Branch: Tag:

2019-08-13

2019-08-13 11:34:34 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.clientConnection: Added reference to RFC.

2019-08-04

2019-08-04 16:48:09 by Tobias S. Josefowitz <tobij@tobij.de>

SSL.ClientConnection: Fix session ticket support

The server signals reuse of the session by echoing the session_id we
provide (as well as by a shortened handshake/server hello). Presence of
the session ticket extension informs of the server's intention to send a
new session ticket (or replace an existing one), hence tickets_enabled
does not need to be true (and apparently rarely is) when we resume
sessions based on tickets with other SSL implementations on the server
side.

2019-05-28

2019-05-28 11:38:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Use SignatureScheme instead of array({Hash,Signature}Algorithm).

2019-05-28 09:25:54 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Renumbered HASH_* in preparation for using SignatureScheme.

2019-03-19

2019-03-19 12:33:55 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Merge commit '722771973bd' into patches/lyslyskom22891031

* commit '722771973bd': (6177 commits)
Verify that callablep responses are aligned with reality.
...

2019-03-14

2019-03-14 10:39:03 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Merge commit '2470270f500c728d10b8895314d8d8b07016e37b' into grubba/typechecker-automap

* commit '2470270f500c728d10b8895314d8d8b07016e37b': (18681 commits)
Removed the old typechecker.
...

2018-11-04

2018-11-04 16:11:11 by Arne Goedeke <el@laramies.com>

Merge remote-tracking branch 'origin/master' into new_utf8

2018-11-03

2018-11-03 14:21:37 by Marcus Comstedt <marcus@mc.pp.se>

Merge remote-tracking branch 'origin/8.1' into gobject-introspection

2018-04-17

2018-04-17 13:15:14 by Martin Nilsson <nilsson@fastmail.com>

Show the server selected cipher suite as debug message.

2017-12-31

2017-12-31 23:19:10 by Peter Bortas <bortas@gmail.com>

Merge remote-tracking branch 'origin/8.1' into peter/travis

2017-12-12

2017-12-12 13:41:02 by Martin Nilsson <nilsson@fastmail.com>

Sparse list of version support added.

2017-12-11

2017-12-11 21:55:50 by Martin Nilsson <nilsson@fastmail.com>

Revert debug.

2017-12-11 21:31:18 by Martin Nilsson <nilsson@fastmail.com>

Implemented supported_versions

2017-12-09

2017-12-09 10:12:14 by Martin Nilsson <nilsson@fastmail.com>

Remove 1.3 logic, as the handshake is completely overhauled.

2017-10-07

2017-10-07 20:52:58 by Martin Nilsson <nilsson@fastmail.com>

Print cipher suite in hex.

2016-08-14

2016-08-14 12:39:10 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Documentation [SSL]: Improved AutoDoc mk II markup somewhat.

2016-07-15

2016-07-15 09:03:21 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.clientConnection: Session tickets (RFC 4507 and RFC 5077).

Client side support for session tickets.

Implementation only verified against itself.

2016-04-28

2016-04-28 15:39:27 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Added compatibility note.

2016-04-11

2016-04-11 20:14:34 by Martin Nilsson <nilsson@fastmail.com>

Ignore elliptic_curves extension in ServerHello. It is never supposed to be there, but some servers do send it.

2016-03-04

2016-03-04 13:36:52 by Per Hedbor <ph@opera.com>

Ignore elliptic_curves extension in ServerHello.

It is never supposed to be there, but some servers do send it.

2016-01-15

2016-01-15 17:33:47 by Jonny Rein Eriksen <jonnyr@opera.com>

Make the Pike SSL code work with APNS push server which uses client certificates.

2015-12-16

2015-12-16 14:19:15 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Backported client cert fix from Pike 8.1.

Thanks to Jonny Rein Eriksen <jonnyr@opera.com> for the report.

2015-11-06

2015-11-06 10:22:23 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Encrypt then MAC mode is an RFC now...

2015-09-24

2015-09-24 02:21:11 by Martin Nilsson <nilsson@fastmail.com>

Allow fine grained control over what extensions to use.

2015-09-13

2015-09-13 10:10:12 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Context: Added option to disable renegotiation.

This is a feature required by HTTP/2 (RFC 7540 9.2.1).

2015-09-02

2015-09-02 20:16:22 by Martin Nilsson <nilsson@fastmail.com>

Disable extended master secret extension by default. It isn't standardized yet, and currently doesn't interopt with Chrome.

2015-07-06

2015-07-06 13:52:56 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Support ALPN being accepted.

Fixes [LysLysKOM 21365565].

2015-07-06 13:36:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Support ALPN being accepted.

Fixes [LysLysKOM 21365565].

2015-04-25

2015-04-25 13:23:47 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Updates from RFC 7507.

The TLS Downgrade SCSV draft is now an RFC.

2015-04-15

2015-04-15 12:00:20 by Martin Nilsson <nilsson@opera.com>

handshake_messages now use Buffer, and gets a small bit of abstraction also.

2015-04-11

2015-04-11 14:41:15 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Added some comments and fixed some debug typos.

Also adds some FIXME's.

2015-04-06

2015-04-06 09:52:19 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection [TLS 1.3]: Increased strictness.

2015-03-31

2015-03-31 06:31:34 by Martin Nilsson <nilsson@opera.com>

Serialize packets directly into the output buffer.

2015-03-30

2015-03-30 23:14:02 by Martin Nilsson <nilsson@opera.com>

Check for extra packet data after calling handle_handshake. This will break the code is we are currently incorrectly ignoring any packet data.

2015-03-30 21:30:19 by Martin Nilsson <nilsson@opera.com>

Use Buffer objects instead of strings for handle_handshake API.

2015-03-30 20:27:37 by Martin Nilsson <nilsson@opera.com>

Made internal methods protected.

2015-03-30 00:36:20 by Martin Nilsson <nilsson@opera.com>

Use the COND_FATAL macro.

2015-03-29

2015-03-29 12:05:56 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Increased strictness of handshake parser.

2015-03-28

2015-03-28 12:20:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Renegotiate with the same SNI as before.

2015-03-28 12:19:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Avoid reusing sessions with different SNI.

2015-03-28 12:17:42 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Avoid reusing sessions with different SNI.

2015-03-28 11:59:35 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Renegotiate with the same SNI as before.

2015-03-07

2015-03-07 13:42:51 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Context: Added support for private FFDHE-groups.

2015-02-26

2015-02-26 14:51:52 by Martin Nilsson <nilsson@opera.com>

Properly handle curve points formatted with the wrong encoding (as in first sending an fatal alert before closing).

2015-02-25

2015-02-25 01:10:59 by Martin Nilsson <nilsson@opera.com>

Rename id to session_id.

2015-02-25 00:53:49 by Martin Nilsson <nilsson@opera.com>

Moved common preprocesor defines to tls.h

2015-02-24

2015-02-24 22:22:20 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Improved handling of version upgrades.

Send an ALERT_protocol_version if the server attempts a higher
protocol version than we asked for (instead of silently down-
grading to the original version).

2015-02-24 22:19:05 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Improved handling of version upgrades.

Send an ALERT_protocol_version if the server attempts a higher
protocol version than we asked for (instead of silently down-
grading to the original version).

2015-02-24 16:49:30 by Martin Nilsson <nilsson@opera.com>

Abstract the fatal alerts a bit.

2015-02-22

2015-02-22 18:37:49 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Implemented EXTENSION_extended_master_secret.

2015-02-18

2015-02-18 16:26:05 by Martin Nilsson <nilsson@opera.com>

Improve the locality in client hello a bit.

2015-02-01

2015-02-01 09:26:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher.KeyExchange: Added init_{client,server}().

Added separate initialization functions for key exchange on
client and server. These will later be used for certificate-
based key exchanges.

2015-01-29

2015-01-29 13:27:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Improve interoperability with stupid servers.

It seems there are many SSL/TLS servers out there that refuse packets
that have a higher version than the TLS version that they support.

There are also TLS servers that refuse packets that have version SSL 3.0.

Note that all of the above servers are in violation of RFC 5246 E.1:

Thus, TLS servers compliant with this specification MUST accept any
value {03,XX} as the record layer version number for ClientHello.

All ClientHello packets are now sent with packet version TLS 1.0 except
ClientHello SSL 3.0 which is sent with packet version SSL 3.0. All other
packets are sent with the negotiated version of SSL/TLS.

This should improve interoperability with the affected servers somewhat.

2015-01-27

2015-01-27 17:45:37 by Martin Nilsson <nilsson@opera.com>

Stop ASN.1 decoding client cert requests. It doesn't matter if it is legal ASN.1 or not, as we match it against DN of certs in the context later in send_certs. Illegal ASN.1 will simply not match anything and be ignored.

2015-01-27 17:34:03 by Martin Nilsson <nilsson@opera.com>

Verify client certificates against supported hash/sign algorithms.

2015-01-27 15:09:15 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher.KeyExchange: Renamed function.

Renames server_key_exchange() to got_server_key_exchange()
to have a more consistent naming scheme.

2015-01-26

2015-01-26 16:49:54 by Martin Nilsson <nilsson@opera.com>

Always check that the certifiate handshake packet is fully consumed. Don't decode certificates more than once.

2015-01-26 16:29:28 by Martin Nilsson <nilsson@opera.com>

Merge common certificate decoding code. No changes in behavior.

2015-01-25

2015-01-25 19:10:54 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Cipher.KeyExchange: Changed API for client_key_exchange_packet().

It now returns the premaster secret, and fills in the
packet data in the provided buffer. This change allows
the corresponding function in SSL.ClientConnection to
use SSL.Connection.derive_master_secret().

2015-01-25 01:33:56 by Martin Nilsson <nilsson@opera.com>

Changed curve() into get_curve() to be consistent with the other methods, and to properly mask the get_curve() in Nettle.ECC_Curve.ECDSA.

2015-01-25 01:31:10 by Martin Nilsson <nilsson@opera.com>

Changed curve() into get_curve() to be consistent with the other methods, and to properly mask the get_curve() in Nettle.ECC_Curve.ECDSA.

2015-01-18

2015-01-18 12:27:35 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Implemented TLS 1.3 draft 4 CertificateVerify.

2015-01-17

2015-01-17 12:26:21 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Fixed multiple TLS 1.3 draft 4 handshaking issues.

The implicit changing of the cipher suite now seems to work.

2015-01-16

2015-01-16 16:17:10 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Handle TLS 1.3 CertificateVerify.

2015-01-15

2015-01-15 16:55:30 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Added got_certificate_request().

This breaks out the code for handling certificate requests from
handle_handshake() to a separate function to reduce code-
duplication when implementing TLS 1.3.

2015-01-13

2015-01-13 13:35:41 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Support TLS 1.3 ServerKeyShare.

2015-01-12

2015-01-12 15:02:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Support TLS 1.3 HelloRetryRequest.

2015-01-10

2015-01-10 11:55:26 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Support multiple concurrent pending keys.

In TLS 1.3 multiple keys will be in use in a short span of time.
This change reduces the risk of overwriting not yet used keys
due to timing issues.

2015-01-09

2015-01-09 18:41:01 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Removed some obsolete FIXMEs.

2015-01-09 18:32:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Added send_certs().

This breaks out the code for sending client certificates from
handle_handshake() to a separate function to reduce code-
duplication when implementing TLS 1.3.

2015-01-08

2015-01-08 07:25:18 by Martin Nilsson <nilsson@opera.com>

We import '.', so we'll find Cipher unprefixed.

2015-01-07

2015-01-07 17:06:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Support TLS 1.3 ClientKeyShare.

client_hello() now sends a pure TLS 1.3 hello if Context.min_version
is TLS 1.3 or later, a compat TLS 1.3 hello if Context.max_version is
TLS 1.3 or later, and a legacy TLS 1.2 or earlier handshake otherwise.

Note that SSL.ServerConnection does not yet suport pure TLS 1.3 hellos,
and that the SSL.ClientConnection won't be happy with the result from a
server that does support TLS 1.3.

2015-01-06

2015-01-06 14:37:40 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Use new_cipher_states().

Reduces code duplication.

2015-01-06 14:25:28 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Enforce handshake packet order.

All currently supported handshake packets are allocated in order.

2015-01-06 14:09:23 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Clean up CCS handling.

expect_change_cipher is now only set by change_cipher_packet().

This is in preparation for TLS 1.3 where CCS won't be on the wire.

2015-01-06 13:23:21 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Added derive_master_secret().

More unification of code in client and server.

2015-01-05

2015-01-05 11:51:57 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: client_hello() now knows about early_data.

The early_data extension is used in TLS 1.3 to keep backward
compatibility. Unfortunately no code point for the extension
has been allocated yet, so the selected code point will most
likely change.

2014-12-30

2014-12-30 16:40:44 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Moved certificate_verify_packet() to Connection.

In TLS 1.3 this packet will be generated on the server side too.

2014-12-22

2014-12-22 15:03:05 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Send client certificate verify packet.

Update certificate_verify_packet() and reenable the related code.

Also fixes several FIXME's regarding the dual use of the
certificate_state variable. It is now strictly used only
for the server certificates.

Client-side support for client certificates should now work.

2014-12-21

2014-12-21 11:28:01 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Send client certificate verify packet.

Update certificate_verify_packet() and reenable the related code.

Also fixes several FIXME's regarding the dual use of the
certificate_state variable. It is now strictly used only
for the server certificates.

Client-side support for client certificates should now work.

2014-12-15

2014-12-15 21:10:53 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support the Negotiated FF-DHE Parameters draft.

NB: This draft has been incorporated into the TLS 1.3 draft.

2014-12-14

2014-12-14 14:46:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Crypto.DH: Renamed the DLDHE constants to FFDHE for clairity.

The DLDHE draft has been renamed FFDHE. As these constants aren't yet
used anywhere, rename them accordingly.

Also updates the references for the constants to the latest drafts
where they are defined.

2014-12-13

2014-12-13 12:11:52 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL [DHE]: Validate the Ys received from the peer.

This is required by the current FFDHE draft, and is needed to protect
the connection from MITM attacks.

Also changes some alerts from unexpected_message to handshake_failure
as required by the same draft.

2014-12-13 11:58:48 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL [DHE]: Validate the Ys received from the peer.

This is required by the current FFDHE draft, and is needed to protect
the connection from MITM attacks.

Also changes some alerts from unexpected_message to handshake_failure
as required by the same draft.

2014-12-03

2014-12-03 17:29:29 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: TLS 1.3 draft 3 does not allow compression.

2014-12-01

2014-12-01 12:18:06 by Martin Nilsson <nilsson@opera.com>

Abort processing when fatal package is sent.

2014-11-29

2014-11-29 16:38:14 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Use a plain Session if none is provided.

This avoids extraneous caching of client side sessions in
a cache where they will never be looked up.

2014-11-29 16:28:31 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.File: Added API for resuming sessions.

2014-11-29 16:27:42 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Added some support for resuming sessions.

2014-11-29 16:27:07 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Keep track of the session identity.

2014-11-29 10:25:19 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Use a plain Session if none is provided.

This avoids extraneous caching of client side sessions in
a cache where they will never be looked up.

2014-11-27

2014-11-27 12:40:50 by Martin Nilsson <nilsson@opera.com>

Abort processing when fatal package is sent.

2014-11-25

2014-11-25 16:03:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Interoperability fix.

The handshake messages are hashed twice, so avoid
zapping them too early.

The SSL module now interoperates with other implementations again.

FIXME: What about renegotiation?

2014-11-25 14:57:52 by Martin Nilsson <nilsson@opera.com>

Allow buffer objects in handshake_packet() and hearbeat_packet().

2014-11-25 12:19:19 by Martin Nilsson <nilsson@opera.com>

Renamed methods for consistency with Stdio.Buffer

2014-11-25 11:48:14 by Martin Nilsson <nilsson@opera.com>

put_fix_string() and add_data() converted to add().

2014-11-24

2014-11-24 18:11:35 by Martin Nilsson <nilsson@opera.com>

Use read_hbuffer where immediately possible.

2014-11-24 17:40:17 by Martin Nilsson <nilsson@opera.com>

Mark key exchange packets as 8bit.

2014-11-24 17:31:49 by Martin Nilsson <nilsson@opera.com>

Rewrote get_uint, put_uint, get_var_string and get_fix_string.

2014-11-24 17:22:30 by Martin Nilsson <nilsson@opera.com>

Replaced pop_data() with read() or direct buffer usage.

2014-11-24 17:02:08 by Martin Nilsson <nilsson@opera.com>

put_var_string -> add_hstring

2014-11-24 16:29:55 by Martin Nilsson <nilsson@opera.com>

Use SSL.Buffer instead of ADT.struct

2014-11-23

2014-11-23 17:10:01 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.File: Added API for resuming sessions.

2014-11-22

2014-11-22 13:10:33 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Added some support for resuming sessions.

2014-11-22 10:44:07 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Keep track of the session identity.

2014-10-15

2014-10-15 20:52:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Don't send extensions in SSL 3.0.

SSL 3.0 doesn't have the concept of protocol extensions,
so don't send any.

In the ServerConnection case, we assume that a client
that has sent extensions will accept extensions regardless
of the negotiated protocol version.

2014-10-15 20:15:16 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Don't send extensions in SSL 3.0.

SSL 3.0 doesn't have the concept of protocol extensions,
so don't send any.

In the ServerConnection case, we assume that a client
that has sent extensions will accept extensions regardless
of the negotiated protocol version.

2014-10-13

2014-10-13 17:02:42 by Martin Nilsson <nilsson@opera.com>

Some trivial TLS 1.3 changes.

2014-09-29

2014-09-29 23:55:47 by Martin Nilsson <nilsson@opera.com>

Verify that no additional payload is hidden in ASN.1 structures.

2014-09-08

2014-09-08 15:53:42 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Fixed typo in comment.

2014-09-04

2014-09-04 15:57:43 by Arne Goedeke <el@laramies.com>

Merge remote-tracking branch 'origin/8.0' into string_alloc

Conflicts:
src/stralloc.c

2014-08-24

2014-08-24 12:11:46 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Improved support for renegotiation.

2014-08-06

2014-08-06 15:04:55 by Martin Nilsson <nilsson@opera.com>

Move ke_factory to CipherSpec.

2014-08-06 14:27:44 by Martin Nilsson <nilsson@opera.com>

Make heartbleed probing optional and default off.

2014-08-01

2014-08-01 06:52:50 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Added lfun::_sprintf().

2014-07-16

2014-07-16 13:46:26 by Martin Nilsson <nilsson@opera.com>

Create a new struct object before cutting substrings, to prevent reading outside of the limit.

2014-07-16 13:24:10 by Martin Nilsson <nilsson@opera.com>

Whitespace and debug fixes.

2014-07-16 12:57:30 by Martin Nilsson <nilsson@opera.com>

Alerts messages are printed out when SSL3_DEBUG is enabled. Cut down the redundancy.

2014-07-16 12:41:43 by Martin Nilsson <nilsson@opera.com>

certificate_request probably works. Did some work on sending client certificates.

2014-07-15

2014-07-15 21:33:56 by Martin Nilsson <nilsson@opera.com>

Refactored certificate lookup.

2014-07-10

2014-07-10 19:53:28 by Martin Nilsson <nilsson@opera.com>

There MUST NOT be more than one extension of the same type. RFC 5246 section 7.4.1.4.

2014-07-06

2014-07-06 11:40:36 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Implemented support for the fallback SCSV.

This adds support for the protocol extension SCSV specified in
draft-ietf-tls-downgrade-scsv as of 2014-07-04.

This protects clients renegotiating failed connections with lower
protocol versions from MITM downgrade attacks, by informing the
server that the client actually supports a higher protocol version
than the one it is currently using.

2014-06-29

2014-06-29 21:30:28 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Fixed some typos in the previous commit.

2014-06-29 14:58:49 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Support EXTENSION_encrypt_then_mac.

This draft extension improves security for old CBC suites by
hashing the encrypted data including the padding. This works
around the various TLS padding attacks.

2014-06-09

2014-06-09 14:56:46 by Martin Nilsson <nilsson@opera.com>

RFC 6066 only allows one host DN in SNI.

2014-05-23

2014-05-23 19:14:54 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Unified several state variables into one.

SSL.Connection()->{closing,dying,handshake_finished} are now unified
into SSL.Connection()->state with named states.

It also keeps track of some of the stuff in SSL.sslfile()->close_state and
SSL.sslfile()->close_packet_send_state, which are likely to be removed soon.

2014-05-20

2014-05-20 10:08:45 by Martin Nilsson <nilsson@opera.com>

Have list of acceptable hash-signature-pairs in context.

2014-05-17

2014-05-17 10:50:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.ClientConnection: Improved SNI API.

Made SNI handling an explicit argument to create(), to allow for using
the same SSL.Context for client connections to multiple servers.

2014-05-16

2014-05-16 21:01:17 by Martin Nilsson <nilsson@opera.com>

Documentation and debug updates.

2014-05-15

2014-05-15 23:20:23 by Martin Nilsson <nilsson@opera.com>

0..255 -> 8bit

2014-05-15 21:19:59 by Martin Nilsson <nilsson@opera.com>

import .

2014-05-15 20:43:25 by Martin Nilsson <nilsson@opera.com>

Got rid of the Alert function.

2014-05-15 20:20:05 by Martin Nilsson <nilsson@opera.com>

Renamed SSL.context to SSL.Context.

2014-05-15 19:50:17 by Martin Nilsson <nilsson@opera.com>

Rename state to State.

2014-05-10

2014-05-10 22:38:20 by Martin Nilsson <nilsson@opera.com>

Change \!s->is_empty() to sizeof(s).

2014-05-10 19:04:27 by Martin Nilsson <nilsson@opera.com>

Abstract the extensions a bit. Also fixes max fragment length extension.

2014-05-08

2014-05-08 16:11:04 by Martin Nilsson <nilsson@opera.com>

Use get/put_var_uint_array for multibyte uints where possible.

2014-05-05

2014-05-05 16:47:37 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Improved documentation.

Updates the documentation to mention {Client,Server}Connection,
and adds a few crossreferences.

2014-05-04

2014-05-04 22:38:54 by Martin Nilsson <nilsson@opera.com>

Divide more mode-specific code between the subclasses.

2014-05-04 20:38:00 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Unified the handshake states.

Now that there is separate code for the server and client
handshake state-machines, there's no reason for them to
have different STATE_* codes.

Also splits and moves finished_packet() to {Client,Server}Connection.

2014-05-04 20:09:07 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL.Connection: Moved handle_handshake() to {Server,Client}Connection.

Splitted the handshake handling into server and client specific code,
and moved it to the respective corresponding module.

2014-05-04 18:00:13 by Martin Nilsson <nilsson@opera.com>

Trivially move out hello_request and client_hello.

2014-05-04 17:10:53 by Martin Nilsson <nilsson@opera.com>

Merge handshake and connection into Connection. Then make that as a base class for ClientConnectio and ServerConnection, that assumes respective role.