summaryrefslogtreecommitdiff
path: root/lib/ssl/src/tls_connection.erl
Commit message (Collapse)AuthorAgeFilesLines
* ssl: Implement DTLS state machineIngela Anderton Andin2016-12-051-12/+29
| | | | | | | | | | | | | | | | | | | | | Beta DTLS, not production ready. Only very basically tested, and not everything in the SPEC is implemented and some things are hard coded that should not be, so this implementation can not be consider secure. Refactor "TLS connection state" and socket handling, to facilitate DTLS implementation. Create dtls "listner" (multiplexor) process that spawns DTLS connection process handlers. Handle DTLS fragmentation. Framework for handling retransmissions. Replay Detection is not implemented yet. Alerts currently always handled as in TLS.
* Merge branch 'ingela/ssl/ECC-selection-fix/OTP-13918' into maint-19Erlang/OTP2016-09-281-4/+1
|\ | | | | | | | | * ingela/ssl/ECC-selection-fix/OTP-13918: ssl: Correct ECC curve selection, the error could cause default to always be selected.
| * ssl: Correct ECC curve selection, the error could cause default to always be ↵Ingela Anderton Andin2016-09-281-4/+1
| | | | | | | | selected.
* | ssl: Avoid event reorderingIngela Anderton Andin2016-09-271-2/+11
|/ | | | | | | | Several handshake events may be received in the same TLS packet. Then there will be several events pushed to the gen_statems internal queue. New events already in the socket-buffer should not be processed if there are more unprocessed handshake events in next_event queue. We need to handle this in the next_record/1 function.
* ssl: Refactor to use maps for the connection statesIngela Anderton Andin2016-09-051-1/+1
|
* ssl, dtls: Refactor sni handlingIngela Anderton Andin2016-09-051-51/+17
|
* dtls: Add protocol event handlingIngela Anderton Andin2016-09-051-2/+2
|
* ssl: Refactor code so that tls and dtls can share more codeIngela Anderton Andin2016-09-051-345/+17
| | | | | | | We want to share more alert and application data handling code. Some of the application data handling code, packet handling, will not be relevant for dtls, but this code can be excluded from dtls by options checking.
* ssl, dtls: Disable V2 compatibility clause from ↵Ingela Anderton Andin2016-09-051-5/+6
| | | | | | | ssl_handshake:update_handshake_history This proably a much bigger problem for DTLS than TLS, but should be disabled for both unless explicitly configured for TLS.
* ssl: Gracefulness behaviour when receiving partially malformed messagesIngela Anderton Andin2016-08-311-13/+46
|
* Rewrite SSL for gen_statem M:callback_mode/0Raimo Niskanen2016-08-021-7/+8
|
* ssl: introduce the notion of flights for dtls and tlsAndreas Schultz2016-06-131-21/+29
| | | | | | | | | | | | | | | | | | | | | | The flight concept was introduced by DTLS (RFC 4347) to optimize the packing of DTLS records into UDP packets. This change implments the flight concept in the the generic SSL connection logic and add the queue logic to the TLS and DTLS stack. The DTLS required resend handling is not implemented yet. While the flight handling is only required for DTSL, it turns out that the same mechanism can be usefull to TCP based TLS as well. With the current scheme each TLS record will be mapped into a separate TCP frame. This causes more TCP frames to be generate that necessary. On fast network this will have no impact, but reducing the number of frames and thereby the number of round trips can result in significant speedups on slow and unreliable networks. Conflicts: lib/ssl/src/tls_connection.erl
* ssl: Add option to phase out support for sslv2 client helloIngela Anderton Andin2016-06-031-3/+4
| | | | | | | | ssl servers can recognize sslv2 client hellos to interop with clients that support higher version of SSL/TLS but also offers sslv2 Conflicts: lib/ssl/src/tls_connection.erl
* ssl: simplyfy code using gen_statemIngela Anderton Andin2016-06-011-66/+29
|
* ssl: Add BEAST mitigation selection optionKenneth Lakin2016-05-261-1/+2
| | | | | | | | | Some legacy TLS 1.0 software does not tolerate the 1/n-1 content split BEAST mitigation technique. This commit adds a beast_mitigation SSL option (defaulting to one_n_minus_one) to select or disable the BEAST mitigation technique. Valid option values are (one_n_minus_one | zero_n | disabled).
* ssl: Send correct close messageIngela Anderton Andin2016-05-201-1/+1
|
* ssl: Add reinitialization of handshake data lost in gen_statem refactorizationIngela Anderton Andin2016-05-051-1/+12
|
* ssl: Use gen_statem instead of gen_fsmIngela Anderton Andin2016-05-031-306/+291
| | | | Also reduce timing issues in tests
* Merge branch 'henrik/update-copyrightyear'Henrik Nord2016-04-131-1/+1
|\ | | | | | | | | * henrik/update-copyrightyear: update copyright-year
| * update copyright-yearHenrik Nord2016-03-151-1/+1
| |
* | ssl: Add option signature_algsIngela Anderton Andin2016-04-061-11/+12
|/ | | | | | | | | | | | | In TLS-1.2 The signature algorithm and the hash function algorithm used to produce the digest that is used when creating the digital signature may be negotiated through the signature algorithm extension RFC 5246. We want to make these algorithm pairs configurable. In connections using lower versions of TLS these algorithms are implicit defined and can not be negotiated or configured. DTLS is updated to not cause dialyzer errors, but needs to get a real implementation later.
* ssl: Fix timing releated bugIngela Anderton Andin2016-01-211-0/+2
|
* ssl: fix hibernate_after with instant or near instant timeoutsAndrey Mayorov2015-12-111-1/+1
|
* ssl: Client should send the hello message in the lowest version it is ↵Ingela Anderton Andin2015-11-181-1/+2
| | | | | | willing to support Refactor highest_protocol_version so that code is symmetrical with lowest_protocol_version. For clarity and possible future use cases of highest_protocol_version/2
* ssl: Improve shutdown logicIngela Anderton Andin2015-09-161-10/+45
| | | | | | | | | | | | Add possibility to downgrade an SSL/TLS connection to a tcp connection, and give back the socket control to a user process. Add application setting to be able to change fatal alert shutdown timeout, also shorten the default timeout. The fatal alert timeout is the number of milliseconds between sending of a fatal alert and closing the connection. Waiting a little while improves the peers chances to properly receiving the alert so it may shutdown gracefully.
* Change license text to APLv2Bruce Yinhe2015-06-181-9/+10
|
* Merge branch 'ferd/deny-client-renegotiation'Henrik Nord2015-06-101-0/+1
|\ | | | | | | | | | | | | | | | | | | | | * ferd/deny-client-renegotiation: Add disable client-initiated renegotiation option Conflicts: lib/ssl/doc/src/ssl.xml lib/ssl/src/ssl.erl OTP-12815
| * Add disable client-initiated renegotiation optionFred Hebert2015-06-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Client-initiated renegotiation is more costly for the server than the client, and this feature can be abused in denial of service attempts. Although the ssl application already takes counter-measure for these (via cooldown periods between renegotiations), it can be useful to disable the feature entirely. This patch adds the `{client_renegotiation, boolean()}' option to the server-side of the SSL application (defaulting to `true' to be compatible with the current behaviour). The option disables the ability to do any renegotiation at all in the protocol's state, reusing the existing denial code, but without opening the code path that sets up a timed message to eventually reopen it up.
| * ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin2015-01-231-3/+4
| | | | | | | | | | | | | | | | | | | | disable option Conflicts: lib/ssl/src/ssl_cipher.erl lib/ssl/src/ssl_record.erl lib/ssl/src/tls_record.erl lib/ssl/test/ssl_cipher_SUITE.erl
* | ssl: Refactored and corrected sni_fun handlingIngela Anderton Andin2015-05-121-42/+44
| | | | | | | | | | | | | | | | | | Dialyzer warned about the incorrect match of Packets. Code was refactored and the problem avoided in the process. Dialyzer warned that the empty tuple is not a function as the contract said it should be. Changed the handling of the sni_fun default value to be undefined and added it to the contract.
* | ssl: add option sni_funQijiang Fan2015-05-121-7/+13
| | | | | | | | | | | | The newly added function sni_fun allows dynamic update of SSL options like keys and certificates depending on different SNI hostname, rather than a predefined rules of SSL options.
* | ssl: add SNI server supportQijiang Fan2015-05-121-1/+41
| |
* | ssl: Add TLS-ALPN supportLoïc Hoguin2015-03-171-6/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds support for RFC7301, application-layer protocol negotiation. ALPN is the standard based approach to the NPN extension, and is required for HTTP/2. ALPN lives side by side with NPN and provides an equivalent feature but in this case it is the server that decides what protocol to use, not the client. When both ALPN and NPN are sent by a client, and the server is configured with both ALPN and NPN options, ALPN will always take precedence. This behavior can also be found in the OpenSSL implementation of ALPN. ALPN and NPN share the ssl:negotiated_protocol/1 function for retrieving the negotiated protocol. The previously existing function ssl:negotiated_next_protocol/1 still exists, but has been deprecated and removed from the documentation. The tests against OpenSSL require OpenSSL version 1.0.2+.
* | ssl: Reenable padding check for TLS-1.0 and provide backwards compatibleIngela Anderton Andin2015-01-231-3/+4
|/ | | | disable option
* ssl: Prepare for release - soft upgradeIngela Anderton Andin2014-09-101-1/+15
|
* ssl: Make sure change cipher spec is correctly handledIngela Anderton Andin2014-06-111-3/+7
|
* ssl: Workaround that gen_fsm does not call CB:format_status when CB:terminateIngela Anderton Andin2014-06-031-1/+1
| | | | crashes.
* ssl: Add format_status function to ssl connection processIngela Anderton Andin2014-05-271-1/+4
|
* ssl: Add ssl options to listen options trackerIngela Anderton Andin2014-05-261-39/+40
|
* ssl: Move initIngela Anderton Andin2014-05-261-22/+3
|
* ssl: Add checks to avoid processing of illegal alertsIngela Anderton Andin2014-04-301-14/+8
|
* ssl: Fix crash on garbage during handshakeDanil Zagoskin2014-04-231-1/+5
| | | | | | | | If a client sends some garbage in ssl record instead of valid fragment, server crashes with function_clause while receiving next record from client. This patch makes server raise handshake failure instead of crashing and exposing internal state to user code.
* ssl: always pass negotiated version when selecting hashsignDanil Zagoskin2014-04-231-1/+1
| | | | | | Negotiated version is now always passed to ssl_handshake:select_hashsign because ssl_handshake:select_cert_hashsign has different rsa defaults on tlsv1.2 and older versions.
* ssl: Graceful handling of warning alertsIngela Anderton Andin2014-04-171-2/+3
| | | | Generalize last warning alert function clause
* ssl: fix elliptic curve selection in server modeAndreas Schultz2014-01-141-4/+4
| | | | | | | | | | | The server code erroneously took the list of curves supported by the client from it's own hello extension, effectively breaking curve selection all together. Also the default fallback secp256k1 curve is not supported by all clients. secp256r1 is recommended as part of the NIST Suite B cryptographic suites. The chances are much better that all clients support it, so use that as fallback.
* ssl: Trap exitsIngela Anderton Andin2013-12-021-0/+1
|
* ssl: Refactor connetion handlingIngela Anderton Andin2013-12-021-1113/+328
|
* ssl: API and supervisorIngela Anderton Andin2013-12-021-4/+4
|
* ssl: Dialyzer fixesIngela Anderton Andin2013-12-021-7/+0
|
* ssl: Refactor APIIngela Anderton Andin2013-12-021-6/+7
| | | | | | New design : ssl - Main tls - Reflect tls specific semantics dtls - Reflect dtls specific semantics
View Lorry Controller Status