Skip to content
  1. Apr 18, 2012
  2. Apr 17, 2012
    • Bodo Möller's avatar
      Disable SHA-2 ciphersuites in < TLS 1.2 connections. · d3ddf022
      Bodo Möller authored
      (TLS 1.2 clients could end up negotiating these with an OpenSSL server
      with TLS 1.2 disabled, which is problematic.)
      
      Submitted by: Adam Langley
      d3ddf022
    • Dr. Stephen Henson's avatar
      Additional workaround for PR#2771 · 800e1cd9
      Dr. Stephen Henson authored
      If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client
      ciphersuites to this value. A value of 50 should be sufficient.
      
      Document workarounds in CHANGES.
      800e1cd9
    • Dr. Stephen Henson's avatar
      Partial workaround for PR#2771. · 293706e7
      Dr. Stephen Henson authored
      Some servers hang when presented with a client hello record length exceeding
      255 bytes but will work with longer client hellos if the TLS record version
      in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all
      cases...
      293706e7
  3. Apr 16, 2012
  4. Apr 15, 2012
  5. Apr 12, 2012
  6. Apr 11, 2012
  7. Apr 10, 2012
  8. Apr 09, 2012
  9. Apr 06, 2012
  10. Apr 05, 2012
  11. Apr 04, 2012
  12. Apr 03, 2012
  13. Mar 31, 2012
  14. Mar 30, 2012
  15. Mar 29, 2012
  16. Mar 28, 2012
    • Dr. Stephen Henson's avatar
      Initial revision of ECC extension handling. · d0595f17
      Dr. Stephen Henson authored
      Tidy some code up.
      
      Don't allocate a structure to handle ECC extensions when it is used for
      default values.
      
      Make supported curves configurable.
      
      Add ctrls to retrieve shared curves: not fully integrated with rest of
      ECC code yet.
      d0595f17
  17. Mar 22, 2012
  18. Mar 21, 2012
  19. Mar 19, 2012