openssl

Author	SHA1	Message	Date
Dr. Stephen Henson	c76b7a1a82	Don't try to use unvalidated composite ciphers in FIPS mode	2012-04-26 18:49:45 +00:00
Dr. Stephen Henson	502dfeb8de	Change value of SSL_OP_NO_TLSv1_1 to avoid clash with SSL_OP_ALL and OpenSSL 1.0.0. Add CHANGES entry noting the consequences.	2012-04-25 23:08:44 +00:00
Andy Polyakov	5bbed29518	s23_clnt.c: ensure interoperability by maitaining client "version capability" vector contiguous [from HEAD]. PR: 2802	2012-04-25 22:07:23 +00:00
Dr. Stephen Henson	dedfe959dd	correct error code	2012-04-18 14:53:48 +00:00
Bodo Möller	4d936ace08	Disable SHA-2 ciphersuites in < TLS 1.2 connections. (TLS 1.2 clients could end up negotiating these with an OpenSSL server with TLS 1.2 disabled, which is problematic.) Submitted by: Adam Langley	2012-04-17 15:20:17 +00:00
Dr. Stephen Henson	89bd25eb26	Additional workaround for PR#2771 If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES.	2012-04-17 14:41:23 +00:00
Dr. Stephen Henson	4a1cf50187	Partial workaround for PR#2771. Some servers hang when presented with a client hello record length exceeding 255 bytes but will work with longer client hellos if the TLS record version in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all cases...	2012-04-17 13:20:19 +00:00
Andy Polyakov	32e12316e5	OPENSSL_NO_SOCK fixes [from HEAD]. PR: 2791 Submitted by: Ben Noordhuis	2012-04-16 17:43:15 +00:00
Andy Polyakov	c2770c0e0e	s3_srvr.c: fix typo [from HEAD]. PR: 2538	2012-04-15 17:23:41 +00:00
Andy Polyakov	371056f2b9	e_aes_cbc_hmac_sha1.c: handle zero-length payload and engage empty frag countermeasure [from HEAD]. PR: 2778	2012-04-15 14:23:03 +00:00
Andy Polyakov	3f98d7c0b5	ssl/ssl_ciph.c: interim solution for assertion in d1_pkt.c(444) [from HEAD]. PR: 2778	2012-04-04 20:51:27 +00:00
Dr. Stephen Henson	63e8f16737	PR: 2778(part) Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com> Time is always encoded as 4 bytes, not sizeof(Time).	2012-03-31 18:02:43 +00:00
Dr. Stephen Henson	418044cbab	Experimental workaround to large client hello issue (see PR#2771). If OPENSSL_NO_TLS1_2_CLIENT is set then TLS v1.2 is disabled for clients only.	2012-03-29 19:08:54 +00:00
Dr. Stephen Henson	78c5d2a9bb	use client version when deciding whether to send supported signature algorithms extension	2012-03-21 21:32:57 +00:00
Andy Polyakov	9cc42cb091	ssl/t1_enc.c: pay attention to EVP_CIPH_FLAG_CUSTOM_CIPHER [from HEAD].	2012-03-13 19:21:15 +00:00
Dr. Stephen Henson	267c950c5f	Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Add more extension names in s_cb.c extension printing code.	2012-03-09 18:37:41 +00:00
Dr. Stephen Henson	ce1605b508	PR: 2756 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix DTLS timeout handling.	2012-03-09 15:52:20 +00:00
Dr. Stephen Henson	25bfdca16a	PR: 2755 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reduce MTU after failed transmissions.	2012-03-06 13:47:27 +00:00
Dr. Stephen Henson	9c284f9651	PR: 2748 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix possible DTLS timer deadlock.	2012-03-06 13:24:16 +00:00
Dr. Stephen Henson	a54ce007e6	PR: 2739 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Fix padding bugs in Heartbeat support.	2012-02-27 16:38:10 +00:00
Dr. Stephen Henson	f1fa05b407	ABI compliance fixes. Move new structure fields to end of structures. Import library codes from 1.0.0 and recreate new ones.	2012-02-22 14:01:44 +00:00
Dr. Stephen Henson	b935714237	typo	2012-02-17 17:31:32 +00:00
Dr. Stephen Henson	a8314df902	Fix bug in CVE-2011-4619: check we have really received a client hello before rejecting multiple SGC restarts.	2012-02-16 15:25:39 +00:00
Dr. Stephen Henson	d40abf1689	Submitted by: Eric Rescorla <ekr@rtfm.com> Further fixes for use_srtp extension.	2012-02-11 22:53:48 +00:00
Dr. Stephen Henson	c489ea7d01	PR: 2704 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Fix srp extension.	2012-02-10 20:08:49 +00:00
Dr. Stephen Henson	943cc09d8a	Submitted by: Eric Rescorla <ekr@rtfm.com> Fix encoding of use_srtp extension to be compliant with RFC5764	2012-02-10 00:03:37 +00:00
Dr. Stephen Henson	fc6800d19f	Modify client hello version when renegotiating to enhance interop with some servers.	2012-02-09 15:41:44 +00:00
Dr. Stephen Henson	adcea5a043	return error if md is NULL	2012-01-22 13:12:50 +00:00
Dr. Stephen Henson	2dc4b0dbe8	Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. Thanks to Antonio Martin, Enterprise Secure Access Research and Development, Cisco Systems, Inc. for discovering this bug and preparing a fix. (CVE-2012-0050)	2012-01-18 18:14:56 +00:00
Andy Polyakov	c8e0b5d7b6	1.0.1-specific OPNESSL vs. OPENSSL typo. PR: 2613 Submitted by: Leena Heino	2012-01-15 13:42:50 +00:00
Dr. Stephen Henson	285d9189c7	PR: 2652 Submitted by: Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se> OpenVMS fixes.	2012-01-05 14:30:08 +00:00
Bodo Möller	409d2a1b71	Fix for builds without DTLS support. Submitted by: Brian Carlstrom	2012-01-05 10:22:39 +00:00
Dr. Stephen Henson	e0b9678d7f	PR: 2671 Submitted by: steve Update maximum message size for certifiate verify messages to support 4096 bit RSA keys again as TLS v1.2 messages is two bytes longer.	2012-01-05 00:28:29 +00:00
Dr. Stephen Henson	166dea6ac8	Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Send fatal alert if heartbeat extension has an illegal value.	2012-01-05 00:23:31 +00:00
Dr. Stephen Henson	0044739ae5	Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>, Michael Tuexen <tuexen@fh-muenster.de> Reviewed by: steve Fix for DTLS plaintext recovery attack discovered by Nadhem Alfardan and Kenny Paterson.	2012-01-04 23:52:05 +00:00
Dr. Stephen Henson	4e44bd3650	Clear bytes used for block padding of SSL 3.0 records. (CVE-2011-4576)	2012-01-04 23:13:29 +00:00
Dr. Stephen Henson	aaa3850ccd	Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)	2012-01-04 23:07:54 +00:00
Dr. Stephen Henson	1cb4d65b87	Submitted by: Adam Langley <agl@chromium.org> Reviewed by: steve Fix memory leaks.	2012-01-04 14:25:28 +00:00
Dr. Stephen Henson	7b2dd292bc	only send heartbeat extension from server if client sent one	2012-01-03 22:03:07 +00:00
Dr. Stephen Henson	d9834ff24b	make update	2012-01-02 16:41:11 +00:00
Dr. Stephen Henson	bd6941cfaa	PR: 2658 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Support for TLS/DTLS heartbeats.	2011-12-31 23:00:36 +00:00
Dr. Stephen Henson	5c05f69450	make update	2011-12-27 14:38:27 +00:00
Dr. Stephen Henson	b300fb7734	PR: 1794 Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> Reviewed by: steve - remove some unncessary SSL_err and permit an srp user callback to allow a worker to obtain a user verifier. - cleanup and comments in s_server and demonstration for asynchronous srp user lookup	2011-12-27 14:23:22 +00:00
Dr. Stephen Henson	f89af47438	PR: 2326 Submitted by: Tianjie Mao <tjmao@tjmao.net> Reviewed by: steve Fix incorrect comma expressions and goto f_err as alert has been set.	2011-12-26 19:38:09 +00:00
Dr. Stephen Henson	e065e6cda2	PR: 2535 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Add SCTP support for DTLS (RFC 6083).	2011-12-25 14:45:40 +00:00
Dr. Stephen Henson	60553cc209	typo	2011-12-23 15:03:16 +00:00
Dr. Stephen Henson	2d4c9ab518	delete unimplemented function from header file, update ordinals	2011-12-23 14:10:35 +00:00
Dr. Stephen Henson	242f8d644c	remove prototype for deleted SRP function	2011-12-22 16:01:23 +00:00
Dr. Stephen Henson	f5575cd167	New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. New function to retrieve compression method from SSL_SESSION structure. Delete SSL_SESSION_get_id_len and SSL_SESSION_get0_id functions as they duplicate functionality of SSL_SESSION_get_id. Note: these functions have never appeared in any release version of OpenSSL.	2011-12-22 15:01:16 +00:00
Ben Laurie	dd0ddc3e78	Fix DTLS.	2011-12-20 15:05:03 +00:00

1 2 3 4 5 ...

1252 Commits