Age | Commit message (Collapse) | Author | |
---|---|---|---|
2007-04-05 | Don't use a negative number as a length. Coverity ID 57. | Ben Laurie | |
2007-03-23 | Stage 1 GOST ciphersuite support. | Dr. Stephen Henson | |
Submitted by: ran@cryptocom.ru Reviewed by: steve@openssl.org | |||
2007-03-21 | stricter session ID context matching | Bodo Möller | |
2007-02-22 | Fix incorrect substitution that happened during the recent ciphersuite | Bodo Möller | |
selection remodeling Submitted by: Victor Duchovni | |||
2007-02-21 | prefer SHA1 over MD5 (this affects the Kerberos ciphersuites) | Bodo Möller | |
2007-02-21 | delete obsolete comment | Bodo Möller | |
2007-02-20 | SSL_kKRB5 ciphersuites shouldn't be preferred by default | Bodo Möller | |
2007-02-20 | Improve ciphersuite order stability when disabling ciphersuites. | Bodo Möller | |
Change ssl_create_cipher_list() to prefer ephemeral ECDH over ephemeral DH. | |||
2007-02-20 | fix a typo in the new ciphersuite ordering code | Bodo Möller | |
2007-02-19 | Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a | Bodo Möller | |
ciphersuite string such as "DEFAULT:RSA" cannot enable authentication-only ciphersuites. Also, change ssl_create_cipher_list() so that it no longer starts with an arbitrary ciphersuite ordering, but instead uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST. SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL". | |||
2007-02-19 | fix warnings for CIPHER_DEBUG builds | Bodo Möller | |
2007-02-19 | fix warnings/inconsistencies caused by the recent changes to the | Bodo Möller | |
ciphersuite selection code in HEAD Submitted by: Victor Duchovni | |||
2007-02-19 | fix incorrect strength bit values for certain Kerberos ciphersuites | Bodo Möller | |
Submitted by: Victor Duchovni | |||
2007-02-17 | Reorganize the data used for SSL ciphersuite pattern matching. | Bodo Möller | |
This change resolves a number of problems and obviates multiple kludges. A new feature is that you can now say "AES256" or "AES128" (not just "AES", which enables both). In some cases the ciphersuite list generated from a given string is affected by this change. I hope this is just in those cases where the previous behaviour did not make sense. | |||
2007-02-16 | ensure that the EVP_CIPHER_CTX object is initialized | Nils Larsch | |
PR: 1490 | |||
2007-02-10 | use user-supplied malloc functions for persistent kssl objects | Nils Larsch | |
PR: 1467 Submitted by: Andrei Pelinescu-Onciul <andrei@iptel.org> | |||
2007-02-07 | ensure that a ec key is used | Nils Larsch | |
PR: 1476 | |||
2007-01-21 | Constify version strings is ssl lib. | Dr. Stephen Henson | |
2007-01-03 | remove undefined constant | Nils Larsch | |
2006-12-21 | fix typos | Nils Larsch | |
PR: 1354, 1355, 1398, 1408 | |||
2006-11-30 | Win32 fixes from stable branch. | Dr. Stephen Henson | |
2006-11-29 | replace macros with functions | Nils Larsch | |
Submitted by: Tracy Camp <tracyx.e.camp@intel.com> | |||
2006-11-29 | fix support for receiving fragmented handshake messages | Bodo Möller | |
2006-11-21 | Update from 0.9.8 stable. Eliminate duplicate error codes. | Dr. Stephen Henson | |
2006-11-06 | remove SSLEAY_MACROS code | Nils Larsch | |
2006-10-20 | Align data payload for better performance. | Andy Polyakov | |
2006-09-28 | Fix buffer overflow in SSL_get_shared_ciphers() function. | Mark J. Cox | |
(CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team] Fix SSL client code which could crash if connecting to a malicious SSLv2 server. (CVE-2006-4343) [Tavis Ormandy and Will Drewry, Google Security Team] | |||
2006-09-28 | Fixes for the following claims: | Richard Levitte | |
1) Certificate Message with no certs OpenSSL implementation sends the Certificate message during SSL handshake, however as per the specification, these have been omitted. -- RFC 2712 -- CertificateRequest, and the ServerKeyExchange shown in Figure 1 will be omitted since authentication and the establishment of a master secret will be done using the client's Kerberos credentials for the TLS server. The client's certificate will be omitted for the same reason. -- RFC 2712 -- 3) Pre-master secret Protocol version The pre-master secret generated by OpenSSL does not have the correct client version. RFC 2712 says, if the Kerberos option is selected, the pre-master secret structure is the same as that used in the RSA case. TLS specification defines pre-master secret as: struct { ProtocolVersion client_version; opaque random[46]; } PreMasterSecret; where client_version is the latest protocol version supported by the client The pre-master secret generated by OpenSSL does not have the correct client version. The implementation does not update the first 2 bytes of random secret for Kerberos Cipher suites. At the server-end, the client version from the pre-master secret is not validated. PR: 1336 | |||
2006-09-23 | Submitted by: Brad Spencer <spencer@jacknife.org> | Dr. Stephen Henson | |
Reviewed by: steve | |||
2006-09-11 | ensure that ciphersuite strings such as "RC4-MD5" match the SSL 2.0 | Bodo Möller | |
ciphersuite as well | |||
2006-08-28 | Make things static that should be. Declare stuff in headers that should be. | Ben Laurie | |
Fix warnings. | |||
2006-06-15 | Error messages for client ECC cert verification. | Bodo Möller | |
Also, change the default ciphersuite to give some prefererence to ciphersuites with forwared secrecy (rather than using a random order). | |||
2006-06-15 | Fix algorithm handling for ECC ciphersuites: Adapt to recent changes, | Bodo Möller | |
and allow more general RSA OIDs for ECC certs with RSA CA sig. | |||
2006-06-15 | Fix another new bug in the cipherstring logic. | Bodo Möller | |
2006-06-15 | Fix another bug introduced yesterday when deleting Fortezza stuff: | Bodo Möller | |
make sure 'mask' is initialized in ssl_cipher_get_disabled(). Also simplify code by removing some unused arguments in static functions. | |||
2006-06-15 | Oops ... deleted too much in the previous commit when I deleted | Bodo Möller | |
the Fortezza stuff | |||
2006-06-14 | Disable invalid ciphersuites | Bodo Möller | |
2006-06-14 | Ciphersuite string bugfixes, and ECC-related (re-)definitions. | Bodo Möller | |
2006-06-14 | Make sure that AES ciphersuites get priority over Camellia | Bodo Möller | |
ciphersuites in the default cipher string. | |||
2006-06-14 | Thread-safety fixes | Bodo Möller | |
2006-06-09 | Camellia cipher, contributed by NTT | Bodo Möller | |
Submitted by: Masashi Fujita Reviewed by: Bodo Moeller | |||
2006-05-28 | Use a new signed int ii instead of j (which is unsigned) to handle the | Richard Levitte | |
return value from sk_SSL_CIPHER_find(). | |||
2006-05-26 | Fix warnings. | Dr. Stephen Henson | |
2006-05-12 | Someone made a mistake, and some function and reason codes got | Richard Levitte | |
duplicate numbers. Renumbering. | |||
2006-05-07 | Fix from stable branch. | Dr. Stephen Henson | |
2006-04-17 | Fix (most) WIN32 warnings and errors. | Dr. Stephen Henson | |
2006-04-15 | If cipher list contains a match for an explicit ciphersuite only match that | Dr. Stephen Henson | |
one suite. | |||
2006-04-08 | Update dependencies. | Dr. Stephen Henson | |
2006-04-05 | Remove ECC extension information from external representation | Bodo Möller | |
of the session -- we don't really need it once the handshake has completed. | |||
2006-04-04 | Stop warning. | Dr. Stephen Henson | |