| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Remove SHA224 based sigalgs from use in TLS 1.2 as SHA224 is deprecated. | beck | 2019-01-24 | 1 | -6/+1 |
| | | | | | | Remove GOST based sigalgs from TLS 1.2 since they don't work with TLS 1.2. ok jsing@ | ||||
| * | Correct ECDSA_SECP512R1 typo to ECDSA_SECP521R1 | beck | 2019-01-23 | 1 | -4/+4 |
| | | | | | spotted by naddy@ | ||||
| * | Modify sigalgs extension processing to accomodate TLS 1.3. | beck | 2019-01-23 | 1 | -2/+19 |
| | | | | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@ | ||||
| * | revert previous, accidentally contained another diff in addition | beck | 2019-01-23 | 1 | -19/+2 |
| | | | | | to the one I intended to commit | ||||
| * | Modify sigalgs extension processing for TLS 1.3. | beck | 2019-01-23 | 1 | -2/+19 |
| | | | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@ | ||||
| * | Unbreak legacy ciphers for prior to 1.1 by setting having a legacy | beck | 2018-11-16 | 1 | -3/+12 |
| | | | | | | sigalg for MD5_SHA1 and using it as the non sigalgs default ok jsing@ | ||||
| * | In TLS1.2 we use evp_sha1 if we fall back this far, not evp_md5_sha1 as in 1.1 | beck | 2018-11-14 | 1 | -2/+2 |
| | | | | | Makes connections to outlook.office365.com work | ||||
| * | Temporary workaround for breakage seen in www.videolan.org with curve mismatch | beck | 2018-11-13 | 1 | -3/+4 |
| | | |||||
| * | Fix pkey_ok to be less strange, and add cuve checks required for the EC ones | beck | 2018-11-13 | 1 | -9/+26 |
| | | | | | ok tb@ | ||||
| * | Add check function to verify that pkey is usable with a sigalg. | beck | 2018-11-11 | 1 | -1/+17 |
| | | | | | | Include check for appropriate RSA key size when used with PSS. ok tb@ | ||||
| * | Convert signatures and verifcation to use the EVP_DigestXXX api | beck | 2018-11-11 | 1 | -3/+1 |
| | | | | | | | to allow for adding PSS, Nuke the now unneejded guard around the PSS algorithms in the sigalgs table ok jsing@ tb@ | ||||
| * | Remove dead code | beck | 2018-11-10 | 1 | -14/+1 |
| | | | | | ok jsing@ | ||||
| * | Stop keeping track of sigalgs by guessing it from digest and pkey, | beck | 2018-11-10 | 1 | -16/+5 |
| | | | | | | | just keep the sigalg around so we can remember what we actually decided to use. ok jsing@ | ||||
| * | Ensure we only choose sigalgs from our prefernce list, not the whole list | beck | 2018-11-09 | 1 | -4/+11 |
| | | | | | ok jsing@ | ||||
| * | Add the ability to have a separate priority list for sigalgs. | beck | 2018-11-09 | 1 | -6/+34 |
| | | | | | | Add a priority list for tls 1.2 ok jsing@ | ||||
| * | Reimplement the sigalgs processing code into a new implementation | beck | 2018-11-09 | 1 | -0/+218 |
| that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@ | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |