openssl/ssl at de57d2372985d2640ae82f7954bf9dc07caf2f09 - openssl - Atria-soft GIT

generic-library/openssl

History

Emilia Kasper de57d23729 Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).

Also reorder preferences to prefer prime curves to binary curves, and P-256 to everything else.

The result:

$ openssl s_server -named_curves "auto"

This command will negotiate an ECDHE ciphersuite with P-256:

$ openssl s_client

This command will negotiate P-384:

$ openssl s_client -curves "P-384"

This command will not negotiate ECDHE because P-224 is disabled with "auto":

$ openssl s_client -curves "P-224"

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

2015-05-20 15:47:51 +02:00

..

Updates following review comments

2015-05-16 09:20:52 +01:00

bio_ssl.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

d1_both.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

d1_clnt.c

Remove Kerberos support from libssl

2015-05-13 15:07:57 +01:00

d1_lib.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

d1_meth.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

d1_msg.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

d1_srtp.c

Use p==NULL not !p (in if statements, mainly)

2015-05-11 10:06:38 -04:00

d1_srvr.c

Remove Kerberos support from libssl

2015-05-13 15:07:57 +01:00

install-ssl.com

Updates following review comments

2015-05-16 09:20:52 +01:00

Makefile

Further version negotiation updates

2015-05-16 09:21:07 +01:00

s3_both.c

Updates following review comments

2015-05-16 09:20:52 +01:00

s3_cbc.c

Identify and move OpenSSL internal header files

2015-05-14 15:13:49 +02:00

s3_clnt.c

move masks out of CERT structure

2015-05-19 14:05:29 +01:00

s3_enc.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

s3_lib.c

move masks out of CERT structure

2015-05-19 14:05:29 +01:00

s3_msg.c

Introduce the functions RECORD_LAYER_release, RECORD_LAYER_read_pending, and

2015-03-26 15:01:59 +00:00

s3_srvr.c

CERT tidy

2015-05-18 18:49:13 +01:00

ssl_algs.c

Fix missing return value checks

2015-03-23 15:23:11 +00:00

ssl_asn1.c

Remove Kerberos support from libssl

2015-05-13 15:07:57 +01:00

ssl_cert.c

move masks out of CERT structure

2015-05-19 14:05:29 +01:00

ssl_ciph.c

Remove Kerberos support from libssl

2015-05-13 15:07:57 +01:00

ssl_conf.c

Add SSL_use_certificate_chain_file function

2015-05-08 18:43:44 +01:00

ssl_err2.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

ssl_err.c

Updates following review comments

2015-05-16 09:20:52 +01:00

ssl_lib.c

move masks out of CERT structure

2015-05-19 14:05:29 +01:00

ssl_locl.h

move masks out of CERT structure

2015-05-19 14:05:29 +01:00

ssl_rsa.c

move masks out of CERT structure

2015-05-19 14:05:29 +01:00

ssl_sess.c

Remove Kerberos support from libssl

2015-05-13 15:07:57 +01:00

ssl_stat.c

Version negotiation rewrite cleanup

2015-05-16 09:20:38 +01:00

ssl_txt.c

Remove Kerberos support from libssl

2015-05-13 15:07:57 +01:00

ssl_utst.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

ssl-lib.com

Move SSLv3_*method() functions

2015-05-16 09:20:58 +01:00

t1_clnt.c

Move SSLv3_*method() functions

2015-05-16 09:20:58 +01:00

t1_enc.c

Remove Kerberos support from libssl

2015-05-13 15:07:57 +01:00

t1_ext.c

memset, memcpy, sizeof consistency fixes

2015-05-05 22:18:59 -04:00

t1_lib.c

Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).

2015-05-20 15:47:51 +02:00

t1_meth.c

Move SSLv3_*method() functions

2015-05-16 09:20:58 +01:00

t1_reneg.c

Run util/openssl-format-source -v -c .

2015-01-22 09:20:09 +00:00

t1_srvr.c

Move SSLv3_*method() functions

2015-05-16 09:20:58 +01:00

t1_trce.c

Remove Kerberos support from libssl

2015-05-13 15:07:57 +01:00

tls_srp.c

Use #error in openssl/srp.h

2015-05-15 08:16:21 -04:00