wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl
History
Nick Mathewson 4af793036f Do not include a timestamp in the ClientHello Random field. 
Instead, send random bytes.

While the gmt_unix_time record was added in an ostensible attempt to
mitigate the dangers of a bad RNG, its presence leaks the host's view
of the current time in the clear.  This minor leak can help
fingerprint TLS instances across networks and protocols... and what's
worse, it's doubtful thet the gmt_unix_time record does any good at
all for its intended purpose, since:

    * It's quite possible to open two TLS connections in one second.
    * If the PRNG output is prone to repeat itself, ephemeral
    * handshakes (and who knows what else besides) are broken.
2013-09-16 13:44:10 -04:00
..
.cvsignore Add emacs cache files to .cvsignore. 2005-04-11 14:17:07 +00:00
bio_ssl.c OPENSSL_NO_SOCK fixes [from HEAD]. 2012-04-16 17:43:15 +00:00
d1_both.c PR: 2755 2012-03-06 13:47:27 +00:00
d1_clnt.c Do not include a timestamp in the ClientHello Random field. 2013-09-16 13:44:10 -04:00
d1_enc.c Update DTLS code to match CBC decoding in TLS. 2013-01-28 17:34:33 +00:00
d1_lib.c correct error code 2012-04-18 14:53:48 +00:00
d1_meth.c Let the TLSv1_method() etc. functions return a const SSL_METHOD 2005-08-14 21:48:33 +00:00
d1_pkt.c ssl/[d1|s3]_pkt.c: harmomize orig_len handling. 2013-02-07 22:47:05 +01:00
d1_srtp.c ssl/*: fix linking errors with no-srtp. 2013-02-09 19:52:07 +01:00
d1_srvr.c PR: 2778(part) 2012-03-31 18:02:43 +00:00
dtls1.h Reduce version skew. 2012-06-08 09:18:47 +00:00
install-ssl.com Don't forget to install srtp.h as well 2012-05-10 15:01:22 +00:00
kssl.c make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
kssl.h make kerberos work with OPENSSL_NO_SSL_INTERN 2011-05-11 22:52:34 +00:00
kssl_lcl.h Some fixes for kerberos builds. 2009-04-21 22:20:12 +00:00
Makefile make update 2013-02-04 21:29:41 +00:00
s2_clnt.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
s2_enc.c Update ssl library to support EVP_PKEY MAC API. Include generic MAC support. 2007-06-04 17:04:40 +00:00
s2_lib.c Make no-ssl2 work including on Win32 builds. 2009-04-04 17:57:34 +00:00
s2_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s2_pkt.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
s2_srvr.c Reduce version skew. 2012-06-08 09:18:47 +00:00
s3_both.c Add and use a constant-time memcmp. 2013-01-28 17:30:38 +00:00
s3_cbc.c s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. 2013-02-08 21:37:07 +01:00
s3_clnt.c Do not include a timestamp in the ClientHello Random field. 2013-09-16 13:44:10 -04:00
s3_enc.c ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. 2013-02-01 15:34:09 +01:00
s3_lib.c PR: 2806 2012-05-10 18:24:32 +00:00
s3_meth.c Type-checked (and modern C compliant) OBJ_bsearch. 2008-10-12 14:32:47 +00:00
s3_pkt.c ssl/[d1|s3]_pkt.c: harmomize orig_len handling. 2013-02-07 22:47:05 +01:00
s3_srvr.c ssl/s3_[clnt|srvr].c: fix warnings. 2013-02-09 19:50:34 +01:00
s23_clnt.c Do not include a timestamp in the ClientHello Random field. 2013-09-16 13:44:10 -04:00
s23_lib.c Fix warnings (From HEAD, original patch by Ben). 2010-06-15 17:25:15 +00:00
s23_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
s23_pkt.c Reorder inclusion of header files: 2002-07-10 07:01:54 +00:00
s23_srvr.c add FIPS support to ssl: doesn't do anything on this branch yet as there is no FIPS compilation support 2011-05-19 18:22:16 +00:00
srtp.h move internal functions to ssl_locl.h 2011-11-21 22:52:01 +00:00
ssl-lib.com PR: 2652 2012-01-05 14:30:08 +00:00
ssl.h Fix error codes. 2013-02-04 21:13:18 +00:00
ssl2.h Initial "opaque SSL" framework. If an application defines OPENSSL_NO_SSL_INTERN 2011-05-11 12:56:38 +00:00
ssl3.h ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. 2013-02-01 15:34:09 +01:00
ssl23.h Import of old SSLeay release: SSLeay 0.9.0b 1998-12-21 10:56:39 +00:00
ssl_algs.c e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. 2013-02-02 19:35:09 +01:00
ssl_asn1.c Use correct tag for SRP username. 2011-10-25 12:52:47 +00:00
ssl_cert.c don't use pseudo digests for default values of keys 2012-06-27 14:11:40 +00:00
ssl_ciph.c add "missing" TLSv1.2 cipher alias 2012-11-15 19:15:20 +00:00
ssl_err.c Fix error codes. 2013-02-04 21:13:18 +00:00
ssl_err2.c Use new-style system-id macros everywhere possible. I hope I haven't 2001-02-20 08:13:47 +00:00
ssl_lib.c ssl/*: fix linking errors with no-srtp. 2013-02-09 19:52:07 +01:00
ssl_locl.h ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. 2013-02-01 15:34:09 +01:00
ssl_rsa.c Reduce version skew. 2012-06-08 09:18:47 +00:00
ssl_sess.c New ctrl values to clear or retrieve extra chain certs from an SSL_CTX. 2011-12-22 15:01:16 +00:00
ssl_stat.c PR: 1794 2011-11-25 00:18:10 +00:00
ssl_task.c Security fixes brought forward from 0.9.7. 2002-11-13 15:43:43 +00:00
ssl_txt.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
ssltest.c Reduce version skew. 2012-06-08 09:18:47 +00:00
t1_clnt.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
t1_enc.c ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. 2013-02-01 15:34:09 +01:00
t1_lib.c ssl/*: fix linking errors with no-srtp. 2013-02-09 19:52:07 +01:00
t1_meth.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
t1_reneg.c Update RI to match latest spec. 2009-12-27 22:59:09 +00:00
t1_srvr.c Backport TLS v1.2 support from HEAD. 2011-05-11 13:37:52 +00:00
tls1.h Submitted by: Peter Sylvester <peter.sylvester@edelweb.fr> 2012-03-09 18:37:41 +00:00
tls_srp.c Reduce version skew. 2012-06-08 09:18:47 +00:00