7627 due to
interoperation problems.

2015-10-23

2015-10-23 16:29:25 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Reordered EXTENSION symbols somewhat.

2015-10-23 16:27:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some curves from RFC 7027.

2015-10-23 09:50:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Fix priorities for anonymous cipher suites.

Anonymous key exchange suffers from man in the middle attackability,
so make sure that they are only chosen when there are no supported
authenticated suites.

2015-10-23 09:39:04 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some constants from RFC 4492.

Also adds some related low-level support for ECC key exchanges.

2015-10-23 09:36:35 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Removed some dead code.

2015-10-22

2015-10-22 13:03:42 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more AES-GCM cipher suites.

2015-10-21

2015-10-21 15:24:29 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some AES-GCM cipher suites.

2015-10-21 15:18:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for AEAD ciphers.

Implements the TLS 1.2 protocol-level support for AEAD cipher suites.

No AEAD cipher suites have been added yet.

2015-10-20

2015-10-20 12:35:19 by Martin Nilsson <nilsson@opera.com>

Change CAMELLIA to Camellia to be consistent with other non-acronym ciphers.

2015-10-20 10:18:58 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Added get_suites().

Generate the cipher suite selection from CIPHER_SUITES, so
that it always is up to date, and has the correct order.

This gets rid of the hard-coded tables preferred_rsa_suites and
preferred_dhe_dss_suites.

Pike 7.8 only: preferred_rsa_suites and preferred_dhe_dss_suites
have been replaced with getters generating the same content.

2015-10-20 10:00:23 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Reduce the estimated strength of DES40.

2015-10-20 09:57:05 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added KE_fortezza for completeness.

2015-10-20 09:54:16 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Added a few more DES-40 cipher suites.

2015-10-19

2015-10-19 15:38:11 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed TLS_dhe_rsa_with_aes_256_cbc_sha256.

2015-10-19 15:38:09 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some SHA256 cipher suites.

Also reduces priority of the rsa_with_idea_cbc_sha suite,
and adds some comments about when suites went obsolete.

2015-10-19 15:30:41 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Support HMAC using SHA256.

Also adds a few cipher suites using this HMAC.

2015-10-19 15:28:15 by Arne Goedeke <el@laramies.com>

Crypto: Added SHA 224, 384 and 512.

Also adjusts the ASN.1 identifier for SHA256 to make Pike 8.0 happy.

2015-10-16

2015-10-16 15:13:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Improved compat with Pike 7.8.930 and earlier.

Pike 7.8.930 and earlier have a Crypto.Buffer without set_iv(), so
they can't support TLS 1.1 and later in a reasonably simple way.

2015-10-16 15:03:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Enable support for TLS 1.2.

This mainly adds some minimal support for TLS 1.2 signatures,
with which all the requirements for TLS are fulfilled.

Seems to interoperate with gnutls:
- Description: (TLS1.2-PKIX)-(DHE-RSA-1024)-(CAMELLIA-256-CBC)-(SHA1)
- Session ID: 52:93:96:96:50:69:6B:65:53:53:4C:33:00:00:00:1F
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1020 bits
- Peer's public key: 1024 bits
- Version: TLS1.2
- Key Exchange: DHE-RSA
- Server Signature: RSA-SHA1
- Cipher: CAMELLIA-256-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

2015-10-16 13:20:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Added KeyExchangeNULL.

The SSL_null_with_null_null cipher suite now works (when enabled).

Removes KeyExchangeGeneric, since it is no longer in use.

2015-10-16 10:26:09 by Martin Nilsson <nilsson@opera.com>

SSL: Made client_random more random.

Added a padding extension to survive f5 terminators with old firmware.

2015-10-16 09:44:38 by Martin Nilsson <nilsson@opera.com>

Compilation fix

2015-10-16 09:44:09 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: The debug code now knows about SSL 2.0.

SSL 2.0 constants may show up in HANDSHAKE_hello_v2 messages,
so make sure the debug code can display them properly.

2015-10-15

2015-10-15 14:32:59 by Arne Goedeke <el@laramies.com>

Crypto: compatibility with older nettle versions

SALSA20, CAMELLIA, SHA384 and SHA512 are not available in older nettle versions

2015-10-15 14:32:57 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for some CAMELLIA cipher suites.

2015-10-15 14:11:23 by Martin Nilsson <nilsson@opera.com>

SHA256 not supported yet.

2015-10-15 14:04:53 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Define and enable the DHE_RSA cipher suites.

NB: This will probably break the testsuite, since the DHE_RSA
key exchange isn't supported in the SSL client yet.

2015-10-15 14:03:53 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more notes about required cipher suites.

2015-10-15 14:03:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added HashAlgorithm enum.

2015-10-15 14:02:56 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Adjusted the estimated effective keylengths.

The effective keylengths for DES and DES3 are much less
than the respective full keylengths.

Also renamed CIPHER_algorithms to CIPHER_effective_keylengths
to better indicate what it is.

2015-10-15 14:01:22 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Updated with constants from RFC 5932, 6209, 6367 and 6655.

These RFCs define cipher suites for ARIA, CAMELLIA and AES-CCM.

Also adds notes about relevant RFCs.

2015-10-15 10:20:54 by Martin Nilsson <nilsson@opera.com>

Updated list of TLS extensions from IANA.

2015-10-14

2015-10-14 15:30:18 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added context()->filter_weak_suites().

Both context()->{rsa,dhe_dss}_mode() now take an optional argument and call filter_weak_suites().
Also moved the default sets of preferred cipher suites to Constants.preferred_*_suites.
SSL.Constants.CIPHER_algorithms is now a mapping (was a multiset).

2015-10-14 15:15:34 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for specifying the minimum and maximum versions of SSL.

The minimum and maximum accepted SSL/TLS versions are
configured by setting the corresponding variables in the
context object.

This is in line with how other SSL parameters are configured.

2015-10-14 13:40:57 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: ALERT_descriptions is now a mapping, and now contains all known alerts.

2015-10-14 12:23:28 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: TLS 1.1 (aka SSL 3.2) is now supported!

2015-10-14 12:23:24 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Parameterized the SSL protocol version.

Backported from Pike 8.0.

2015-09-18

2015-09-18 14:56:49 by Martin Nilsson <nilsson@fastmail.com>

Disable chacha20-poly1305 until we managed to interoperate with another implementation.

2015-09-07

2015-09-07 15:01:04 by Martin Nilsson <nilsson@fastmail.com>

Our key derivation for ChaCha20Poly1305 isn't correct.

2015-09-01

2015-09-01 11:53:57 by Per Hedbor <ph@opera.com>

Merge branch '8.1' into per/substrings

2015-08-28

2015-08-28 14:54:56 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Adjusted some symbol names.

Make sure that the names of the KRB5 export suites actually contain "export".

2015-08-28 14:50:24 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Adjusted some symbol names.

Make sure that the names of the KRB5 export suites actually contain "export".

2015-08-22

2015-08-22 18:54:15 by Martin Nilsson <nilsson@fastmail.com>

Support linking direct to RFC anchor.

2015-08-21

2015-08-21 23:56:32 by Martin Nilsson <nilsson@fastmail.com>

Use @rfc{@} autodoc syntax.

2015-07-09

2015-07-09 14:39:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added ALPN protocol identifiers.

2015-07-09 14:38:59 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added ALPN protocol identifiers.

2015-05-26

2015-05-26 10:33:42 by Martin Nilsson <nilsson@opera.com>

Removed trailing spaces.

2015-05-20

2015-05-20 17:31:27 by Per Hedbor <ph@opera.com>

SSL.Constants.CertificatePair: Be rather permissive.

Allow the certificates to be specified in the reverse order.

This is the order stunnel wants, and out of six different .der files
from three different authorities three are reversed to begin with.

So, I think it makes sense to just reverse the order when needed.

2015-05-20 17:30:41 by Per Hedbor <ph@opera.com>

SSL.Constants.CertificatePair: Be rather permissive.

Allow the certificates to be specified in the reverse order.

This is the order stunnel wants, and out of six different .der files
from three different authorities three are reversed to begin with.

So, I think it makes sense to just reverse the order when needed.

2015-04-25

2015-04-25 13:23:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Updates from RFC 7507.

The TLS Downgrade SCSV draft is now an RFC.

2015-04-13

2015-04-13 08:43:17 by Martin Nilsson <nilsson@opera.com>

Potentially more correct.

2015-04-10

2015-04-10 15:58:12 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more cipher strength notes.

2015-04-09

2015-04-09 12:28:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Reduce estimated strength of RC4 to 38 bits.

2015-04-05

2015-04-05 22:44:21 by Martin Nilsson <nilsson@opera.com>

Renumber the KE enums.

2015-04-05 22:27:35 by Martin Nilsson <nilsson@opera.com>

Added the final defined PSK suites, ECDHE. The suite lookup table test broke as always, but all the defined ciphers appears to work.

2015-04-05 03:14:19 by Martin Nilsson <nilsson@opera.com>

Treat deprecated alerts as fatal.

2015-03-09

2015-03-09 19:43:54 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Reduce estimated strength of RC4 to 38 bits.

2015-03-06

2015-03-06 13:53:20 by Martin Nilsson <nilsson@opera.com>

Remove redundant PROTOCOL_SSL constants.

2015-03-06 13:37:52 by Martin Nilsson <nilsson@opera.com>

Doc fixes.

2015-03-05

2015-03-05 18:28:12 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added constants for the private ffdhe range.

2015-03-05 18:27:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Updated FFDHE to draft-ietf-tls-negotiated-ff-dhe-07.

The reintroduction of GROUP_ffdhe2432 in draft #6 was apparently
a cut-and-paste bug.

Also extends the group selection heuristic to use GROUP_ffdhe6144.

2015-03-05 17:58:41 by Martin Nilsson <nilsson@opera.com>

Latest FFDHE draft is a bit inconsistent with protocol definitions and defined fields. It appears though like 2048 is replaced with 2432, though 2432 isn't defined in the appendix.

2015-03-04

2015-03-04 19:57:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Added KeyExchangeExportRSA.

This breaks out the handling of export-RSA from KeyExchangeRSA in
order to reduce the attack surface for attacks like FREAK.

2015-03-04 19:54:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added KE_rsa_export.

This is in preparation for breaking out the export-RSA handshaking
from KeyExchangeRSA.

2015-03-04 17:19:07 by Martin Nilsson <nilsson@opera.com>

Updated to ff-dhe draft 06.

2015-02-24

2015-02-24 02:51:42 by Martin Nilsson <nilsson@opera.com>

Update some draft references.

2015-02-23

2015-02-23 15:37:29 by Martin Nilsson <nilsson@opera.com>

RSA PSK now works.

2015-02-23 13:04:49 by Martin Nilsson <nilsson@opera.com>

Remove all ECC from KE mask when no common curves were found.

2015-02-23 12:27:39 by Martin Nilsson <nilsson@opera.com>

Added cpp gaurds for SHA384 (Added in Nettle 2.1)

2015-02-22

2015-02-22 18:37:49 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Implemented EXTENSION_extended_master_secret.

2015-02-19

2015-02-19 17:13:10 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Survive without Camellia and GCM.

2015-02-19 16:27:20 by Martin Nilsson <nilsson@opera.com>

Documentation of CIPHER_SUITES

2015-02-19 16:17:17 by Martin Nilsson <nilsson@opera.com>

Added support for DHE PSK.

2015-02-19 14:53:32 by Martin Nilsson <nilsson@opera.com>

Suite definitions for PSK suites.

2015-02-18

2015-02-18 16:25:32 by Martin Nilsson <nilsson@opera.com>

KE_psk and KE_dhe_psk also doesn't need a certificate.

2015-01-25

2015-01-25 00:57:00 by Martin Nilsson <nilsson@opera.com>

Synchronize with latest FF-DHE draft.

2015-01-19

2015-01-19 12:47:47 by Martin Nilsson <nilsson@opera.com>

Document AUTHLEVEL a bit.

2015-01-18

2015-01-18 12:27:35 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Implemented TLS 1.3 draft 4 CertificateVerify.

2015-01-08

2015-01-08 17:03:41 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added STATE_wait_for_key_share.

This state will be used in TLS 1.3.

2015-01-05

2015-01-05 11:51:57 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: client_hello() now knows about early_data.

The early_data extension is used in TLS 1.3 to keep backward
compatibility. Unfortunately no code point for the extension
has been allocated yet, so the selected code point will most
likely change.

2015-01-01

2015-01-01 21:31:23 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Updated some HANDSHAKE_* constants from TLS 1.3.

The TLS 1.3 draft in progress has renumbered these constants.

2014-12-26

2014-12-26 00:29:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added HANDSHAKE_hello_retry_request from TLS 1.3 draft 3.

2014-12-20

2014-12-20 18:41:10 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more notes about DTLS.

2014-12-19

2014-12-19 16:32:59 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some DTLS constants.

2014-12-16

2014-12-16 16:47:13 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: validate_dh() now knows about the FFDHE groups.

Also adds the MODP groups of equivalent strength.

2014-12-14

2014-12-14 15:00:11 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Updated constants from FFDHE draft 4.

Negotiated FFDHE Parameters for TLS draft 4 (and 3) replaces and
removes some groups and renumbers some constants.

Also adds the FFDHE_GROUPS lookup table.

2014-12-04

2014-12-04 19:27:16 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more constants.

2014-12-04 19:27:16 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: ALPN is now RFC 7301.

2014-12-04 19:27:13 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Updated to the new Crypto.Sign API.

2014-12-04 19:26:50 by Martin Nilsson <nilsson@opera.com>

Whitespace fix.

2014-12-04 19:26:50 by Martin Nilsson <nilsson@opera.com>

OO harder. Let CertificatePair sort themselves according to perceived certificate strength.

2014-12-04 19:26:50 by Martin Nilsson <nilsson@opera.com>

Moved and trimmed code to generate CipherPair glob array to separate function.

2014-12-04 19:26:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Updated the list of RFCs and drafts.

ALPN is now RFC 7301.

2014-12-04 19:26:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Implemented support for the fallback SCSV.

This adds support for the protocol extension SCSV specified in
draft-ietf-tls-downgrade-scsv as of 2014-07-04.

This protects clients renegotiating failed connections with lower
protocol versions from MITM downgrade attacks, by informing the
server that the client actually supports a higher protocol version
than the one it is currently using.

2014-12-04 19:26:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some constants from RFC 7250.

2014-12-04 19:26:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added cipher suites from RFC 7251.

This adds ECDHE/ECDSA variants of the AES-CCM suites from RFC 6655.

NB: Note that there still doesn't seem to be any corresponding
suites with ECDHE/RSA.

2014-12-04 19:26:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added EXTENSION_encrypt_then_mac.

This value was recently allocated to draft-ietf-tls-encrypt-then-mac.

2014-12-04 19:26:33 by Martin Nilsson <nilsson@opera.com>

sslfile -> File and sslport -> port

2014-12-04 19:26:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for the subjectAltName extension.

2014-12-04 19:26:32 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Don't attempt ECDH suites if we don't have ECC.

Thanks to Chris Angelico <rosuav@gmail.com> for the report.

Fixes [LysLysKOM 20839290]/[Pike mailinglist 13992].

2014-12-04 19:26:29 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants.ConnectionState: Added some composite values.

Adds some constants for common composite values, and updates
SSL.Connection to use them.

2014-12-04 19:26:28 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Unified several state variables into one.

SSL.Connection()->{closing,dying,handshake_finished} are now unified
into SSL.Connection()->state with named states.

It also keeps track of some of the stuff in SSL.sslfile()->close_state and
SSL.sslfile()->close_packet_send_state, which are likely to be removed soon.

2014-12-04 19:26:21 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for the ChaCha20-Poly1305 suites.

2014-12-04 19:26:08 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Unified the handshake states.

Now that there is separate code for the server and client
handshake state-machines, there's no reason for them to
have different STATE_* codes.

Also splits and moves finished_packet() to {Client,Server}Connection.

2014-12-04 19:26:03 by Martin Nilsson <nilsson@opera.com>

Move STATE_* constants to Constants to reuse debug code.

2014-12-04 19:25:58 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Moved GCM to a Cipher submodule.

The various tastes of GCM now follow the AEAD API properly.

Crypto.GCM is no more, instead there are Crypto.AES.GCM,
Crypto.Camellia.GCM etc.

Also updates the SSL code accordingly.

2014-12-04 19:25:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: More KE_rsa_fips suites.

According to comments in <nss/sslproto.h> these two suites were
old aliases for the other two KE_rsa_fips suites.

Also adjusts the names to match NSS's names for the two constants.

2014-12-04 19:25:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support KE_rsa_fips.

This seems to have been a key exchange method used to test the TLS 1.0 PRF
during SSL 3.0.

SSL_rsa_fips_with_3des_ede_cbc_sha interoperates with Firefox 24.4.0.

2014-12-04 19:25:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Heartbeats now actually work.

Fixed multiple typos that caused the heartbeat code to fail.

2014-12-04 19:25:50 by Martin Nilsson <nilsson@opera.com>

Replace almost unused KE_TO_SA with KE_Anonymous. Removed the SSL module internal SIGNATURE constants.

2014-12-04 19:25:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Changed argument order for fmt_constant().

The new order allows fmt_constant() to be used directly in eg map().

Also gets rid of fmt_curve().

2014-12-04 19:25:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing MD5 suites.

Note: These suites are in the range earlier reserved for private use.

2014-12-04 19:25:48 by Martin Nilsson <nilsson@opera.com>

Updated comment.

2014-12-04 19:25:47 by Martin Nilsson <nilsson@opera.com>

Improved debug

2014-12-04 19:25:45 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Use find_cert() on the client too.

find_cert() in the context object is now used to select suitable
client certificates in addition to server certificates.

2014-12-04 19:25:45 by Martin Nilsson <nilsson@opera.com>

Remove last traces of SSL2 support.

2014-12-04 19:25:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Moved configuration of version restrictions to the context.

The minimum and maximum accepted SSL/TLS versions are now
configured by setting the corresponding variables in the
context object.

This is in line with how other SSL parameters are configured.

2014-12-04 19:25:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Protocol version handling cleanup.

The protocol version is now represented the same way everywhere;
a 16-bit integer with the major (ie 3) in the high 8 bits, and
the minor in the low 8 bits.

Previously there was a mix between having a two element array,
and just keeping track of the minor.

Also strengthens the types of version variables in a few places.

2014-12-04 19:25:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added fmt_version().

Added convenience function for formatting an SSL/TLS version number.

2014-12-04 19:25:42 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support the heartbeat extension (RFC 6520).

Heartbeats are enabled if possible, and heartbeat responses are
sent automatically.

NB: No code for automatically sending heartbeat requests exists yet.

2014-12-04 19:25:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added TLS_dhe_dss_with_rc4_128_sha.

This suite was part of draft-ietf-tls-56-bit-ciphersuites-01.txt
and caused the testsuite to fail by not being implemented. It
also seems to be in use by gnutls 3.2.12.

2014-12-04 19:25:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more RFC notes.

2014-12-04 19:25:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more cipher suite constants.

These suites from draft-ietf-tls-56-bit-ciphersuites-01.txt
are apparently in use by some versions of MSIE.

2014-12-04 19:25:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for the max_fragment_length extension.

2014-12-04 19:25:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added KE_* constants for PSK and SRP.

2014-12-04 19:25:36 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added the CCM cipher suites from RFC 6655.

2014-12-04 19:25:36 by Martin Nilsson <nilsson@opera.com>

Improved debug output.

2014-12-04 19:25:36 by Martin Nilsson <nilsson@opera.com>

Added SIGNATURE_any (which possibly is a misleading name) to give you all non-anonymous signatures. Improved default to not be limited to RSA.

2014-12-04 19:25:36 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Renumber the CipherModes.

Attempt to have a the cipher modes in approximate order of strength,
so that cipher_suite_sort_key() doesn't need to get more complicated.

2014-12-04 19:25:35 by Martin Nilsson <nilsson@opera.com>

New temp assignment for padding extension. Added some RFC references.

2014-12-04 19:25:35 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing CCM constants from RFC 6655.

2014-12-04 19:25:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for some DH cipher suites.

This adds support for the DH_DSS and DH_RSA key exchange
methods, and adds the corresponding cipher suites.

Note that the only difference between the two is whether the
server certificate is signed with DSS or RSA.

2014-12-04 19:25:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing cipher suites.

All cipher suites that are possible to implement without adding
more code to SSL.Cipher et al, should now be present in the
CIPHER_SUITES table.

2014-12-04 19:25:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed some typos in CIPHER_SUITES.

Most of the typos were using Diffie-Hellman Ephemeral keyexchange
where it should be plain Diffie-Hellman.

2014-12-04 19:25:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Applied errata to RFC 6367.

The constant TLS_psk_with_camellia_128_gcm_sha256 had a typo in the RFC,
which made it conflict with TLS_ecdh_rsa_with_camellia_256_gcm_sha384.

2014-12-04 19:25:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added filtering of DH_DSS/DH_RSA on cert type.

Refactors the certificate selection by using bitmasks on
the key exchange algorithm. This should provide a minor
speedup of the certificate selection code.

Also unifies handling of DH_DSS/DH_RSA and ECDH_ECDSA/ECDH_RSA
when TLS 1.2 or later is in use.

2014-12-04 19:25:32 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for some ECDH cipher suites.

This adds support for the ECDH_ECDSA and ECDH_RSA key exchange
methods, and adds the corresponding cipher suites.

Note that the only difference between the two is whether the
server certificate is signed with ECDSA or RSA.

2014-12-04 19:25:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants.CertificatePair: Fixed typo in debug.

2014-12-04 19:25:30 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants.CertificatePair: Added _sprintf().

2014-12-04 19:25:29 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added CertificatePair.

Objects of this type will be used to keep track of certificates and
their corresponding keys.

2014-12-04 19:25:29 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more lookup tables.

2014-12-04 19:25:29 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added fmt_cipher_suite().

2014-12-04 19:25:20 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added fmt_constant().

Added convenience function for formatting the various SSL constants.

2014-12-04 19:25:16 by Martin Nilsson <nilsson@opera.com>

Allow the server to have more than one cipher suite, so that suite selection can be tested (although not tested yet). Added explicitly destructs of client and server, which appears to be needed.

2014-12-04 19:25:10 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added quite a few ECDSA suites.

2014-12-04 19:25:06 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed typo in extension symbol name.

The constant EXTENSION_user_mapping had an extraneous 'S' in the name.

Also some related cosmetic fixes.

2014-12-04 19:25:06 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some curves from RFC 7027.

2014-12-04 19:25:05 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Survive without Crypto.Arctwo and Crypto.IDEA.

Arctwo isn't available in old releases of Nettle,
and IDEA may be disabled in some versions of Nettle.

2014-12-04 19:25:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Fix priorities for anonymous cipher suites.

Anonymous key exchange suffers from man in the middle attackability,
so make sure that they are only chosen when there are no supported
authenticated suites.

2014-12-04 19:25:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for some anonymous cipher suites.

Implements support for the ecdh_anon key exchange, and
adds cipher suites using dh_anon and ecdh_anon.

2014-12-04 19:25:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: First go at supporting deflate compression.

This implements RFC 3749.

2014-12-04 19:25:02 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Enabled suites using ECDHE_RSA key exchange.

This adds support for some of the suites from RFC 4492,
RFC 5289 and RFC 6367.

2014-12-04 19:25:02 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some constants from RFC 4492.

Also adds some related low-level support for ECC key exchanges.

2014-12-04 19:25:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Removed some dead code.

2014-12-04 19:24:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Added support for Camellia/GCM cipher suites.

2014-12-04 19:24:53 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more AES-GCM cipher suites.

2014-12-04 19:24:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for AEAD ciphers.

Implements the TLS 1.2 protocol-level support for AEAD cipher suites.

No AEAD cipher suites have been added yet.

2014-12-04 19:24:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some AES-GCM cipher suites.

2014-12-04 19:24:50 by Martin Nilsson <nilsson@opera.com>

Change CAMELLIA to Camellia to be consistent with other non-acronym ciphers.

2014-12-04 19:24:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Added get_suites().

Generate the cipher suite selection from CIPHER_SUITES, so
that it always is up to date, and has the correct order.

This gets rid of the hard-coded tables preferred_rsa_suites and
preferred_dhe_dss_suites.

2014-12-04 19:24:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Reduce the estimated strength of DES40.

2014-12-04 19:24:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed TLS_dhe_rsa_with_aes_256_cbc_sha256.

2014-12-04 19:24:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added KE_fortezza for completeness.

2014-12-04 19:24:48 by Martin Nilsson <nilsson@opera.com>

Disable DES40 for now. It doesn't work...

2014-12-04 19:24:47 by Arne Goedeke <el@laramies.com>

Crypto: compatibility with old nettle versions

nettle before 2.1 did not have sha224

2014-12-04 19:24:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Cipher: Implement the RC2 CBC 40 cipher suite.

Also renames CIPHER_rc2 to CIPHER_rc2_40 for consistency.

2014-12-04 19:24:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Added a few more DES-40 cipher suites.

2014-12-04 19:24:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some SHA256 cipher suites.

Also reduces priority of the rsa_with_idea_cbc_sha suite,
and adds some comments about when suites went obsolete.

2014-12-04 19:24:46 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Support HMAC using SHA256.

Also adds a few cipher suites using this HMAC.

2014-12-04 19:24:46 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Enable support for TLS 1.2.

This mainly adds some minimal support for TLS 1.2 signatures,
with which all the requirements for TLS are fulfilled.

Seems to interoperate with gnutls:
- Description: (TLS1.2-PKIX)-(DHE-RSA-1024)-(CAMELLIA-256-CBC)-(SHA1)
- Session ID: 52:93:96:96:50:69:6B:65:53:53:4C:33:00:00:00:1F
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1020 bits
- Peer's public key: 1024 bits
- Version: TLS1.2
- Key Exchange: DHE-RSA
- Server Signature: RSA-SHA1
- Cipher: CAMELLIA-256-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

2014-12-04 19:24:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Added KeyExchangeNULL.

The SSL_null_with_null_null cipher suite now works (when enabled).

Removes KeyExchangeGeneric, since it is no longer in use.

2014-12-04 19:24:39 by Arne Goedeke <el@laramies.com>

Crypto: compatibility with older nettle versions

SALSA20, CAMELLIA, SHA384 and SHA512 are not available in older nettle versions

2014-12-04 19:24:36 by Martin Nilsson <nilsson@opera.com>

Made client_random more random. Added a padding extension to survive f5 terminators with old firmware.

2014-12-04 19:24:25 by Martin Nilsson <nilsson@opera.com>

Removed the WEAK_CRYPTO_40BIT ifdefs. (take 2)

2014-12-04 19:24:17 by Martin Nilsson <nilsson@opera.com>

Compilation fix

2014-12-04 19:24:16 by Martin Nilsson <nilsson@opera.com>

SHA256 not supported yet.

2014-12-04 19:24:16 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for some CAMELLIA cipher suites.

2014-12-04 19:24:16 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: The debug code now knows about SSL 2.0.

SSL 2.0 constants may show up in HANDSHAKE_hello_v2 messages,
so make sure the debug code can display them properly.

2014-12-04 19:24:15 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added HashAlgorithm enum.

2014-12-04 19:24:15 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Adjusted the estimated effective keylengths.

The effective keylengths for DES and DES3 are much less
than the respective full keylengths.

Also renamed CIPHER_algorithms to CIPHER_effective_keylengths
to better indicate what it is.

2014-12-04 19:24:15 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more notes about required cipher suites.

2014-12-04 19:24:15 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Define and enable the DHE_RSA cipher suites.

NB: This will probably break the testsuite, since the DHE_RSA
key exchange isn't supported in the SSL client yet.

2014-12-04 19:24:14 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Updated with constants from RFC 5932, 6209, 6367 and 6655.

These RFCs define cipher suites for ARIA, CAMELLIA and AES-CCM.

Also adds notes about relevant RFCs.

2014-12-04 19:24:13 by Martin Nilsson <nilsson@opera.com>

Updated list of TLS extensions from IANA.

2014-12-04 19:24:12 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Revert "Removed traces of the crypto export restrictions."

This reverts commit c759daa7539cf03bd9e69cc994b2544dfc02f8a1.

SSL got broken with at least Firefox and Chrome.

2014-12-04 19:24:04 by Martin Nilsson <nilsson@opera.com>

Added possibly functional ALPN extension support.

2014-12-04 19:23:55 by Martin Nilsson <nilsson@opera.com>

Removed traces of the crypto export restrictions.

2014-12-03

2014-12-03 18:47:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Reordered some constants for clarity.

Also removes some redundant stuff from the testsuite.

2014-12-02

2014-12-02 17:40:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some constants from the TLS 1.3 draft.

2014-11-29

2014-11-29 16:30:06 by Stephen R. van den Berg <srb@cuci.nl>

SSL.ClientConnection: Added missing constant.

2014-11-27

2014-11-27 14:56:16 by Martin Nilsson <nilsson@opera.com>

Update comments.

2014-11-24

2014-11-24 10:23:59 by Stephen R. van den Berg <srb@cuci.nl>

SSL.ClientConnection: Added missing constant.

2014-11-20

2014-11-20 15:19:25 by Martin Nilsson <nilsson@opera.com>

Added the aliases from RFC 5469.

2014-10-23

2014-10-23 07:45:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Minor documentation change.

2014-10-23 07:45:08 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Minor documentation change.

2014-10-22

2014-10-22 12:41:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Fix "Invalid description".

Some alerts were missing from ALERT_description.

2014-10-22 09:17:12 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Make the PROTOCOL_* constants forward compatible.

As these values have a tendency to get stuck in configuration files
and the like, make sure that they are forward-compatible with Pike 8.0.

2014-10-22 09:07:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Support setting the minimum required version.

The SSL 3.0 protocol can now be disabled by setting min_version in
the context to SSL.Constants.PROTOCOL_TLS_1_0.

Backported API from Pike 8.0. Note that the constants differ
from Pike 8.0 and later, so use the provided symbolic values.

2014-10-15

2014-10-15 12:08:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added server-side support for TLS_fallback_scsv.

This implements some protection against TLS 1.0 ==> SSL 3.0
downgrade attacks. cf "This POODLE Bites: Exploiting The
SSL 3.0 Fallback": https://www.openssl.org/~bodo/ssl-poodle.pdf

2014-10-13

2014-10-13 17:02:42 by Martin Nilsson <nilsson@opera.com>

Some trivial TLS 1.3 changes.

2014-10-13 16:36:21 by Martin Nilsson <nilsson@opera.com>

TLS 1.3 renames NamedCurve into NamedGroup

2014-10-07

2014-10-07 15:34:57 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Moved implementation notes to separate file.

Also adds some notes about the workings of SSL.File.

2014-10-07 15:32:34 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Moved implementation notes to separate file.

Also adds some notes about the workings of SSL.File.

2014-09-30

2014-09-30 16:20:55 by Martin Nilsson <nilsson@opera.com>

this_program:: -> this::

2014-09-26

2014-09-26 13:52:27 by Martin Nilsson <nilsson@opera.com>

NPN is removed. ALPN is added.

2014-09-22

2014-09-22 15:13:04 by Martin Nilsson <nilsson@opera.com>

The TLS padding extension is implemented. The actual extension ID is still undecided, but doesn't matter.

2014-09-21

2014-09-21 12:20:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Converted list of RFCs into a checklist.

This is to make it easier to keep track of what has been
implemented or not.

FIXME: Should we move this to a separate file
(eg implementation-notes.txt)?

2014-09-17

2014-09-17 08:29:22 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Encrypt-then-MAC is now RFC 7366.

Updated reference. Also adds a note about the "Prohibit RC4" draft.

2014-09-04

2014-09-04 15:57:43 by Arne Goedeke <el@laramies.com>

Merge remote-tracking branch 'origin/8.0' into string_alloc

Conflicts:
src/stralloc.c

2014-09-04 14:31:05 by Martin Nilsson <nilsson@opera.com>

Check that key in CertificatePair is set.

2014-08-16

2014-08-16 09:29:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more constants.

2014-08-16 09:28:18 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: ALPN is now RFC 7301.

2014-08-14

2014-08-14 14:51:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Updated to the new Crypto.Sign API.

2014-07-15

2014-07-15 21:33:06 by Martin Nilsson <nilsson@opera.com>

Whitespace fix.

2014-07-15 15:53:23 by Martin Nilsson <nilsson@opera.com>

OO harder. Let CertificatePair sort themselves according to perceived certificate strength.

2014-07-15 14:56:19 by Martin Nilsson <nilsson@opera.com>

Moved and trimmed code to generate CipherPair glob array to separate function.

2014-07-12

2014-07-12 09:36:04 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Updated the list of RFCs and drafts.

ALPN is now RFC 7301.

2014-07-06

2014-07-06 11:40:36 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Implemented support for the fallback SCSV.

This adds support for the protocol extension SCSV specified in
draft-ietf-tls-downgrade-scsv as of 2014-07-04.

This protects clients renegotiating failed connections with lower
protocol versions from MITM downgrade attacks, by informing the
server that the client actually supports a higher protocol version
than the one it is currently using.

2014-07-01

2014-07-01 18:04:05 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some constants from RFC 7250.

2014-06-30

2014-06-30 16:51:46 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added cipher suites from RFC 7251.

This adds ECDHE/ECDSA variants of the AES-CCM suites from RFC 6655.

NB: Note that there still doesn't seem to be any corresponding
suites with ECDHE/RSA.

2014-06-27

2014-06-27 16:36:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added EXTENSION_encrypt_then_mac.

This value was recently allocated to draft-ietf-tls-encrypt-then-mac.

2014-06-01

2014-06-01 20:53:20 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for the subjectAltName extension.

2014-06-01 11:49:27 by Martin Nilsson <nilsson@opera.com>

sslfile -> File and sslport -> port

2014-05-31

2014-05-31 14:57:12 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Don't attempt ECDH suites if we don't have ECC.

Thanks to Chris Angelico <rosuav@gmail.com> for the report.

Fixes [LysLysKOM 20839290]/[Pike mailinglist 13992].

2014-05-24

2014-05-24 09:50:29 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants.ConnectionState: Added some composite values.

Adds some constants for common composite values, and updates
SSL.Connection to use them.

2014-05-23

2014-05-23 19:14:54 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Unified several state variables into one.

SSL.Connection()->{closing,dying,handshake_finished} are now unified
into SSL.Connection()->state with named states.

It also keeps track of some of the stuff in SSL.sslfile()->close_state and
SSL.sslfile()->close_packet_send_state, which are likely to be removed soon.

2014-05-16

2014-05-16 18:10:39 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for the ChaCha20-Poly1305 suites.

2014-05-04

2014-05-04 20:38:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Unified the handshake states.

Now that there is separate code for the server and client
handshake state-machines, there's no reason for them to
have different STATE_* codes.

Also splits and moves finished_packet() to {Client,Server}Connection.

2014-04-30

2014-04-30 21:25:27 by Martin Nilsson <nilsson@opera.com>

Move STATE_* constants to Constants to reuse debug code.

2014-04-26

2014-04-26 12:20:24 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle: Moved GCM to a Cipher submodule.

The various tastes of GCM now follow the AEAD API properly.

Crypto.GCM is no more, instead there are Crypto.AES.GCM,
Crypto.Camellia.GCM etc.

Also updates the SSL code accordingly.

2014-04-17

2014-04-17 15:00:35 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: More KE_rsa_fips suites.

According to comments in <nss/sslproto.h> these two suites were
old aliases for the other two KE_rsa_fips suites.

Also adjusts the names to match NSS's names for the two constants.

2014-04-17 14:37:17 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support KE_rsa_fips.

This seems to have been a key exchange method used to test the TLS 1.0 PRF
during SSL 3.0.

SSL_rsa_fips_with_3des_ede_cbc_sha interoperates with Firefox 24.4.0.

2014-04-14

2014-04-14 18:52:11 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.connection: Heartbeats now actually work.

Fixed multiple typos that caused the heartbeat code to fail.

2014-04-14 17:41:02 by Martin Nilsson <nilsson@opera.com>

Replace almost unused KE_TO_SA with KE_Anonymous. Removed the SSL module internal SIGNATURE constants.

2014-04-11

2014-04-11 14:11:58 by Martin Nilsson <nilsson@opera.com>

Updated comment.

2014-04-10

2014-04-10 21:33:27 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Changed argument order for fmt_constant().

The new order allows fmt_constant() to be used directly in eg map().

Also gets rid of fmt_curve().

2014-04-10 19:29:41 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing MD5 suites.

Note: These suites are in the range earlier reserved for private use.

2014-04-10 18:44:02 by Martin Nilsson <nilsson@opera.com>

Improved debug

2014-04-05

2014-04-05 14:44:53 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.handshake: Use find_cert() on the client too.

find_cert() in the context object is now used to select suitable
client certificates in addition to server certificates.

2014-04-05 13:51:00 by Martin Nilsson <nilsson@opera.com>

Remove last traces of SSL2 support.

2014-04-05 11:18:36 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added fmt_version().

Added convenience function for formatting an SSL/TLS version number.

2014-04-05 11:07:34 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Protocol version handling cleanup.

The protocol version is now represented the same way everywhere;
a 16-bit integer with the major (ie 3) in the high 8 bits, and
the minor in the low 8 bits.

Previously there was a mix between having a two element array,
and just keeping track of the minor.

Also strengthens the types of version variables in a few places.

2014-04-04

2014-04-04 19:17:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Moved configuration of version restrictions to the context.

The minimum and maximum accepted SSL/TLS versions are now
configured by setting the corresponding variables in the
context object.

This is in line with how other SSL parameters are configured.

2014-03-30

2014-03-30 18:31:35 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support the heartbeat extension (RFC 6520).

Heartbeats are enabled if possible, and heartbeat responses are
sent automatically.

NB: No code for automatically sending heartbeat requests exists yet.

2014-03-21

2014-03-21 22:07:23 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added TLS_dhe_dss_with_rc4_128_sha.

This suite was part of draft-ietf-tls-56-bit-ciphersuites-01.txt
and caused the testsuite to fail by not being implemented. It
also seems to be in use by gnutls 3.2.12.

2014-03-21 21:47:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more RFC notes.

2014-03-21 21:45:49 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more cipher suite constants.

These suites from draft-ietf-tls-56-bit-ciphersuites-01.txt
are apparently in use by some versions of MSIE.

2014-03-20

2014-03-20 18:33:58 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for the max_fragment_length extension.

2014-03-19

2014-03-19 17:54:18 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added KE_* constants for PSK and SRP.

2014-03-18

2014-03-18 21:46:41 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added the CCM cipher suites from RFC 6655.

2014-03-18 21:42:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Renumber the CipherModes.

Attempt to have a the cipher modes in approximate order of strength,
so that cipher_suite_sort_key() doesn't need to get more complicated.

2014-03-18 16:16:49 by Martin Nilsson <nilsson@opera.com>

Added SIGNATURE_any (which possibly is a misleading name) to give you all non-anonymous signatures. Improved default to not be limited to RSA.

2014-03-18 14:23:23 by Martin Nilsson <nilsson@opera.com>

Improved debug output.

2014-03-16

2014-03-16 21:53:53 by Martin Nilsson <nilsson@opera.com>

New temp assignment for padding extension. Added some RFC references.

2014-03-16 18:03:39 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing CCM constants from RFC 6655.

2014-03-15

2014-03-15 10:25:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some missing cipher suites.

All cipher suites that are possible to implement without adding
more code to SSL.Cipher et al, should now be present in the
CIPHER_SUITES table.

2014-03-15 10:21:06 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed some typos in CIPHER_SUITES.

Most of the typos were using Diffie-Hellman Ephemeral keyexchange
where it should be plain Diffie-Hellman.

2014-03-14

2014-03-14 22:00:42 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Applied errata to RFC 6367.

The constant TLS_psk_with_camellia_128_gcm_sha256 had a typo in the RFC,
which made it conflict with TLS_ecdh_rsa_with_camellia_256_gcm_sha384.

2014-03-14 18:47:19 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added filtering of DH_DSS/DH_RSA on cert type.

Refactors the certificate selection by using bitmasks on
the key exchange algorithm. This should provide a minor
speedup of the certificate selection code.

Also unifies handling of DH_DSS/DH_RSA and ECDH_ECDSA/ECDH_RSA
when TLS 1.2 or later is in use.

2014-03-13

2014-03-13 18:37:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for some DH cipher suites.

This adds support for the DH_DSS and DH_RSA key exchange
methods, and adds the corresponding cipher suites.

Note that the only difference between the two is whether the
server certificate is signed with DSS or RSA.

2014-03-12

2014-03-12 18:09:56 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for some ECDH cipher suites.

This adds support for the ECDH_ECDSA and ECDH_RSA key exchange
methods, and adds the corresponding cipher suites.

Note that the only difference between the two is whether the
server certificate is signed with ECDSA or RSA.

2014-03-10

2014-03-10 20:13:43 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants.CertificatePair: Fixed typo in debug.

2014-03-10 17:53:40 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants.CertificatePair: Added _sprintf().

2014-03-08

2014-03-08 14:46:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added CertificatePair.

Objects of this type will be used to keep track of certificates and
their corresponding keys.

2014-03-08 14:28:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more lookup tables.

2014-03-08 14:26:41 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added fmt_cipher_suite().

2014-02-19

2014-02-19 17:45:11 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added fmt_constant().

Added convenience function for formatting the various SSL constants.

2014-02-12

2014-02-12 15:51:35 by Martin Nilsson <nilsson@opera.com>

Allow the server to have more than one cipher suite, so that suite selection can be tested (although not tested yet). Added explicitly destructs of client and server, which appears to be needed.

2014-01-14

2014-01-14 13:15:56 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added quite a few ECDSA suites.

2014-01-08

2014-01-08 10:54:13 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed typo in extension symbol name.

The constant EXTENSION_user_mapping had an extraneous 'S' in the name.

Also some related cosmetic fixes.

2014-01-07

2014-01-07 14:57:21 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some curves from RFC 7027.

2014-01-05

2014-01-05 15:14:13 by Marcus Comstedt <marcus@mc.pp.se>

Merge branch '8.0' into gobject-introspection

2014-01-05 14:55:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Survive without Crypto.Arctwo and Crypto.IDEA.

Arctwo isn't available in old releases of Nettle,
and IDEA may be disabled in some versions of Nettle.

2014-01-03

2014-01-03 17:55:22 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: First go at supporting deflate compression.

This implements RFC 3749.

2014-01-02

2014-01-02 14:32:25 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for some anonymous cipher suites.

Implements support for the ecdh_anon key exchange, and
adds cipher suites using dh_anon and ecdh_anon.

2014-01-01

2014-01-01 15:39:34 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Fix priorities for anonymous cipher suites.

Anonymous key exchange suffers from man in the middle attackability,
so make sure that they are only chosen when there are no supported
authenticated suites.

2014-01-01 11:56:14 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Enabled suites using ECDHE_RSA key exchange.

This adds support for some of the suites from RFC 4492,
RFC 5289 and RFC 6367.

2013-12-29

2013-12-29 12:31:13 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some constants from RFC 4492.

Also adds some related low-level support for ECC key exchanges.

2013-12-21

2013-12-21 14:49:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Removed some dead code.

2013-12-09

2013-12-09 21:37:04 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Added support for Camellia/GCM cipher suites.

2013-12-04

2013-12-04 22:31:27 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some more AES-GCM cipher suites.

2013-12-04 21:53:32 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for AEAD ciphers.

Implements the TLS 1.2 protocol-level support for AEAD cipher suites.

No AEAD cipher suites have been added yet.

2013-12-04 21:53:32 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some AES-GCM cipher suites.

2013-12-02

2013-12-02 01:28:10 by Martin Nilsson <nilsson@opera.com>

Change CAMELLIA to Camellia to be consistent with other non-acronym ciphers.

2013-11-30

2013-11-30 12:33:20 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.context: Added get_suites().

Generate the cipher suite selection from CIPHER_SUITES, so
that it always is up to date, and has the correct order.

This gets rid of the hard-coded tables preferred_rsa_suites and
preferred_dhe_dss_suites.

2013-11-30 12:20:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Reduce the estimated strength of DES40.

2013-11-30 12:19:35 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Fixed TLS_dhe_rsa_with_aes_256_cbc_sha256.

2013-11-29

2013-11-29 20:12:13 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added KE_fortezza for completeness.

2013-11-29 17:47:12 by Martin Nilsson <nilsson@opera.com>

Disable DES40 for now. It doesn't work...

2013-11-28

2013-11-28 16:06:25 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Added a few more DES-40 cipher suites.

2013-11-28 16:02:15 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Cipher: Implement the RC2 CBC 40 cipher suite.

Also renames CIPHER_rc2 to CIPHER_rc2_40 for consistency.

2013-11-27

2013-11-27 09:01:04 by Arne Goedeke <el@laramies.com>

Crypto: compatibility with old nettle versions

nettle before 2.1 did not have sha224

2013-11-26

2013-11-26 21:35:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: Added some SHA256 cipher suites.

Also reduces priority of the rsa_with_idea_cbc_sha suite,
and adds some comments about when suites went obsolete.

2013-11-26 21:13:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Support HMAC using SHA256.

Also adds a few cipher suites using this HMAC.

2013-11-25

2013-11-25 18:29:53 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Enable support for TLS 1.2.

This mainly adds some minimal support for TLS 1.2 signatures,
with which all the requirements for TLS are fulfilled.

Seems to interoperate with gnutls:
- Description: (TLS1.2-PKIX)-(DHE-RSA-1024)-(CAMELLIA-256-CBC)-(SHA1)
- Session ID: 52:93:96:96:50:69:6B:65:53:53:4C:33:00:00:00:1F
- Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1020 bits
- Peer's public key: 1024 bits
- Version: TLS1.2
- Key Exchange: DHE-RSA
- Server Signature: RSA-SHA1
- Cipher: CAMELLIA-256-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

2013-11-24

2013-11-24 12:07:57 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher: Added KeyExchangeNULL.

The SSL_null_with_null_null cipher suite now works (when enabled).

Removes KeyExchangeGeneric, since it is no longer in use.

2013-11-18

2013-11-18 14:01:48 by Arne Goedeke <el@laramies.com>

Crypto: compatibility with older nettle versions

SALSA20, CAMELLIA, SHA384 and SHA512 are not available in older nettle versions

2013-11-14

2013-11-14 00:25:05 by Martin Nilsson <nilsson@opera.com>

Made client_random more random. Added a padding extension to survive f5 terminators with old firmware.

2013-11-02

2013-11-02 15:57:45 by Martin Nilsson <nilsson@opera.com>

Removed the WEAK_CRYPTO_40BIT ifdefs. (take 2)

2013-10-27

2013-10-27 22:51:19 by Martin Nilsson <nilsson@opera.com>

Compilation fix

2013-10-27 19:19:14 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: The debug code now knows about SSL 2.0.

SSL 2.0 constants may show up in HANDSHAKE_hello_v2 messages,
so make sure the debug code can display them properly.

2013-10-26

2013-10-26 11:09:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Add support for some CAMELLIA cipher suites.

2013-10-26 02:32:28 by Martin Nilsson <nilsson@opera.com>

SHA256 not supported yet.

2013-10-25

2013-10-25 21:26:20 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Define and enable the DHE_RSA cipher suites.

NB: This will probably break the testsuite, since the DHE_RSA
key exchange isn't supported in the SSL client yet.

2013-10-24

2013-10-24 18:53:24 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more notes about required cipher suites.

2013-10-24 18:46:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added HashAlgorithm enum.

2013-10-24 18:39:36 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Adjusted the estimated effective keylengths.

The effective keylengths for DES and DES3 are much less
than the respective full keylengths.

Also renamed CIPHER_algorithms to CIPHER_effective_keylengths
to better indicate what it is.

2013-10-23

2013-10-23 16:00:30 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Updated with constants from RFC 5932, 6209, 6367 and 6655.

These RFCs define cipher suites for ARIA, CAMELLIA and AES-CCM.

Also adds notes about relevant RFCs.

2013-10-21

2013-10-21 14:14:42 by Martin Nilsson <nilsson@opera.com>

Updated list of TLS extensions from IANA.

2013-10-12

2013-10-12 09:35:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Revert "Removed traces of the crypto export restrictions."

This reverts commit c759daa7539cf03bd9e69cc994b2544dfc02f8a1.

SSL got broken with at least Firefox and Chrome.

2013-09-02

2013-09-02 15:44:13 by Martin Nilsson <nilsson@opera.com>

Added possibly functional ALPN extension support.

2013-08-01

2013-08-01 12:24:03 by Martin Nilsson <nilsson@opera.com>

Removed traces of the crypto export restrictions.

2012-10-06

2012-10-06 11:38:03 by Marcus Comstedt <marcus@mc.pp.se>

Merge branch '7.9' into gobject-introspection

2012-06-15

2012-06-15 09:54:06 by Arne Goedeke <el@laramies.com>

Merge remote branch 'origin/7.9' into rblock_alloc

Conflicts:
src/post_modules/CritBit/floattree.cmod
src/post_modules/CritBit/inttree.cmod
src/post_modules/CritBit/stringtree.cmod

2012-04-07

2012-04-07 00:28:51 by Arne Goedeke <el@laramies.com>

SSL: added next protocol negotiation extension

2012-04-01

2012-04-01 16:15:04 by Arne Goedeke <el@laramies.com>

Merge remote branch 'origin/7.9' into breaking_into_pieces

2011-12-28

2011-12-28 12:40:54 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added context()->filter_weak_suites().

Both context()->{rsa,dhe_dss}_mode() now take an optional argument and call filter_weak_suites().
Also moved the default sets of preferred cipher suites to Constants.preferred_*_suites.
SSL.Constants.CIPHER_algorithms is now a mapping (was a multiset).

2011-12-15

2011-12-15 15:40:22 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added support for specifying the minimum and maximum versions of SSL.

2011-12-15 15:32:04 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Constants: ALERT_descriptions is now a mapping, and now contains all known alerts.

2011-12-15 13:42:02 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added symbolic constants for the SSL versions.

2011-11-05

2011-11-05 15:02:44 by Martin Nilsson <nilsson@opera.com>

Removed $Id$.

2011-04-25

2011-04-25 16:12:40 by Martin Stjernholm <mast@lysator.liu.se>

No more foreign_idents.

2011-01-20

2011-01-20 10:12:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more constants.

2011-01-10

2011-01-10 17:42:22 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more constants.

2011-01-09

2011-01-09 15:20:25 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some more Autodoc mk II markup.

2010-12-26

2010-12-26 10:54:29 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some notes about SSL3-related RFCs.

2010-12-22

2010-12-22 21:46:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: TLS 1.1 (aka SSL 3.2) is now supported!

2010-12-22 21:35:59 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Parameterized the SSL protocol version.

2010-12-21

2010-12-21 15:10:22 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL3: Support AES.

2010-12-21 15:09:15 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL3: Support AES.

2010-12-21 14:57:56 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL3: Support AES.

2009-11-16

2009-11-16 14:13:20 by Martin Stjernholm <mast@lysator.liu.se>

Disabled renegotiation, to address the ssl/tls renegotiate MITM attack.

See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555.

Secure renegotiation according to the tls extension remains to be
implemented (the spec is still a draft at the time of this writing). Note
that renegotiation often didn't work anyway due to a bug, so this change
might not be much of a compatibility issue anyway.

Rev: lib/modules/SSL.pmod/Constants.pmod:1.5
Rev: lib/modules/SSL.pmod/connection.pike:1.44

2009-11-16 14:13:20 by Martin Stjernholm <mast@lysator.liu.se>

Disabled renegotiation, to address the ssl/tls renegotiate MITM attack.

See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555.

Secure renegotiation according to the tls extension remains to be
implemented (the spec is still a draft at the time of this writing). Note
that renegotiation often didn't work anyway due to a bug, so this change
might not be much of a compatibility issue anyway.

Rev: lib/modules/SSL.pmod/Constants.pmod:1.3
Rev: lib/modules/SSL.pmod/connection.pike:1.38

2009-09-07

2009-09-07 18:31:29 by Martin Nilsson <mani@lysator.liu.se>

More constants from IANA.

Rev: lib/modules/SSL.pmod/Constants.pmod:1.4

2008-06-28

2008-06-28 16:53:13 by Martin Nilsson <mani@lysator.liu.se>

Fixed trailing newlines.

Rev: lib/0.6/modules/Array.pmod:1.3
Rev: lib/0.6/modules/Regexp.pike:1.3
Rev: lib/7.0/modules/Stack.pmod:1.2
Rev: lib/7.0/modules/Stdio.pmod/module.pmod:1.2
Rev: lib/7.2/modules/Gmp.pmod:1.2
Rev: lib/7.2/modules/LR.pmod/rule.pike:1.3
Rev: lib/7.4/modules/SSL.pmod/constants.pike:1.2
Rev: lib/7.4/modules/_Crypto.pmod:1.2
Rev: lib/7.6/modules/Debug.pmod/module.pmod:1.2
Rev: lib/modules/Audio.pmod/Codec.pmod:1.12
Rev: lib/modules/Audio.pmod/Format.pmod/MP3.pike:1.5
Rev: lib/modules/Cache.pmod/Policy.pmod/Base.pike:1.7
Rev: lib/modules/Cache.pmod/Storage.pmod/Memory.pike:1.7
Rev: lib/modules/Calendar.pmod/Calendar.pike:1.8
Rev: lib/modules/Calendar.pmod/Events.pmod:1.19
Rev: lib/modules/Calendar.pmod/Language.pmod:1.26
Rev: lib/modules/Calendar.pmod/TZnames.pmod:1.17
Rev: lib/modules/Calendar.pmod/YMD.pike:1.34
Rev: lib/modules/Calendar.pmod/module.pmod:1.17
Rev: lib/modules/Calendar_I.pmod/ISO.pmod:1.13
Rev: lib/modules/Crypto.pmod/DSA.pike:1.9
Rev: lib/modules/Crypto.pmod/HMAC.pike:1.6
Rev: lib/modules/Crypto.pmod/PGP.pmod:1.15
Rev: lib/modules/Crypto.pmod/Pipe.pike:1.10
Rev: lib/modules/Crypto.pmod/RSA.pike:1.12
Rev: lib/modules/Crypto.pmod/Random.pmod:1.20
Rev: lib/modules/Filesystem.pmod/Tar.pmod:1.31
Rev: lib/modules/GLU.pmod:1.17
Rev: lib/modules/GLUE.pmod/Driver.pmod/GTK.pike:1.7
Rev: lib/modules/GLUE.pmod/Driver.pmod/Interface.pike:1.4
Rev: lib/modules/GLUE.pmod/Driver.pmod/SDL.pike:1.7
Rev: lib/modules/GLUE.pmod/module.pmod:1.16
Rev: lib/modules/GTKSupport.pmod/Util.pmod:1.12
Rev: lib/modules/Graphics.pmod/Graph.pmod/create_bars.pike:1.13
Rev: lib/modules/Graphics.pmod/Graph.pmod/module.pmod:1.10
Rev: lib/modules/Locale.pmod/Charset.pmod/Tables.pmod/iso88591.pmod:1.4
Rev: lib/modules/Multiset.pmod:1.3
Rev: lib/modules/Parser.pmod/XML.pmod/Validating.pike:1.15
Rev: lib/modules/Pike.pmod/module.pmod:1.20
Rev: lib/modules/Process.pmod:1.55
Rev: lib/modules/Program.pmod:1.6
Rev: lib/modules/Protocols.pmod/Bittorrent.pmod/Peer.pike:1.22
Rev: lib/modules/Protocols.pmod/Bittorrent.pmod/Port.pike:1.8
Rev: lib/modules/Protocols.pmod/Bittorrent.pmod/Torrent.pike:1.37
Rev: lib/modules/Protocols.pmod/Bittorrent.pmod/module.pmod:1.5
Rev: lib/modules/Protocols.pmod/DNS_SD.pmod:1.3
Rev: lib/modules/Protocols.pmod/HTTP.pmod/Server.pmod/Chained.pike:1.3
Rev: lib/modules/Protocols.pmod/HTTP.pmod/Server.pmod/SSLPort.pike:1.15
Rev: lib/modules/Protocols.pmod/HTTP.pmod/Server.pmod/module.pmod:1.14
Rev: lib/modules/Protocols.pmod/IMAP.pmod/requests.pmod:1.93
Rev: lib/modules/Protocols.pmod/IMAP.pmod/types.pmod:1.31
Rev: lib/modules/Protocols.pmod/IRC.pmod/Requests.pmod:1.7
Rev: lib/modules/Protocols.pmod/IRC.pmod/module.pmod:1.5
Rev: lib/modules/Protocols.pmod/LDAP.pmod/client.pike:1.114
Rev: lib/modules/Protocols.pmod/LDAP.pmod/ldap_privates.pmod:1.16
Rev: lib/modules/Protocols.pmod/LDAP.pmod/protocol.pike:1.22
Rev: lib/modules/Protocols.pmod/LPD.pmod:1.11
Rev: lib/modules/Protocols.pmod/LysKOM.pmod/Request.pmod:1.12
Rev: lib/modules/Protocols.pmod/SNMP.pmod/module.pmod:1.4
Rev: lib/modules/Protocols.pmod/TELNET.pmod:1.29
Rev: lib/modules/Protocols.pmod/X.pmod/KeySyms.pmod:1.4
Rev: lib/modules/Protocols.pmod/X.pmod/XImage.pmod:1.23
Rev: lib/modules/Protocols.pmod/X.pmod/_Xlib.pmod:1.19
Rev: lib/modules/SSL.pmod/Cipher.pmod:1.17
Rev: lib/modules/SSL.pmod/Constants.pmod:1.3
Rev: lib/modules/SSL.pmod/alert.pike:1.12
Rev: lib/modules/SSL.pmod/connection.pike:1.43
Rev: lib/modules/SSL.pmod/context.pike:1.38
Rev: lib/modules/SSL.pmod/packet.pike:1.17
Rev: lib/modules/SSL.pmod/session.pike:1.38
Rev: lib/modules/SSL.pmod/sslfile.pike:1.111
Rev: lib/modules/Sql.pmod/mysql.pike:1.42
Rev: lib/modules/Sql.pmod/mysql_result.pike:1.7
Rev: lib/modules/Sql.pmod/postgres.pike:1.29
Rev: lib/modules/Sql.pmod/sql_util.pmod:1.22
Rev: lib/modules/Standards.pmod/ASN1.pmod/Decode.pmod:1.25
Rev: lib/modules/Standards.pmod/ASN1.pmod/Types.pmod:1.46
Rev: lib/modules/Standards.pmod/CIFF.pmod/File.pike:1.4
Rev: lib/modules/Standards.pmod/FIPS10_4.pmod:1.5
Rev: lib/modules/Standards.pmod/IIM.pmod:1.9
Rev: lib/modules/Standards.pmod/URI.pike:1.29
Rev: lib/modules/Standards.pmod/UUID.pmod:1.18
Rev: lib/modules/Standards.pmod/XML.pmod/Wix.pmod:1.28
Rev: lib/modules/Thread.pmod:1.46
Rev: lib/modules/Tools.pmod/Shoot.pmod/GC.pike:1.3
Rev: lib/modules/Tools.pmod/Standalone.pmod/pmar_install.pike:1.9
Rev: lib/modules/Web.pmod/RSS.pmod:1.8
Rev: lib/modules/_Image_XCF.pmod:1.26
Rev: lib/modules/__builtin_dirnode.pmod:1.3

2003-11-08

2003-11-08 17:22:29 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Added enum wrappers and documentation for some of the constants.

Rev: lib/modules/SSL.pmod/Constants.pmod:1.2

2003-01-27

2003-01-27 15:03:00 by Martin Nilsson <mani@lysator.liu.se>

More types.

Rev: lib/modules/SSL.pmod/Cipher.pmod:1.1
Rev: lib/modules/SSL.pmod/Constants.pmod:1.1
Rev: lib/modules/SSL.pmod/alert.pike:1.9
Rev: lib/modules/SSL.pmod/client.pike:1.5
Rev: lib/modules/SSL.pmod/connection.pike:1.26
Rev: lib/modules/SSL.pmod/constants.pike:1.11(DEAD)
Rev: lib/modules/SSL.pmod/constants.pmod:1.1
Rev: lib/modules/SSL.pmod/context.pike:1.18
Rev: lib/modules/SSL.pmod/handshake.pike:1.32
Rev: lib/modules/SSL.pmod/packet.pike:1.14
Rev: lib/modules/SSL.pmod/session.pike:1.23
Rev: lib/modules/SSL.pmod/sslfile.pike:1.53
Rev: lib/modules/SSL.pmod/state.pike:1.17