root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
10,249 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

39 Commits

Author SHA1 Message Date
Nick Mathewson 4af793036f Do not include a timestamp in the ClientHello Random field. 
Instead, send random bytes.

While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear.  This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:

    * It's quite possible to open two TLS connections in one second.
    * If the PRNG output is prone to repeat itself, ephemeral
    * handshakes (and who knows what else besides) are broken.
 2013-09-16 13:44:10 -04:00
Dr. Stephen Henson 9c284f9651 PR: 2748 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
 2012-03-06 13:24:16 +00:00
Dr. Stephen Henson bd6941cfaa PR: 2658 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.
 2011-12-31 23:00:36 +00:00
Dr. Stephen Henson e065e6cda2 PR: 2535 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Add SCTP support for DTLS (RFC 6083).
 2011-12-25 14:45:40 +00:00
Dr. Stephen Henson a8cb8177f6 PR: 2505 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Fix DTLS session resumption timer bug.
 2011-05-25 12:24:43 +00:00
Dr. Stephen Henson c6dd154b3e oops, revert previous patch 2010-08-27 12:10:12 +00:00
Dr. Stephen Henson 35cae95032 PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix other cases not covered by original patch.
 2010-08-27 11:57:42 +00:00
Dr. Stephen Henson 48ae85b6ff PR: 1833 
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>

Support for abbreviated handshakes when renegotiating.
 2010-08-26 14:22:40 +00:00
Dr. Stephen Henson 57749b1b9f PR: 1949 
Submitted by: steve@openssl.org

More robust fix and workaround for PR#1949. Don't try to work out if there
is any write pending data as this can be unreliable: always flush.
 2010-01-26 19:46:30 +00:00
Dr. Stephen Henson 675564835c New option to enable/disable connection to unpatched servers 2009-12-16 20:28:30 +00:00
Dr. Stephen Henson 593222afe1 PR: 2121 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Add extension support to DTLS code mainly using existing implementation for
TLS.
 2009-12-08 11:38:18 +00:00
Dr. Stephen Henson d5b8c46499 PR: 2115 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Add Renegotiation extension to DTLS, fix DTLS ClientHello processing bug.
 2009-12-01 17:41:42 +00:00
Dr. Stephen Henson d7406b1528 PR: 1993 
Fix from 0.9.8-stable.
 2009-07-24 11:52:32 +00:00
Dr. Stephen Henson 5135d6b985 Fix error codes and indentation. 2009-07-15 11:32:58 +00:00
Dr. Stephen Henson 4e63da0669 PR: 1950 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve@openssl.org

DTLS fragment retransmission bug.
 2009-06-05 14:46:49 +00:00
Dr. Stephen Henson e1f09dfd84 PR: 1921 
Submitted by: Michael Tuexen <tuexen@fh-muenster.de>
Reviewed by: steve@openssl.org

Add ECDHE and PSK support to DTLS.
 2009-05-31 17:11:24 +00:00
Dr. Stephen Henson d6584eba8c PR: 1922 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer bug fix.
 2009-05-15 22:58:13 +00:00
Dr. Stephen Henson b0dd3d1b94 Another kerberos fix. 2009-04-21 22:30:54 +00:00
Dr. Stephen Henson 21fb688d26 Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Dr. Stephen Henson b452f43322 PR: 1751 
Submitted by: David Woodhouse <dwmw2@infradead.org>
Approved by: steve@openssl.org

Compatibility patches for Cisco VPN client DTLS.
 2009-04-19 18:03:13 +00:00
Dr. Stephen Henson aab790a656 PR: 1829 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

DTLS Timer Bug fix.
 2009-04-14 14:33:12 +00:00
Dr. Stephen Henson 1319aad994 PR: 1647 
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Update patch for PR#1647.
 2009-04-14 14:22:26 +00:00
Dr. Stephen Henson c6196da587 Update from 0.9.8-stable. 2009-04-02 22:28:52 +00:00
Dr. Stephen Henson 368888bcb6 Add client cert engine to SSL routines. 2008-06-01 22:33:24 +00:00
Geoff Thorpe 1e26a8baed Fix a variety of warnings generated by some elevated compiler-fascism, 
OPENSSL_NO_DEPRECATED, etc. Steve, please double-check the CMS stuff...
 2008-03-16 21:05:46 +00:00
Andy Polyakov 0d97d00b6c DTLS RFC4347 says HelloVerifyRequest resets Finished MAC. 2007-09-30 19:34:36 +00:00
Andy Polyakov e7adda52b3 DTLS RFC4347 requires client to use rame random field in reply to 
HelloVerifyRequest.
 2007-09-30 19:15:27 +00:00
Dr. Stephen Henson 81025661a9 Update ssl code to support digests other than MD5+SHA1 in handshake. 
Submitted by: Victor B. Wagner <vitus@cryptocom.ru>
 2007-08-31 12:42:53 +00:00
Bodo Möller 7e69565fe6 fix warnings/inconsistencies caused by the recent changes to the 
ciphersuite selection code in HEAD

Submitted by: Victor Duchovni
 2007-02-19 14:53:18 +00:00
Bodo Möller 52b8dad8ec Reorganize the data used for SSL ciphersuite pattern matching. 
This change resolves a number of problems and obviates multiple kludges.
A new feature is that you can now say "AES256" or "AES128" (not just
"AES", which enables both).

In some cases the ciphersuite list generated from a given string is
affected by this change.  I hope this is just in those cases where the
previous behaviour did not make sense.
 2007-02-17 06:45:38 +00:00
Dr. Stephen Henson 7bbcb2f690 Avoid warnings on VC++ 2005. 2005-12-05 17:21:22 +00:00
Dr. Stephen Henson 09b6c2ef15 Make OPENSSL_NO_COMP compile again. 2005-09-30 23:35:33 +00:00
Nils Larsch 4ebb342fcd Let the TLSv1_method() etc. functions return a const SSL_METHOD 
pointer and make the SSL_METHOD parameter in SSL_CTX_new,
SSL_CTX_set_ssl_version and SSL_set_ssl_method const.
 2005-08-14 21:48:33 +00:00
Dr. Stephen Henson f3b656b246 Initialize SSL_METHOD structures at compile time. This removes the need 
for locking code. The CRYPTO_LOCK_SSL_METHOD lock is now no longer used.
 2005-08-05 23:56:11 +00:00
Geoff Thorpe 20a90e3a76 Fix some signed/unsigned warnings. 2005-07-22 03:36:30 +00:00
Nils Larsch 3eeaab4bed make 
./configure no-deprecated [no-dsa] [no-dh] [no-ec] [no-rsa]
    	make depend all test
work again

PR: 1159
 2005-07-16 12:37:36 +00:00
Bodo Möller c6c2e3135d Don't use the SSL 2.0 Client Hello format if SSL 2.0 is disabled 
with the SSL_OP_NO_SSLv2 option.
 2005-05-11 18:25:49 +00:00
Bodo Möller beb056b303 fix SSLerr stuff for DTLS1 code; 
move some functions from exported header <openssl/dtl1.h> into "ssl_locl.h";
fix silly indentation (a TAB is *not* always 4 spaces)
 2005-04-26 18:08:00 +00:00
Ben Laurie 36d16f8ee0 Add DTLS support. 2005-04-26 16:02:40 +00:00