wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Dr. Stephen Henson 09599b52d4 Auto DH support. 
Add auto DH parameter support. This is roughly equivalent to the
ECDH auto curve selection but for DH. An application can just call

SSL_CTX_set_auto_dh(ctx, 1);

and appropriate DH parameters will be used based on the size of the
server key.

Unlike ECDH there is no way a peer can indicate the range of DH parameters
it supports. Some peers cannot handle DH keys larger that 1024 bits for
example. In this case if you call:

SSL_CTX_set_auto_dh(ctx, 2);

Only 1024 bit DH parameters will be used.

If the server key is 7680 bits or more in size then 8192 bit DH parameters
will be used: these will be *very* slow.

The old export ciphersuites aren't supported but those are very
insecure anyway.
2014-03-28 14:49:04 +00:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes. 2012-04-16 17:42:36 +00:00
d1_both.c Fix DTLS retransmission from previous session. 2013-12-20 23:46:16 +00:00
d1_clnt.c DTLS/SCTP Finished Auth Bug 2013-11-01 21:41:52 +00:00
d1_enc.c misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
d1_lib.c bss_dgram.c,d1_lib.c: make it compile with mingw. 2014-03-06 14:04:56 +01:00
d1_meth.c Dual DTLS version methods. 2013-04-09 14:02:48 +01:00
d1_pkt.c DTLS version usage fixes. 2013-09-17 18:55:41 +01:00
d1_srtp.c Submitted by: Eric Rescorla <ekr@rtfm.com> 2012-02-11 22:53:31 +00:00
d1_srvr.c use SSL_kDHE throughout instead of SSL_kEDH 2014-01-09 15:43:28 +00:00
dtls1.h Dual DTLS version methods. 2013-04-09 14:02:48 +01:00
install-ssl.com Install srtp.h 2012-07-05 13:20:19 +00:00
kssl.c Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
kssl.h Fix for WIN32 builds with KRB5 2014-02-26 15:33:11 +00:00
kssl_lcl.h Merge from 1.0.0-stable branch. 2009-04-23 16:32:42 +00:00
Makefile make depend 2014-02-20 18:48:56 +00:00
s2_clnt.c Experimental encrypt-then-mac support. 2013-09-08 13:14:03 +01:00
s2_enc.c Experimental encrypt-then-mac support. 2013-09-08 13:14:03 +01:00
s2_lib.c Add ctrl and utility functions to retrieve raw cipher list sent by client in 2012-09-12 13:57:48 +00:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Add and use a constant-time memcmp. 2013-02-06 14:16:55 +00:00
s2_srvr.c Experimental encrypt-then-mac support. 2013-09-08 13:14:03 +01:00
s3_both.c Add fix for CVE-2013-4353 2014-01-07 15:39:21 +00:00
s3_cbc.c misspellings fixes by https://github.com/vlajos/misspell_fixer 2013-09-05 21:39:42 +01:00
s3_clnt.c fix WIN32 warnings 2014-02-20 22:55:24 +00:00
s3_enc.c Experimental encrypt-then-mac support. 2013-09-08 13:14:03 +01:00
s3_lib.c Auto DH support. 2014-03-28 14:49:04 +00:00
s3_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s3_pkt.c ssl/s3_pkt.c: detect RAND_bytes error in multi-block. 2014-02-14 17:43:31 +01:00
s3_srvr.c Auto DH support. 2014-03-28 14:49:04 +00:00
s23_clnt.c Re-add alert variables removed during rebase 2014-02-05 18:25:46 +00:00
s23_lib.c Fix warnings. 2010-06-12 14:13:23 +00:00
s23_meth.c Initial incomplete TLS v1.2 support. New ciphersuites added, new version 2011-04-29 22:56:51 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c Add three Suite B modes to TLS code, supporting RFC6460. 2012-08-15 15:15:05 +00:00
srtp.h move internal functions to ssl_locl.h 2011-11-21 22:52:13 +00:00
ssl-lib.com Add d1_srtp and t1_trce. 2012-07-05 13:20:02 +00:00
ssl.h Auto DH support. 2014-03-28 14:49:04 +00:00
ssl2.h Initial "opaque SSL" framework. If an application defines 2011-04-29 22:37:12 +00:00
ssl3.h Update custom TLS extension and supplemental data 'generate' callbacks to support sending an alert. 2014-02-05 18:25:46 +00:00
ssl23.h
ssl_algs.c Add AES-SHA256 stitch. 2013-05-13 22:49:58 +02:00
ssl_asn1.c Version skew reduction: trivia (I hope). 2012-06-03 22:00:21 +00:00
ssl_cert.c Auto DH support. 2014-03-28 14:49:04 +00:00
ssl_ciph.c Add function to free compression methods. 2014-03-01 23:15:25 +00:00
ssl_conf.c Add -no_resumption_on_reneg to SSL_CONF. 2014-03-27 16:12:40 +00:00
ssl_err.c Sync error codes with 1.0.2-stable 2013-11-06 14:18:41 +00:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_lib.c Auto DH support. 2014-03-28 14:49:04 +00:00
ssl_locl.h Auto DH support. 2014-03-28 14:49:04 +00:00
ssl_rsa.c Fix whitespace, new-style comments. 2014-02-05 18:25:46 +00:00
ssl_sess.c Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 2013-09-06 13:59:13 +01:00
ssl_stat.c Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions) 2013-09-06 13:59:13 +01:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Experimental encrypt-then-mac support. 2013-09-08 13:14:03 +01:00
ssltest.c Don't break out of the custom extension callback loop - continue instead 2014-02-05 18:25:47 +00:00
t1_clnt.c Use appropriate versions of SSL3_ENC_METHOD 2013-03-18 14:53:59 +00:00
t1_enc.c ssl/t1_enc.c: check EVP_MD_CTX_copy return value. 2014-02-25 22:21:54 +01:00
t1_lib.c Auto DH support. 2014-03-28 14:49:04 +00:00
t1_meth.c Use appropriate versions of SSL3_ENC_METHOD 2013-03-18 14:53:59 +00:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:58:55 +00:00
t1_srvr.c Use appropriate versions of SSL3_ENC_METHOD 2013-03-18 14:53:59 +00:00
t1_trce.c use SSL_kDHE throughout instead of SSL_kEDH 2014-01-09 15:43:28 +00:00
tls1.h Updating DTCP authorization type to expected value 2014-02-05 18:25:46 +00:00
tls_srp.c PR: 1794 2011-12-14 22:17:06 +00:00