| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
| |
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
| |
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
|
|
|
|
|
|
|
|
|
| |
This implements the record_size_limit extension as defined in RFC 8449.
Although it obsoletes the max_record_size extension, for compatibility
reasons GnuTLS still sends it on certain occasions. For example, when
the new size is representable as the codepoint defined for
max_record_size.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
As 0-RTT is still not implemented in GnuTLS, the server responds with
1-RTT, by skipping decryption failure up to max_early_data_size, as
suggested in 4.2.10 Early Data Detection.
Resolves #512
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
| |
|
|
|
|
| |
Split combined ECC extensions into different files.
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
| |
|
|
|
|
|
|
|
|
|
| |
That adds support for pre-shared keys with and without Diffie-Hellman
key exchange. That's a modified version of initial Ander's patch.
Resolves #414
Resolves #125
Signed-off-by: Ander Juaristi <a@juaristi.eus>
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.org>
|
| |
|
|
|
|
| |
That introduces an internal API to associate data to an extension.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
This enables TLS 1.3 key exchange based on the key share extension.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
That is, introduced the TLS 1.3 supported_versions extension. It is currently
only being used if negotiating TLS 1.3 or later.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
| |
Resolves #178
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
It implements a revised version of RFC7366, to avoid interoperability
issues: http://www.ietf.org/mail-archive/web/tls/current/msg14349.html
This is currently enabled by default, unless %NO_ETM, or %COMPAT
is specified.
|
| |
|
|
|
| |
That is performed implicitly unless GNUTLS_NO_EXTENSIONS is specified.
The implementation follows draft-ietf-tls-session-hash-02.
|
| |
|
|
|
|
|
| |
This extension did not get accepted by IETF so it is
now being removed. The gnutls_range API is kept in case
length hiding is implemented in a different way at some
point.
|
| |
|
|
| |
This works around issues when connecting behind some firewalls.
|
| |
|
|
|
|
|
|
| |
This is required for using nettle/memxor.h, which now is included
implicitly via gnutls_int.h, if the nettle include directories
aren't in one of the compiler standard paths.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It is negotiated via an extension and record data are now formatted as:
ciphered-struct {
opaque pad<0..2^16-1>
opaque content[TLSCompressed.length];
opaque MAC[CipherSpec.hash_size];
}
The ciphered-struct size is always 0 modulo the block size
in block ciphers to avoid any need for additional padding.
Added extension to negotiate new record padding.
|
| | |
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
|
| |
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
