summaryrefslogtreecommitdiff
path: root/lib/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Prepare releaseErlang/OTP2023-05-154-4/+206
|
* Update copyright yearErlang/OTP2023-05-151-1/+1
|
* ssl: Put back premature removed default of TLS-1.3 legacy schemesIngela Anderton Andin2023-05-101-1/+1
|
* Merge pull request #7214 from ↵Ingela Andin2023-05-091-2/+8
|\ | | | | | | | | IngelaAndin/ingela/ssl/better-middlebox-assert-error ssl: Improve error information when middlebox assert fails
| * ssl: Improve error information when middlebox assert failsIngela Anderton Andin2023-05-081-2/+8
| |
* | ssl: Add signature_algs/2Ingela Anderton Andin2023-05-085-24/+132
|/ | | | | | | | | | | To make it easier to configure signature algorithms with algorithms that are moved from the default add the API function signature_algs/2 that lists possible values. Also adjust signature algorithms according to TLS-1.3 RFC. That is TLS-1.3 legacy algorithms/schemes names should be used insted of TLS-1.2 algorithms names to be supported in TLS-1.2-TLS-1.3 combination. sha224 is also considered legacy and should not be part of the defaults.
* Merge pull request #7206 from qzhuyan/doc/william/typo-tls-root-funIngela Andin2023-05-051-1/+1
|\ | | | | doc(ssl): fix root_fun typo
| * doc(ssl): fix root_fun typoWilliam Yang2023-05-041-1/+1
| |
* | Merge branch 'dgud/ssl/default-fail-no-peercert/OTP-18567'Dan Gudmundsson2023-05-036-25/+30
|\ \ | | | | | | | | | | | | | | | * dgud/ssl/default-fail-no-peercert/OTP-18567: ssl: Fix that users can send data during renegotiation ssl: Make fail_if_no_peer_cert default true if verify_peer is set
| * | ssl: Fix that users can send data during renegotiationDan Gudmundsson2023-04-271-5/+4
| | | | | | | | | | | | | | | A timing issue was found during testing of the previous commit. Users should be allowed to send data during the renegotiation.
| * | ssl: Make fail_if_no_peer_cert default true if verify_peer is setDan Gudmundsson2023-04-275-20/+26
| | | | | | | | | | | | | | | | | | | | | | | | Otherwise the client could not send a certificate and the server will accept the connection even if verify_peer is set and the user have forgot to set the fail_if_no_peer_cert. This is changed to make the default options safer.
* | | Merge branch 'maint' into masterJakub Witczak2023-04-272-1/+25
|\ \ \ | |/ / |/| | | | | | | | | | | | | | * maint: Updated OTP version Prepare release Update copyright year
| * | Merge branch 'maint-25' into maintJakub Witczak2023-04-275-4/+28
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | * maint-25: Updated OTP version Prepare release Update copyright year
| | * | Prepare releaseErlang/OTP2023-04-252-1/+25
| | | |
| | * | Update copyright yearErlang/OTP2023-04-255-5/+5
| | | |
| | * | Merge branch 'kuba/ssl/kuba/ssl/keylog_fix/OTP-18489' into maint-25Erlang/OTP2023-04-253-56/+94
| | |\ \ | | | | | | | | | | | | | | | | | | | | * kuba/ssl/kuba/ssl/keylog_fix/OTP-18489: ssl: fix keylog mechanism
| | * \ \ Merge branch 'ingela/ssl/test-stop-using-weak-key' into maint-25Erlang/OTP2023-04-251-7/+15
| | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | * ingela/ssl/test-stop-using-weak-key: ssl: Let test case use stronger key
* | | \ \ \ Merge branch 'maint' into masterJakub Witczak2023-04-211-0/+17
|\ \ \ \ \ \ | |/ / / / / | | | | | / | |_|_|_|/ |/| | | | | | | | | | | | | | * maint: Updated OTP version Prepare release Update copyright year
| * | | | Merge branch 'maint-24' into maintJakub Witczak2023-04-213-2/+19
| |\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * maint-24: Updated OTP version Prepare release Update copyright year
| | * | | | Prepare releaseErlang/OTP2023-04-202-1/+18
| | | | | |
| | * | | | Update copyright yearErlang/OTP2023-04-203-3/+3
| | | | | |
| | * | | | Merge branch 'ingela/ssl/test-stop-using-weak-key' into maint-24Erlang/OTP2023-04-201-7/+15
| | |\ \ \ \ | | | | |/ / | | | |/| | | | | | | | | | | | | | * ingela/ssl/test-stop-using-weak-key: ssl: Let test case use stronger key
| | * | | | ssl: Honor signatur alogithm input orderIngela Anderton Andin2023-04-062-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | List was accidently reversed
| * | | | | Merge branch 'ingela/ssl/test-stop-using-weak-key' into maintIngela Anderton Andin2023-04-201-7/+15
| |\ \ \ \ \ | | | |/ / / | | |/| | | | | | | | | | | | | | | * ingela/ssl/test-stop-using-weak-key: ssl: Let test case use stronger key
| * | | | | Merge branch 'ingela/ssl/correct-sigalg-order/OTP-18550' into maintIngela Anderton Andin2023-04-062-4/+9
| |\ \ \ \ \ | | | |_|/ / | | |/| | | | | | | | | | | | | | | * ingela/ssl/correct-sigalg-order/OTP-18550: ssl: Honor signatur alogithm input order
* | | | | | Merge branch 'ingela/ssl/correct-group-spec-add-edwards-curves'Ingela Anderton Andin2023-04-181-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ingela/ssl/correct-group-spec-add-edwards-curves: ssl: Add the edwards curves to the group spec
| * | | | | | ssl: Add the edwards curves to the group specIngela Anderton Andin2023-04-171-1/+1
| | | | | | |
* | | | | | | Merge branch 'ingela/ssl/test-stop-using-weak-key'Ingela Anderton Andin2023-04-181-7/+15
|\ \ \ \ \ \ \ | | |_|_|/ / / | |/| | | | | | | | | | | | | | | | | | | * ingela/ssl/test-stop-using-weak-key: ssl: Let test case use stronger key
| * | | | | | ssl: Let test case use stronger keyIngela Anderton Andin2023-04-171-7/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Caused test case failiur due to fix by ingela/ssl/correct-sigalg-order/OTP-18550
* | | | | | | Revert "Prepare release"Henrik Nord2023-04-123-200/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit d4e4511b19f4126d9271a6e3a8fa2eb716da7e85.
* | | | | | | Prepare releaseErlang/OTP2023-04-113-3/+200
| | | | | | |
* | | | | | | Update copyright yearErlang/OTP2023-04-1125-25/+25
| |/ / / / / |/| | | | |
* | | | | | Merge branch 'ingela/ssl/correct-sigalg-order/OTP-18550'Ingela Anderton Andin2023-04-062-4/+9
|\ \ \ \ \ \ | | |_|/ / / | |/| | | | | | | | | | | | | | | | * ingela/ssl/correct-sigalg-order/OTP-18550: ssl: Honor signatur alogithm input order
| * | | | | ssl: Honor signatur alogithm input orderIngela Anderton Andin2023-04-062-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | List was accidently reversed
* | | | | | Merge pull request #7065 from ↵Kiko Fernandez-Reyes2023-04-0546-1263/+1111
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | kikofernandez/kiko/ssl/add-macro-to-tls-versions/OTP-18465 ssl: replace hardcoded numbers by macros OTP-18465
| * | | | | | ssl: minor refactoringKiko Fernandez-Reyes2023-04-041-4/+1
| | | | | | |
| * | | | | | ssl: split overloaded functionKiko Fernandez-Reyes2023-04-048-49/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | splits the overloaded function `tls_record:protocol_version` (and its equivalent in module `dtls`), which was accepting atoms (e.g., tlsv1.2) and the internal representation of (D)TLS versions (tuples ,e.g., {3,4} for TLS 1.3) into two different functions. `protocol_version_name` accepts names (atoms) and returns its internal representation; `procotol_version` accepts the internal representation and returns its name.
| * | | | | | ssl: replace macro nameKiko Fernandez-Reyes2023-04-0317-70/+70
| | | | | | |
| * | | | | | ssl: refactor filter_hashsignsKiko Fernandez-Reyes2023-04-031-68/+51
| | | | | | |
| * | | | | | ssl: apply reviewer commentKiko Fernandez-Reyes2023-03-311-67/+35
| | | | | | |
| * | | | | | ssl: use of maps and all instead of recursive implementationKiko Fernandez-Reyes2023-03-3145-853/+764
| | | | | | |
| * | | | | | ssl: use macros instead of hardcoded version numbersKiko Fernandez-Reyes2023-03-3039-707/+681
| | | | | | |
* | | | | | | ssl: Avoid OpenSSL versions that will not interop with {dsa,sha}Ingela Anderton Andin2023-04-043-2/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These are versions that pass normal interop test but still do not work.
* | | | | | | Merge pull request #7059 from ↵Ingela Andin2023-04-031-22/+37
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | | | | | | | | | | | | | | | IngelaAndin/ingela/ssl/user-warning-alert-TLS-1_3/OTP-18531 ssl: Enhance warning alert handling
| * | | | | | ssl: Enhance warning alert handlingIngela Anderton Andin2023-03-281-22/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a user cancel alert with level warning is received during handshake make it be handled the same regardless of TLS version. If it is received in the state connection in TLS-1.3 regard it as an error as it is inappropriate. In TLS-1.3 all error alerts are considered FATAL regardless of legacy alert type. But make sure legacy type is printed in logs to not confuse users that are expecting the same legacy type as sent by peer.
* | | | | | | ssl: Remove less that 256 bit ECC from default supported ECC pre TLS-1.3Ingela Anderton Andin2023-03-283-6/+9
|/ / / / / / | | | | | | | | | | | | | | | | | | TLS-1.3 already does not support such curves
* | | | | | Merge pull request #7033 from u3s/kuba/ssl/exp_ocsp_refactorJakub Witczak2023-03-2816-171/+222
|\ \ \ \ \ \ | | | | | | | | | | | | | | Kuba/ssl/exp ocsp refactor
| * | | | | | ssl: fix OCSP responder shutdownJakub Witczak2023-03-211-7/+12
| | | | | | |
| * | | | | | ssl: OCSP responder debug in end_per_suite logsJakub Witczak2023-03-213-18/+30
| | | | | | |
| * | | | | | ssl: add test macroJakub Witczak2023-03-212-1/+3
| | | | | | |
View Lorry Controller Status