generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Dr. Stephen Henson 09599b52d4 Auto DH support. 
Add auto DH parameter support. This is roughly equivalent to the
ECDH auto curve selection but for DH. An application can just call

SSL_CTX_set_auto_dh(ctx, 1);

and appropriate DH parameters will be used based on the size of the
server key.

Unlike ECDH there is no way a peer can indicate the range of DH parameters
it supports. Some peers cannot handle DH keys larger that 1024 bits for
example. In this case if you call:

SSL_CTX_set_auto_dh(ctx, 2);

Only 1024 bit DH parameters will be used.

If the server key is 7680 bits or more in size then 8192 bit DH parameters
will be used: these will be *very* slow.

The old export ciphersuites aren't supported but those are very
insecure anyway.
2014-03-28 14:49:04 +00:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
OPENSSL_NO_SOCK fixes.
2012-04-16 17:42:36 +00:00
d1_both.c
Fix DTLS retransmission from previous session.
2013-12-20 23:46:16 +00:00
d1_clnt.c
DTLS/SCTP Finished Auth Bug
2013-11-01 21:41:52 +00:00
d1_enc.c
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
d1_lib.c
bss_dgram.c,d1_lib.c: make it compile with mingw.
2014-03-06 14:04:56 +01:00
d1_meth.c
Dual DTLS version methods.
2013-04-09 14:02:48 +01:00
d1_pkt.c
DTLS version usage fixes.
2013-09-17 18:55:41 +01:00
d1_srtp.c
Submitted by: Eric Rescorla <ekr@rtfm.com>
2012-02-11 22:53:31 +00:00
d1_srvr.c
use SSL_kDHE throughout instead of SSL_kEDH
2014-01-09 15:43:28 +00:00
dtls1.h
Dual DTLS version methods.
2013-04-09 14:02:48 +01:00
install-ssl.com
Install srtp.h
2012-07-05 13:20:19 +00:00
kssl_lcl.h
Merge from 1.0.0-stable branch.
2009-04-23 16:32:42 +00:00
kssl.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
kssl.h
Fix for WIN32 builds with KRB5
2014-02-26 15:33:11 +00:00
Makefile
make depend
2014-02-20 18:48:56 +00:00
s2_clnt.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
s2_enc.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
s2_lib.c
Add ctrl and utility functions to retrieve raw cipher list sent by client in
2012-09-12 13:57:48 +00:00
s2_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s2_pkt.c
Add and use a constant-time memcmp.
2013-02-06 14:16:55 +00:00
s2_srvr.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
s3_both.c
Add fix for CVE-2013-4353
2014-01-07 15:39:21 +00:00
s3_cbc.c
misspellings fixes by https://github.com/vlajos/misspell_fixer
2013-09-05 21:39:42 +01:00
s3_clnt.c
fix WIN32 warnings
2014-02-20 22:55:24 +00:00
s3_enc.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
s3_lib.c
Auto DH support.
2014-03-28 14:49:04 +00:00
s3_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s3_pkt.c
ssl/s3_pkt.c: detect RAND_bytes error in multi-block.
2014-02-14 17:43:31 +01:00
s3_srvr.c
Auto DH support.
2014-03-28 14:49:04 +00:00
s23_clnt.c
Re-add alert variables removed during rebase
2014-02-05 18:25:46 +00:00
s23_lib.c
Fix warnings.
2010-06-12 14:13:23 +00:00
s23_meth.c
Initial incomplete TLS v1.2 support. New ciphersuites added, new version
2011-04-29 22:56:51 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
Add three Suite B modes to TLS code, supporting RFC6460.
2012-08-15 15:15:05 +00:00
srtp.h
move internal functions to ssl_locl.h
2011-11-21 22:52:13 +00:00
ssl2.h
Initial "opaque SSL" framework. If an application defines
2011-04-29 22:37:12 +00:00
ssl3.h
Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert.
2014-02-05 18:25:46 +00:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
Add AES-SHA256 stitch.
2013-05-13 22:49:58 +02:00
ssl_asn1.c
Version skew reduction: trivia (I hope).
2012-06-03 22:00:21 +00:00
ssl_cert.c
Auto DH support.
2014-03-28 14:49:04 +00:00
ssl_ciph.c
Add function to free compression methods.
2014-03-01 23:15:25 +00:00
ssl_conf.c
Add -no_resumption_on_reneg to SSL_CONF.
2014-03-27 16:12:40 +00:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
Sync error codes with 1.0.2-stable
2013-11-06 14:18:41 +00:00
ssl_lib.c
Auto DH support.
2014-03-28 14:49:04 +00:00
ssl_locl.h
Auto DH support.
2014-03-28 14:49:04 +00:00
ssl_rsa.c
Fix whitespace, new-style comments.
2014-02-05 18:25:46 +00:00
ssl_sess.c
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
2013-09-06 13:59:13 +01:00
ssl_stat.c
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
2013-09-06 13:59:13 +01:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Experimental encrypt-then-mac support.
2013-09-08 13:14:03 +01:00
ssl-lib.com
Add d1_srtp and t1_trce.
2012-07-05 13:20:02 +00:00
ssl.h
Auto DH support.
2014-03-28 14:49:04 +00:00
ssltest.c
Don't break out of the custom extension callback loop - continue instead
2014-02-05 18:25:47 +00:00
t1_clnt.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_enc.c
ssl/t1_enc.c: check EVP_MD_CTX_copy return value.
2014-02-25 22:21:54 +01:00
t1_lib.c
Auto DH support.
2014-03-28 14:49:04 +00:00
t1_meth.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 22:58:55 +00:00
t1_srvr.c
Use appropriate versions of SSL3_ENC_METHOD
2013-03-18 14:53:59 +00:00
t1_trce.c
use SSL_kDHE throughout instead of SSL_kEDH
2014-01-09 15:43:28 +00:00
tls1.h
Updating DTCP authorization type to expected value
2014-02-05 18:25:46 +00:00
tls_srp.c
PR: 1794
2011-12-14 22:17:06 +00:00