Skip to content
  1. Nov 23, 2016
    • Matt Caswell's avatar
      Update state machine to be closer to TLS1.3 · 92760c21
      Matt Caswell authored
      
      
      This is a major overhaul of the TLSv1.3 state machine. Currently it still
      looks like TLSv1.2. This commit changes things around so that it starts
      to look a bit less like TLSv1.2 and bit more like TLSv1.3.
      
      After this commit we have:
      
      ClientHello
      + key_share          ---->
                                 ServerHello
                                 +key_share
                                 {CertificateRequest*}
                                 {Certificate*}
                                 {CertificateStatus*}
                           <---- {Finished}
      {Certificate*}
      {CertificateVerify*}
      {Finished}           ---->
      [ApplicationData]    <---> [Application Data]
      
      Key differences between this intermediate position and the final TLSv1.3
      position are:
      - No EncryptedExtensions message yet
      - No server side CertificateVerify message yet
      - CertificateStatus still exists as a separate message
      - A number of the messages are still in the TLSv1.2 format
      - Still running on the TLSv1.2 record layer
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      92760c21
    • Matt Caswell's avatar
      Implement tls13_change_cipher_state() · 0d9824c1
      Matt Caswell authored
      
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      0d9824c1
    • Matt Caswell's avatar
      Remove old style NewSessionTicket from TLSv1.3 · 9362c93e
      Matt Caswell authored
      
      
      TLSv1.3 has a NewSessionTicket message, but it is *completely* different to
      the TLSv1.2 one and may as well have been called something else. This commit
      removes the old style NewSessionTicket from TLSv1.3. We will have to add the
      new style one back in later.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      9362c93e
    • Matt Caswell's avatar
      Fix EXTMS error introduced by commit 94ed2c67 · 82c9c030
      Matt Caswell authored
      Commit 94ed2c67
      
       dropped a ! operator by mistake, which causes extended
      master secret connections to fail. This puts in back.
      
      Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
      82c9c030
  2. Nov 22, 2016
  3. Nov 21, 2016
  4. Nov 20, 2016
  5. Nov 18, 2016
  6. Nov 17, 2016
  7. Nov 16, 2016