| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
Discussed with jsing
|
| |
|
|
|
|
| |
behavior.
ok jsing
|
| |
|
|
|
|
|
|
|
|
| |
incoming method if it is a client.
This addresses the case where TLS_method() is used to initialise a SSL_CTX,
then a TLS_client_method() is then set, resulting in TLSv1.2 being used
instead of TLSv1.3. This is observable in smtpd.
ok beck@
|
| |
|
|
|
|
|
|
| |
handshake function pointer.
Fixes an isssue found by jca@ with OpenVPN.
ok beck@ tb@
|
| |
|
|
|
|
| |
traffic retries when not yet encrypting.
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
| |
in OpenSSL's test suite.
|
| |
|
|
|
|
|
|
| |
in tls 1.3
Will be used in a follow on commit to enable tls1.3 client certificates
ok jsing@
|
| | |
|
| |
|
|
| |
Test vectors taken from OpenSSL 1.1.1d (under OpenSSL's old license).
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new IV is 128 bit long and is actually the 64 bit counter followed
by 64 the bit initialization vector. This is needed by an upcoming
change in OpenSSH and is a breaking change for all current callers.
There are language bindings for Node.js, Rust and Erlang, but none of
our ports use them.
Note that EVP_chacha20() was first introduced in LibreSSL on May 1, 2014
while the entirely incompatible version in OpenSSL was committed on
Dec 9, 2015.
Initial diff from djm and myself, further refinements by djm.
Ports grepping by sthen
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
| |
The libressl TLSv1.3 client and server currently lack client certificate
authentication support and this test expects all clients can auth with
all servers.
We can likely turn this back on in the near future.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
These make far too many assumptions about cipher suites - TLSv1.3 cipher
suites can only be used with TLSv1.3 and there is tests using TLSv1.3
cipher suites with TLSv1.2 will not work. Likewise, expecting TLSv1.2
cipher suites to work with TLSv1.3 is futile. Additionally, eopenssl11
lists TLSv1.3 cipher suites with different names to libressl.
Futher work will be necessary before this can be re-enabled.
|
| |
|
|
|
| |
This can potentially be improved by adding knowledge about which libraries
support which versions and handle differences between clients and servers.
|
| |
|
|
| |
This is now talking over TLSv1.3 and needs session support.
|
| |
|
|
|
|
| |
This code was correct, it was the entry in the table that was incorrect.
ok beck@
|
| |
|
|
|
|
|
| |
Issue noticed by kn@ when talking to a TLSv1.3 capable mail server, but
with smtpd capping max version to TLSv1.2.
ok beck@
|
| |
|
|
|
|
| |
and correct the message type for certificate request.
ok jsing@
|
| |
|
|
|
|
| |
support. Makes openssl s_client -msg work for handshake messages.
ok beck jsing
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
| |
messages.
TLSv1.3 messages that include extensions need a length prefixed field with
zero bytes, rather than no data at all.
ok beck@ tb@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
client hello.
Allow pre-TLSv1.3 alerts (including warnings) to be received before the
server hello message. Disallow pre-TLSv1.3 alerts as soon as we know that
we are using TLSv1.3.
Noticed by ajacoutot@ while connecting to www.openprinting.org.
ok tb@
|
| |
|
|
|
|
| |
from the server.
ok jsing@
|
| | |
|
| |
|
|
|
|
|
| |
The golden values have changed due to TLSv1.3 and will likely change more
in the near future. This will be updated and re-enabled when things settle.
Discussed with beck@
|
| |
|
|
| |
hello tests.
|
| |
|
|
| |
ok beck jsing
|
| |
|
|
| |
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
| |
This is needed for the TLSv1.3 server and will also be needed for client
certificate authentication. Note that we preserve on receive but before
recording the new handshake message, whereas we preserve on send after
recording the new handshake message.
ok tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
| |
echo it.
ok beck@ tb@
|
| |
|
|
|
|
|
| |
This adds code to perform key derivation and set the traffic keys once the
ServerHello message has been sent, enabling encrypted records.
ok beck@ tb@
|
| |
|
|
|
|
| |
This means that we actually try to process and use signature algorithms.
ok beck@ tb@
|
| |
|
|
|
|
|
| |
Mkaes `openssl ciphers -v` print au and kx values for TLSv1.3 cipher
suites.
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
| |
new retry conditions from the record layer all the way up to the
callers. Instead we catch them at the top of the record layer
and retry the operations, unless we actually got a retry indicated
from actual IO operations.
ok jsing@ tb@
|
| |
|
|
| |
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Correct the parsing of the client hello support versions extension. This
has one or more values, rather than just the single selected version.
Allocate an SSL_SESSION - this is unused currently, but is needed as
soon as we start parsing extensions.
Also, pull the cipher suites list off correctly - this is u16 prefixed,
not u8.
ok beck@
|
| |
|
|
|
|
| |
according to RFC8446.
ok jsing@
|
| |
|
|
|
|
|
|
|
| |
ssl_get_message is essentially a switch between ssl3_get_message and
dtls1_get_message, both only used by the legacy stack. Instead, use
SSL_IS_DTLS() in ssl3_get_message to call the DTLS function when
necessary.
ok beck@ inoguchi@ tb@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
| |
Currently, TLSv1.3 cipher suites are filtered out by the fact that
they have authentication and key exchange algorithms that are not
being set in ssl_set_cert_masks(). Fix this so that ssl3_choose_cipher()
works for TLSv1.3, however we also now need to ensure that we filter out
TLSv1.3 for non-TLSv1.3 and only select TLSv1.3 for TLSv1.3.
ok beck@ tb@
|
| |
|
|
| |
ok jsing@
|
