Skip to content
  1. May 20, 2016
    • Rich Salz's avatar
      Rename lh_xxx,sk_xxx tp OPENSSL_{LH,SK}_xxx · 739a1eb1
      Rich Salz authored
      
      
      Rename sk_xxx to OPENSSL_sk_xxx and _STACK to OPENSSL_STACK
      Rename lh_xxx API to OPENSSL_LH_xxx and LHASH_NODE to OPENSSL_LH_NODE
      Make lhash stuff opaque.
      Use typedefs for function pointers; makes the code simpler.
      Remove CHECKED_xxx macros.
      Add documentation; remove old X509-oriented doc.
      Add API-compat names for entire old API
      
      Reviewed-by: default avatarDr. Stephen Henson <steve@openssl.org>
      739a1eb1
  2. May 16, 2016
  3. May 12, 2016
  4. May 11, 2016
  5. May 10, 2016
  6. May 09, 2016
  7. May 05, 2016
  8. May 03, 2016
  9. May 02, 2016
  10. Apr 15, 2016
  11. Apr 14, 2016
  12. Apr 13, 2016
  13. Apr 09, 2016
  14. Apr 06, 2016
  15. Apr 02, 2016
  16. Mar 29, 2016
  17. Mar 21, 2016
  18. Mar 20, 2016
  19. Mar 17, 2016
  20. Mar 16, 2016
  21. Mar 11, 2016
  22. Mar 09, 2016
  23. Mar 08, 2016
  24. Mar 07, 2016
    • Emilia Kasper's avatar
      Rework the default cipherlist. · a556f342
      Emilia Kasper authored
      
      
       - Always prefer forward-secure handshakes.
       - Consistently order ECDSA above RSA.
       - Next, always prefer AEADs to non-AEADs, irrespective of strength.
       - Within AEADs, prefer GCM > CHACHA > CCM for a given strength.
       - Prefer TLS v1.2 ciphers to legacy ciphers.
       - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default
         list to reduce ClientHello bloat.
      
      Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
      a556f342
  25. Mar 04, 2016
  26. Mar 03, 2016
    • Emilia Kasper's avatar
      Refactor ClientHello extension parsing · 06217867
      Emilia Kasper authored
      
      
      1) Simplify code with better PACKET methods.
      
      2) Make broken SNI parsing explicit. SNI was intended to be extensible
      to new name types but RFC 4366 defined the syntax inextensibly, and
      OpenSSL has never parsed SNI in a way that would allow adding a new name
      type. RFC 6066 fixed the definition but due to broken implementations
      being widespread, it appears impossible to ever extend SNI.
      
      3) Annotate resumption behaviour. OpenSSL doesn't currently handle all
      extensions correctly upon resumption. Annotate for further clean-up.
      
      4) Send an alert on ALPN protocol mismatch.
      
      Reviewed-by: default avatarKurt Roeckx <kurt@openssl.org>
      06217867
  27. Mar 01, 2016