generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Dr. Stephen Henson 3495842bb0 Prevent use of RSA+MD5 in TLS 1.2 by default. 
Removing RSA+MD5 from the default signature algorithm list
prevents its use by default.

If a broken implementation attempts to use RSA+MD5 anyway the sanity
checking of signature algorithms will cause a fatal alert.
(cherry picked from commit 77a0f740d00ecf8f6b01c0685a2f858c3f65a3dd)
2013-10-20 22:07:33 +01:00
..
.cvsignore
Add emacs cache files to .cvsignore.
2005-04-11 14:17:07 +00:00
bio_ssl.c
OPENSSL_NO_SOCK fixes [from HEAD].
2012-04-16 17:43:02 +00:00
d1_both.c
Enable TLS 1.2 ciphers in DTLS 1.2.
2013-09-18 13:46:02 +01:00
d1_clnt.c
Dual DTLS version methods.
2013-09-18 13:46:02 +01:00
d1_enc.c
Update DTLS code to match CBC decoding in TLS.
2013-02-06 13:56:13 +00:00
d1_lib.c
Dual DTLS version methods.
2013-09-18 13:46:02 +01:00
d1_meth.c
Dual DTLS version methods.
2013-09-18 13:46:02 +01:00
d1_pkt.c
DTLS version usage fixes.
2013-09-18 13:47:05 +01:00
d1_srtp.c
Submitted by: Eric Rescorla <ekr@rtfm.com>
2012-02-11 22:53:48 +00:00
d1_srvr.c
Suite B support for DTLS 1.2
2013-09-18 13:46:03 +01:00
dnssec.c
Header needed for SOCK_STREAM on FreeBSD.
2013-06-04 16:27:05 +01:00
dtls1.h
Dual DTLS version methods.
2013-09-18 13:46:02 +01:00
install-ssl.com
Don't forget to install srtp.h as well
2012-05-10 15:01:26 +00:00
kssl_lcl.h
Some fixes for kerberos builds.
2009-04-21 22:20:12 +00:00
kssl.c
make kerberos work with OPENSSL_NO_SSL_INTERN
2011-05-11 22:52:34 +00:00
kssl.h
make kerberos work with OPENSSL_NO_SSL_INTERN
2011-05-11 22:52:34 +00:00
Makefile
RFC6689 support: add missing commit (git noob alert).
2013-05-15 20:41:51 +02:00
s2_clnt.c
Add and use a constant-time memcmp.
2013-02-06 13:56:12 +00:00
s2_enc.c
Update ssl library to support EVP_PKEY MAC API. Include generic MAC support.
2007-06-04 17:04:40 +00:00
s2_lib.c
Add ctrl and utility functions to retrieve raw cipher list sent by client in
2012-12-26 16:25:06 +00:00
s2_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s2_pkt.c
Add and use a constant-time memcmp.
2013-02-06 13:56:12 +00:00
s2_srvr.c
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00
s3_both.c
DTLS revision.
2013-09-18 13:46:02 +01:00
s3_cbc.c
Use enc_flags when deciding protocol variations.
2013-09-18 13:46:02 +01:00
s3_clnt.c
DTLS version usage fixes.
2013-09-18 13:47:05 +01:00
s3_enc.c
ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility.
2013-02-06 13:56:15 +00:00
s3_lib.c
Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpn
2013-10-01 12:20:02 +01:00
s3_meth.c
Type-checked (and modern C compliant) OBJ_bsearch.
2008-10-12 14:32:47 +00:00
s3_pkt.c
Use enc_flags when deciding protocol variations.
2013-09-18 13:46:02 +01:00
s3_srvr.c
Suite B support for DTLS 1.2
2013-09-18 13:46:03 +01:00
s23_clnt.c
Various custom extension fixes.
2013-09-16 18:40:53 +01:00
s23_lib.c
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
s23_meth.c
Backport TLS v1.2 support from HEAD.
2011-05-11 13:37:52 +00:00
s23_pkt.c
Reorder inclusion of header files:
2002-07-10 07:01:54 +00:00
s23_srvr.c
Add three Suite B modes to TLS code, supporting RFC6460.
2012-12-26 16:17:40 +00:00
srtp.h
move internal functions to ssl_locl.h
2011-11-21 22:52:01 +00:00
ssl2.h
Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN
2011-05-11 12:56:38 +00:00
ssl3.h
Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpn
2013-10-01 12:20:02 +01:00
ssl23.h
Import of old SSLeay release: SSLeay 0.9.0b
1998-12-21 10:56:39 +00:00
ssl_algs.c
e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues.
2013-02-06 13:56:15 +00:00
ssl_asn1.c
Use correct tag for SRP username.
2011-10-25 12:52:47 +00:00
ssl_cert.c
Cosmetic touchups.
2013-07-31 16:38:43 +01:00
ssl_ciph.c
Suite B support for DTLS 1.2
2013-09-18 13:46:03 +01:00
ssl_conf.c
Make no-ec compilation work.
2013-08-19 14:13:38 +01:00
ssl_err2.c
Use new-style system-id macros everywhere possible. I hope I haven't
2001-02-20 08:13:47 +00:00
ssl_err.c
Show useful errors.
2013-09-24 23:13:22 +01:00
ssl_lib.c
Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpn
2013-10-01 12:20:02 +01:00
ssl_locl.h
Suite B support for DTLS 1.2
2013-09-18 13:46:03 +01:00
ssl_rsa.c
Show useful errors.
2013-09-24 23:13:22 +01:00
ssl_sess.c
Provisional DTLS 1.2 support.
2013-09-18 13:46:02 +01:00
ssl_stat.c
PR: 1794
2011-11-25 00:18:10 +00:00
ssl_task.c
Security fixes brought forward from 0.9.7.
2002-11-13 15:43:43 +00:00
ssl_txt.c
Provisional DTLS 1.2 support.
2013-09-18 13:46:02 +01:00
ssl-lib.com
PR: 2652
2012-01-05 14:30:08 +00:00
ssl.h
Merge remote-tracking branch 'agl/1.0.2alpn' into agl-alpn
2013-10-01 12:20:02 +01:00
ssltest.c
Add tests for ALPN functionality.
2013-09-13 11:27:26 -04:00
t1_clnt.c
Use appropriate versions of SSL3_ENC_METHOD
2013-09-18 13:46:02 +01:00
t1_enc.c
Enable TLS 1.2 ciphers in DTLS 1.2.
2013-09-18 13:46:02 +01:00
t1_lib.c
Prevent use of RSA+MD5 in TLS 1.2 by default.
2013-10-20 22:07:33 +01:00
t1_meth.c
Use appropriate versions of SSL3_ENC_METHOD
2013-09-18 13:46:02 +01:00
t1_reneg.c
Update RI to match latest spec.
2009-12-27 22:59:09 +00:00
t1_srvr.c
Use appropriate versions of SSL3_ENC_METHOD
2013-09-18 13:46:02 +01:00
t1_trce.c
DTLS trace support.
2013-09-18 13:46:03 +01:00
tls1.h
Support ALPN.
2013-09-13 11:27:22 -04:00
tls_srp.c
Reduce version skew: trivia (I hope).
2012-06-03 22:03:37 +00:00