openssl

Author	SHA1	Message	Date
Todd Short	db0f35dda1	Fix #2400 Add NO_RENEGOTIATE option Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3432)	2017-06-06 22:39:41 +01:00
Matt Caswell	aafec89c63	Add a ciphersuite config sanity check for clients Ensure that there are ciphersuites enabled for the maximum supported version we are claiming in the ClientHello. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3316)	2017-04-26 14:31:00 +01:00
Matt Caswell	cc22cd546b	Provide a test for the Encrypt-Then-Mac renegotiation crash In 1.1.0 changing the ciphersuite during a renegotiation can result in a crash leading to a DoS attack. In master this does not occur with TLS (instead you get an internal error, which is still wrong but not a security issue) - but the problem still exists in the DTLS code. This commit provides a test for the issue. CVE-2017-3733 Reviewed-by: Richard Levitte <levitte@openssl.org>	2017-02-16 09:35:56 +00:00
Matt Caswell	dff70a2b73	Extend the test_ssl_new renegotiation tests to include client auth Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1982)	2017-01-23 14:04:44 +00:00
Matt Caswell	cd99883755	Add server side support for supported_versions extension Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-11-09 16:03:08 +00:00
Matt Caswell	fe7dd55341	Extend the renegotiation tests Add the ability to test both server initiated and client initiated reneg. Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-09-28 09:15:07 +01:00
Matt Caswell	e42c4544c8	Add support for testing renegotiation Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-09-28 09:15:07 +01:00

7 commits