- Jan 26, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Jan 16, 2014
-
-
Dr. Stephen Henson authored
Partial fix for PR#3183.
-
Kaspar Brand authored
PR#3178
-
- Jan 12, 2014
-
-
Dr. Stephen Henson authored
-
- Jan 11, 2014
-
-
Dr. Stephen Henson authored
If available rdrand is used as an additional entropy source for the PRNG and for additional input in FIPS mode.
-
- Jan 10, 2014
-
-
Jeff Trawick authored
-
Jeff Trawick authored
-
- Jan 09, 2014
-
-
Dr. Stephen Henson authored
-
Daniel Kahn Gillmor authored
change documentation and comments to indicate that we prefer the standard "DHE" naming scheme everywhere over the older "EDH"
-
Daniel Kahn Gillmor authored
Replace the full ciphersuites with "EDH-" in their labels with "DHE-" so that all DHE ciphersuites are referred to in the same way. Leave backward-compatible aliases for the ciphersuites in question so that configurations which specify these explicitly will continue working.
-
Daniel Kahn Gillmor authored
This change normalizes the SSL_CK_DHE_ #defines to use the common term "DHE", while permitting older code that uses the more uncommon "EDH" constants to compile properly.
-
Daniel Kahn Gillmor authored
-
Daniel Kahn Gillmor authored
DHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEDH should probably be deprecated at some point, though.
-
Daniel Kahn Gillmor authored
other parts of packet tracing emit the standard "DHE" label instead of "edh". This change brings the output of ssl_print_client_keyex() and ssl_print_server_keyex() into accordance with the standard term.
-
Daniel Kahn Gillmor authored
The standard terminology in https://tools.ietf.org/html/rfc5426 is "DHE". "openssl ciphers" outputs "DHE" (for the most part). But users of the library currently cannot specify "DHE", they must currently specify "EDH". This change allows users to specify the common term in cipher suite strings without breaking backward compatibility.
-
Daniel Kahn Gillmor authored
ECDHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEECDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEECDH should probably be deprecated at some point, though.
-
Daniel Kahn Gillmor authored
other parts of packet tracing emit the standard "ECDHE" label instead of "EECDH". This change brings the output of ssl_print_client_keyex() and ssl_print_server_keyex() into accordance with the standard term.
-
Daniel Kahn Gillmor authored
The standard terminology in https://tools.ietf.org/html/rfc4492 is ECDHE. "openssl ciphers" outputs ECDHE. But users of the library currently cannot specify ECDHE, they must specify EECDH. This change allows users to specify the common term in cipher suite strings without breaking backward compatibility.
-
Andy Polyakov authored
-
- Jan 08, 2014
-
-
Dr. Stephen Henson authored
-
- Jan 07, 2014
-
-
Andy Polyakov authored
-
Andy Polyakov authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(cherry picked from commit 6b42ed4e7104898f4b5b69337589719913b36404)
-
- Jan 06, 2014
-
-
Dr. Stephen Henson authored
-
- Jan 04, 2014
-
-
Andy Polyakov authored
(and shave off cycle even from integer-only code)
-
Andy Polyakov authored
(and update performance data, and fix typo)
-
- Jan 03, 2014
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Fix a limitation in SSL_CTX_use_certificate_chain_file(): use algorithm specific chains instead of the shared chain. Update docs.
-
Andy Polyakov authored
-
Andy Polyakov authored
but keep it disabled, too little gain... Add some Atom-specific optimization.
-
- Jan 02, 2014
-
-
Dr. Stephen Henson authored
When sending an invalid version number alert don't change the version number to the client version if a session is already established. Thanks to Marek Majkowski for additional analysis of this issue. PR#3191
-
- Dec 29, 2013
-
-
Dr. Stephen Henson authored
(cherry picked from commit cfa86987a8d9d2b8cc5e5fea2d3260c46542cdb9)
-
- Dec 28, 2013
-
-
Andy Polyakov authored
PR: 3202
-
Andy Polyakov authored
-
Andy Polyakov authored
-
- Dec 22, 2013
-
-
Dr. Stephen Henson authored
If content is detached and not binary mode translate the input to CRLF format. Before this change the input was verified verbatim which lead to a discrepancy between sign and verify.
-
- Dec 20, 2013
-
-
Dr. Stephen Henson authored
For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. CVE-2013-6450. (cherry picked from commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b)
-
Dr. Stephen Henson authored
(cherry picked from commit a6c62f0c)
-