summaryrefslogtreecommitdiff
path: root/lib/sslv2_compat.c
Commit message (Collapse)AuthorAgeFilesLines
* Server hello format follows TLS1.2 formatNikos Mavrogiannopoulos2018-03-081-1/+1
| | | | | | | | | | | Also version negotiation was moved to supported_versions extension, and session ID is set by client following appendix D.4. This is a draft-ietf-tls-tls13-22 change. Resolves #393, #389, #397 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: split set_client_random to gen and setNikos Mavrogiannopoulos2018-02-191-3/+1
| | | | | | This aligns with set_server_random() and gen_server_random(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* handshake: only attempt to detect downgrade attacks if TLS1.3 is supportedNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | | | | Otherwise, connections under TLS 1.2 may fail, even if client never enabled TLS 1.3 support. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* extensions: files renamed to hello_extNikos Mavrogiannopoulos2018-02-191-1/+1
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: legacy version negotiation is not used for TLS 1.3Nikos Mavrogiannopoulos2018-02-191-1/+1
| | | | | | | | That is, ensure that the functions used for TLS 1.2 and earlier negotiation cannot be used with TLS 1.3. That is because TLS 1.3 is negotiated using a TLS extension. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added TLS 1.3 Hello message random generationNikos Mavrogiannopoulos2018-02-191-1/+3
| | | | | | | | That is, added check for TLS 1.3 random value requirements in client side, and generation according to TLS 1.3 requirements for server and client side. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: check SCSVs prior to resuming a sessionNikos Mavrogiannopoulos2017-09-071-1/+1
| | | | | | | | | | | This ensures that extensions which are also available as SCSVs are parsed prior to resuming a session. This resolves an issue with openssl sending SCSV instead of an extension for the safe renegotiation. Relates #259 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* security_parameters: simplified contents by keeping pointer to ↵Nikos Mavrogiannopoulos2017-08-021-5/+3
| | | | | | | | | cipher_suite_entry_st That, in addition to simplifying the contents, it allows faster access to ciphersuite's properties. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Removed support for compression mechanismsNikos Mavrogiannopoulos2017-06-221-5/+0
| | | | | | | | | | They are not required for TLS 1.3, and are deprecated for TLS 1.2. We eliminate them in order to reduce the complexity in the record packet handling. Resolves #212 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Rework setting next compression methodDmitry Eremin-Solenikov2016-12-141-3/+3
| | | | | | | | Only update compression method if all internal check succeed and next epoch will use this it. Also while we are at at, actually check for _gnutls_set_compression() return value. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Allow for conditional compilation of SSL 2.0 client hello supportNikos Mavrogiannopoulos2016-05-201-0/+2
| | | | | | | This allows to completely remove SSL 2.0 support by calling configure with the '--disable-ssl2-support' option. Relates #97
* handshake: when receiving a TLS version which is too low failNikos Mavrogiannopoulos2015-12-141-5/+7
| | | | | | | | That is, don't treat all unsupported version as being to high. Treat versions which are not known and lower than the highest as a protocol error. Resolves #42
* Removed the 'gnutls_' prefix from files to simplify file namingNikos Mavrogiannopoulos2015-08-231-0/+254
View Lorry Controller Status