Dr. Stephen Henson
5e1ff664f9
Don't use RSA+MD5 with TLS 1.2
...
Since the TLS 1.2 supported signature algorithms extension is less
sophisticaed in OpenSSL 1.0.1 this has to be done in two stages.
RSA+MD5 is removed from supported signature algorithms extension:
any compliant implementation should never use RSA+MD5 as a result.
To cover the case of a broken implementation using RSA+MD5 anyway
disable lookup of MD5 algorithm in TLS 1.2.
2013-10-20 12:23:27 +01:00
Rob Stradling
c9a6ddafc5
Tidy up comments.
2013-09-16 15:07:52 +01:00
Rob Stradling
f4a51970d2
Use TLS version supplied by client when fingerprinting Safari.
2013-09-16 15:07:52 +01:00
Rob Stradling
4b61f6d2a6
Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
...
OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
2013-09-16 15:07:51 +01:00
Andy Polyakov
0898147090
ssl/*: fix linking errors with no-srtp.
2013-02-09 19:52:07 +01:00
Ben Laurie
496681cd51
Remove extraneous brackets (clang doesn't like them).
2013-02-07 16:17:43 -08:00
Ben Laurie
2ee798880a
Add and use a constant-time memcmp.
...
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
2013-01-28 17:30:38 +00:00
Dr. Stephen Henson
7c3562947a
reject zero length point format list or supported curves extensions
2012-11-22 14:15:25 +00:00
Dr. Stephen Henson
353e845120
Minor enhancement to PR#2836 fix. Instead of modifying SSL_get_certificate
...
change the current certificate (in s->cert->key) to the one used and then
SSL_get_certificate and SSL_get_privatekey will automatically work.
Note for 1.0.1 and earlier also includes backport of the function
ssl_get_server_send_pkey.
2012-09-21 14:01:59 +00:00
Ben Laurie
70d91d60bc
Call OCSP Stapling callback after ciphersuite has been chosen, so the
...
right response is stapled. Also change SSL_get_certificate() so it
returns the certificate actually sent.
See http://rt.openssl.org/Ticket/Display.html?id=2836 .
2012-09-17 14:39:38 +00:00
Dr. Stephen Henson
c64c0e03d3
don't use pseudo digests for default values of keys
2012-06-27 14:11:40 +00:00
Dr. Stephen Henson
78c5d2a9bb
use client version when deciding whether to send supported signature algorithms extension
2012-03-21 21:32:57 +00:00
Dr. Stephen Henson
a54ce007e6
PR: 2739
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix padding bugs in Heartbeat support.
2012-02-27 16:38:10 +00:00
Dr. Stephen Henson
b935714237
typo
2012-02-17 17:31:32 +00:00
Dr. Stephen Henson
c489ea7d01
PR: 2704
...
Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr>
Fix srp extension.
2012-02-10 20:08:49 +00:00
Dr. Stephen Henson
adcea5a043
return error if md is NULL
2012-01-22 13:12:50 +00:00
Dr. Stephen Henson
166dea6ac8
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
...
Reviewed by: steve
Send fatal alert if heartbeat extension has an illegal value.
2012-01-05 00:23:31 +00:00
Dr. Stephen Henson
1cb4d65b87
Submitted by: Adam Langley <agl@chromium.org>
...
Reviewed by: steve
Fix memory leaks.
2012-01-04 14:25:28 +00:00
Dr. Stephen Henson
7b2dd292bc
only send heartbeat extension from server if client sent one
2012-01-03 22:03:07 +00:00
Dr. Stephen Henson
bd6941cfaa
PR: 2658
...
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve
Support for TLS/DTLS heartbeats.
2011-12-31 23:00:36 +00:00
Dr. Stephen Henson
7454cba4fa
fix error discrepancy
2011-12-07 12:28:50 +00:00
Ben Laurie
8cd897a42c
Don't send NPN during renegotiation.
2011-11-24 18:22:06 +00:00
Ben Laurie
b1d7429186
Add TLS exporter.
2011-11-15 23:51:22 +00:00
Ben Laurie
060a38a2c0
Add DTLS-SRTP.
2011-11-15 23:02:16 +00:00
Ben Laurie
68b33cc5c7
Add Next Protocol Negotiation.
2011-11-13 21:55:42 +00:00
Bodo Möller
3c3f025923
Fix session handling.
2011-09-05 13:36:55 +00:00
Dr. Stephen Henson
9ddc574f9a
typo
2011-06-01 11:10:50 +00:00
Dr. Stephen Henson
55a47cd30f
Output supported curves in preference order instead of numerically.
2011-05-30 17:58:29 +00:00
Dr. Stephen Henson
9c34782478
Don't advertise or use MD5 for TLS v1.2 in FIPS mode
2011-05-25 15:33:29 +00:00
Dr. Stephen Henson
277f8a34f4
use TLS1_get_version macro to check version so TLS v1.2 changes don't interfere with DTLS
2011-05-25 11:43:17 +00:00
Dr. Stephen Henson
4dde470865
Add tls12_sigalgs which somehow didn't get added to the backport.
2011-05-21 17:40:23 +00:00
Dr. Stephen Henson
b81fde02aa
Add server client certificate support for TLS v1.2 . This is more complex
...
than client side as we need to keep the handshake record cache frozen when
it contains all the records need to process the certificate verify message.
(backport from HEAD).
2011-05-20 14:58:45 +00:00
Dr. Stephen Henson
376838a606
Process signature algorithms during TLS v1.2 client authentication.
...
Make sure message is long enough for signature algorithms.
(backport from HEAD).
2011-05-12 17:44:59 +00:00
Dr. Stephen Henson
9472baae0d
Backport TLS v1.2 support from HEAD.
...
This includes TLS v1.2 server and client support but at present
client certificate support is not implemented.
2011-05-11 13:37:52 +00:00
Ben Laurie
a149b2466e
Add SRP.
2011-03-16 11:26:40 +00:00
Bodo Möller
8c93c4dd42
OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)
...
Submitted by: Neel Mehta, Adam Langley, Bodo Moeller
2011-02-08 17:48:41 +00:00
Dr. Stephen Henson
6c36ca4628
PR: 2240
...
Submitted by: Jack Lloyd <lloyd@randombit.net>, "Mounir IDRASSI" <mounir.idrassi@idrix.net>, steve
Reviewed by: steve
As required by RFC4492 an absent supported points format by a server is
not an error: it should be treated as equivalent to an extension only
containing uncompressed.
2010-11-25 12:27:39 +00:00
Dr. Stephen Henson
9c61c57896
using_ecc doesn't just apply to TLSv1
2010-11-25 11:51:46 +00:00
Dr. Stephen Henson
6e21ce592e
fix CVE-2010-3864
2010-11-17 17:36:29 +00:00
Dr. Stephen Henson
36778eb231
PR: 1833
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix other cases not covered by original patch. (correct patch this time!)
2010-08-27 12:12:07 +00:00
Dr. Stephen Henson
c6dd154b3e
oops, revert previous patch
2010-08-27 12:10:12 +00:00
Dr. Stephen Henson
35cae95032
PR: 1833
...
Submitted By: Robin Seggelmann <seggelmann@fh-muenster.de>
Fix other cases not covered by original patch.
2010-08-27 11:57:42 +00:00
Dr. Stephen Henson
b4b15f68c0
Backport TLS v1.1 support from HEAD, ssl/ changes
2010-06-27 14:22:11 +00:00
Dr. Stephen Henson
e97359435e
Fix warnings (From HEAD, original patch by Ben).
2010-06-15 17:25:15 +00:00
Dr. Stephen Henson
989238802a
Allow renegotiation if SSL_OP_LEGACY_SERVER_CONNECT is set as well as
...
initial connection to unpatched servers. There are no additional security
concerns in doing this as clients don't see renegotiation during an
attack anyway.
2010-02-17 18:38:10 +00:00
Dr. Stephen Henson
73ff97ad76
Simplify RI+SCSV logic:
...
1. Send SCSV is not renegotiating, never empty RI.
2. Send RI if renegotiating.
2010-01-07 19:05:03 +00:00
Dr. Stephen Henson
54bc369ad7
Alert to use is now defined in spec: update code
2009-12-17 15:42:43 +00:00
Dr. Stephen Henson
675564835c
New option to enable/disable connection to unpatched servers
2009-12-16 20:28:30 +00:00
Dr. Stephen Henson
2456cd58c4
Allow initial connection (but no renegoriation) to servers which don't support
...
RI.
Reorganise RI checking code and handle some missing cases.
2009-12-14 13:55:39 +00:00
Dr. Stephen Henson
10f99d7b77
Add support for magic cipher suite value (MCSV). Make secure renegotiation
...
work in SSLv3: initial handshake has no extensions but includes MCSV, if
server indicates RI support then renegotiation handshakes include RI.
NB: current MCSV value is bogus for testing only, will be updated when we
have an official value.
Change mismatch alerts to handshake_failure as required by spec.
Also have some debugging fprintfs so we can clearly see what is going on
if OPENSSL_RI_DEBUG is set.
2009-12-08 13:15:12 +00:00