| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | LibreSSL 3.1.4 - Interoperability and bug fixes for the TLSv1.3 client: | tb | 2020-08-10 | 1 | -20/+21 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. This is errata/6.7/019_libssl.patch.sig | ||||
| * | Minor code improvements. | jsing | 2020-04-06 | 1 | -3/+3 |
| | | |||||
| * | Add tests that cover TLSv1.2 and disable those that trigger TLSv1.3. | jsing | 2020-04-06 | 1 | -3/+32 |
| | | | | | This allows the test to pass again. | ||||
| * | Zero the client random field in the TLSv1.2 golden value. | jsing | 2020-04-06 | 1 | -5/+5 |
| | | |||||
| * | Improve comparision with test data. | jsing | 2020-04-06 | 1 | -7/+9 |
| | | | | | | | First check the client random against the zeroed value, then zero the client random in the client hello, before comparing with the golden value. This makes failures more obvious and the test code more readable. | ||||
| * | Dump the test data when the lengths differ in order to aid debugging. | jsing | 2020-04-06 | 1 | -0/+3 |
| | | |||||
| * | Use errx() if we fail to build the client hello. | jsing | 2020-04-06 | 1 | -1/+1 |
| | | |||||
| * | Nuke trailing whitespace that is annoying before changing things in here | beck | 2019-11-26 | 1 | -6/+6 |
| | | |||||
| * | Remove SHA224 based sigalgs from use in TLS 1.2 as SHA224 is deprecated. | beck | 2019-01-24 | 1 | -13/+11 |
| | | | | | | Remove GOST based sigalgs from TLS 1.2 since they don't work with TLS 1.2. ok jsing@ | ||||
| * | Modify sigalgs extension processing to accomodate TLS 1.3. | beck | 2019-01-23 | 1 | -15/+16 |
| | | | | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@ | ||||
| * | revert previous, accidentally contained another diff in addition | beck | 2019-01-23 | 1 | -16/+15 |
| | | | | | to the one I intended to commit | ||||
| * | Modify sigalgs extension processing for TLS 1.3. | beck | 2019-01-23 | 1 | -15/+16 |
| | | | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@ | ||||
| * | Update regress for DES cipher suite removal. | jsing | 2018-06-02 | 1 | -46/+40 |
| | | |||||
| * | Zero the client random so that it is easier to spot unintended differences. | jsing | 2018-06-02 | 1 | -0/+1 |
| | | |||||
| * | Update due to removal of original chacha20-poly1305 cipher suites. | jsing | 2017-08-28 | 1 | -42/+39 |
| | | |||||
| * | Update the TLSv1.2 Client Hello messages, due to the removal of DSA | jsing | 2017-08-12 | 1 | -20/+18 |
| | | | | | sigalgs. | ||||
| * | Revise cipher suites in regress to match DSS cipher suite removal. | jsing | 2017-05-07 | 1 | -96/+82 |
| | | |||||
| * | Update client tests for changes in default EC formats/curves. | jsing | 2017-01-24 | 1 | -52/+31 |
| | | |||||
| * | Update regress for ECDHE with X25519. | jsing | 2016-12-21 | 1 | -41/+41 |
| | | |||||
| * | Update regress for IDEA cipher suite removal. | jsing | 2016-11-06 | 1 | -83/+83 |
| | | |||||
| * | Update client hello messages to follow the removal of fixed ECDH. | jsing | 2016-10-19 | 1 | -89/+65 |
| | | |||||
| * | Update regress test to reflect changes in the cipher list. | jsing | 2016-04-28 | 1 | -61/+62 |
| | | |||||
| * | Revise regression test so that it works correctly with AES taking priority | jsing | 2015-09-13 | 1 | -34/+191 |
| | | | | | if hardware acceleration is available. | ||||
| * | Add an initial TLS client regress, which currently covers ClientHello | jsing | 2015-09-01 | 2 | -0/+367 |
| message generation. | |||||
 |
index : openbsd | |
| A mirror of https://github.com/libressl/openbsd.git |
| summaryrefslogtreecommitdiff |