- Apr 18, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Apr 17, 2012
-
-
Bodo Möller authored
(TLS 1.2 clients could end up negotiating these with an OpenSSL server with TLS 1.2 disabled, which is problematic.) Submitted by: Adam Langley
-
Dr. Stephen Henson authored
If OPENSSL_MAX_TLS1_2_CIPHER_LENGTH is set then limit the size of client ciphersuites to this value. A value of 50 should be sufficient. Document workarounds in CHANGES.
-
Dr. Stephen Henson authored
Some servers hang when presented with a client hello record length exceeding 255 bytes but will work with longer client hellos if the TLS record version in client hello does not exceed TLS v1.0. Unfortunately this doesn't fix all cases...
-
- Apr 16, 2012
-
-
Andy Polyakov authored
PR: 2791 Submitted by: Ben Noordhuis
-
Andy Polyakov authored
PR: 2790 Submitted by: Alexei Khlebnikov
-
- Apr 15, 2012
-
-
Andy Polyakov authored
PR: 2538
-
Andy Polyakov authored
countermeasure [from HEAD]. PR: 2778
-
- Apr 12, 2012
-
-
Andy Polyakov authored
-
- Apr 11, 2012
-
-
Dr. Stephen Henson authored
s_server.
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
- Apr 10, 2012
-
-
Dr. Stephen Henson authored
-
- Apr 09, 2012
-
-
Andy Polyakov authored
-
- Apr 07, 2012
-
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
(backport from HEAD)
-
Dr. Stephen Henson authored
(backport from HEAD)
-
Dr. Stephen Henson authored
(backport from HEAD)
-
Dr. Stephen Henson authored
RFC5114 parameters and X9.42 DH public and private keys. (backport from HEAD)
-
Dr. Stephen Henson authored
Correct some parameter values. (backport from HEAD)
-
Dr. Stephen Henson authored
(backport from HEAD)
-
Dr. Stephen Henson authored
(backport from HEAD)
-
- Apr 06, 2012
-
-
Dr. Stephen Henson authored
Localize client hello extension parsing in t1_lib.c (backport from HEAD)
-
Dr. Stephen Henson authored
enabled instead of requiring an application to hard code a (possibly inappropriate) parameter set and delve into EC internals we just automatically use the preferred curve. (backport from HEAD)
-
Dr. Stephen Henson authored
add utility functions to t1_lib.c to check if EC certificates and parameters are consistent with peer. (backport from HEAD)
-
Dr. Stephen Henson authored
Tidy some code up. Don't allocate a structure to handle ECC extensions when it is used for default values. Make supported curves configurable. Add ctrls to retrieve shared curves: not fully integrated with rest of ECC code yet. (backport from HEAD)
-
Dr. Stephen Henson authored
extensions to s_client and s_server to print out retrieved valued. Extend CERT structure to cache supported signature algorithm data. (backport from HEAD)
-
Dr. Stephen Henson authored
(backport from HEAD)
-
Dr. Stephen Henson authored
between NIDs and the more common NIST names such as "P-256". Enhance ecparam utility and ECC method to recognise the NIST names for curves. (backport from HEAD)
-
Dr. Stephen Henson authored
structure. Before this the only way to add a custom chain was in the parent SSL_CTX (which is shared by all key types and SSL structures) or rely on auto chain building (which is performed on each handshake) from the trust store. (backport from HEAD)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
Backport: Revise ssl code to use CERT_PKEY structure when outputting a certificate chain (from HEAD)
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-
Dr. Stephen Henson authored
-