Skip to content
  1. May 12, 2016
  2. May 11, 2016
  3. May 10, 2016
  4. May 09, 2016
  5. May 05, 2016
  6. May 03, 2016
  7. May 02, 2016
  8. Apr 15, 2016
  9. Apr 14, 2016
  10. Apr 13, 2016
  11. Apr 09, 2016
  12. Apr 06, 2016
  13. Apr 02, 2016
  14. Mar 29, 2016
  15. Mar 21, 2016
  16. Mar 20, 2016
  17. Mar 17, 2016
  18. Mar 16, 2016
  19. Mar 11, 2016
  20. Mar 09, 2016
  21. Mar 08, 2016
  22. Mar 07, 2016
    • Emilia Kasper's avatar
      Rework the default cipherlist. · a556f342
      Emilia Kasper authored
      
      
       - Always prefer forward-secure handshakes.
       - Consistently order ECDSA above RSA.
       - Next, always prefer AEADs to non-AEADs, irrespective of strength.
       - Within AEADs, prefer GCM > CHACHA > CCM for a given strength.
       - Prefer TLS v1.2 ciphers to legacy ciphers.
       - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default
         list to reduce ClientHello bloat.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      a556f342
  23. Mar 04, 2016
  24. Mar 03, 2016
    • Emilia Kasper's avatar
      Refactor ClientHello extension parsing · 06217867
      Emilia Kasper authored
      
      
      1) Simplify code with better PACKET methods.
      
      2) Make broken SNI parsing explicit. SNI was intended to be extensible
      to new name types but RFC 4366 defined the syntax inextensibly, and
      OpenSSL has never parsed SNI in a way that would allow adding a new name
      type. RFC 6066 fixed the definition but due to broken implementations
      being widespread, it appears impossible to ever extend SNI.
      
      3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
      extensions correctly upon resumption. Annotate for further clean-up.
      
      4) Send an alert on ALPN protocol mismatch.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      06217867
  25. Mar 01, 2016
  26. Feb 28, 2016
  27. Feb 27, 2016