Tobias Brunner
c4576a1f57
tls: Allow setting both minimum and maximum TLS versions
...
This allows to increase the initial minimum version and also prevents
sending a list of versions during retries when 1.3 was already
negotiated.
2021-02-12 11:45:44 +01:00
Tobias Brunner
2b6565c236
tls-peer: Handle HelloRetryRequest
...
Adds support to handle retries with different DH group and/or a cookie
extension.
2021-02-12 11:45:44 +01:00
bytinbit
7a2b02667c
libtls: Implement TLS 1.3 handshake on client-side
...
The code is a minimal handshake with the HelloRetryRequest message
implementation missing.
Can be tested with an OpenSSL server running TLS 1.3. The server must
be at least version 1.1.1 (September 2018).
Co-authored-by: ryru <pascal.knecht@hsr.ch>
2021-02-12 11:45:44 +01:00
Tobias Brunner
ca280574ba
Fixed some typos, courtesy of codespell
2017-08-07 17:22:01 +02:00
Martin Willi
666c552381
libtls: Add getters for TLS handshake authentication details
2015-03-03 14:08:00 +01:00
Martin Willi
ddf5222096
tls: Introduce a generic TLS purpose that accepts NULL encryption ciphers
2014-04-01 14:28:55 +02:00
Andreas Steffen
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
Martin Willi
2de481e32b
Delegate tls_t.get_{peer,server}_id to handshake layer
...
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
2013-02-28 16:46:08 +01:00
Andreas Steffen
bd1ee5bdc4
make AR identities available to IMVs via IF-IMV 1.4 draft
2013-02-11 15:30:44 +01:00
Andreas Steffen
c36680962c
allow to transmit 64k TLS Handshake and Application messages via EAP-[T]TLS
2012-07-11 17:09:04 +02:00
Martin Willi
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
Andreas Steffen
e7cb8f9b37
added dummy libtls_init() function needed for integrity testing
2011-11-08 20:27:17 +01:00
Martin Willi
1c21f47a06
Send TLS Server Name Indication as peer if server identity is a FQDN
2011-04-14 20:02:12 +02:00
Andreas Steffen
a9ee43e96a
added TLS renegotiation_info extension
2011-04-14 16:54:46 +02:00
Andreas Steffen
1bee89d339
added TLS_PURPOSE_EAP_PEAP
2011-04-05 18:16:28 +02:00
Tobias Brunner
84545f6e7c
Some typos fixed.
2011-02-07 11:39:41 +01:00
Andreas Steffen
d2b1d4378e
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
2010-09-08 11:01:53 +02:00
Martin Willi
6cf85b35a4
Added TLS extension identifiers from RFC 3546
2010-09-06 15:37:51 +02:00
Martin Willi
37a59a8fbf
Support for EC curve Hello extension, EC curve fallback
2010-09-03 14:54:43 +02:00
Martin Willi
731611c525
Added TLS extension identifiers
2010-09-02 19:33:08 +02:00
Martin Willi
ecd98efa9d
Support output fragmentation of TLS records
2010-08-31 15:54:37 +02:00
Tobias Brunner
0433b4172b
Typo in doxygen comment fixed.
2010-08-30 10:49:32 +02:00
Martin Willi
69e8bb2e8d
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
2010-08-24 11:34:43 +02:00
Martin Willi
bda7d9d940
Added generic TLS purposes
2010-08-24 08:45:49 +02:00
Martin Willi
1475800080
Moved TLS record parsing/generation to tls.c
2010-08-24 08:45:49 +02:00
Martin Willi
c310881a11
Added a TLS purpose for EAP-TTLS with client authentication
2010-08-23 15:13:48 +02:00
Martin Willi
f154e30431
Verify negotiated TLS version
2010-08-23 09:47:03 +02:00
Martin Willi
96b2fbcc2c
Introducing simple purposes for the TLS stack, switches various options
2010-08-20 15:09:08 +02:00
Andreas Steffen
b51ac45c48
optional certificate-based peer authentication on TLS server side
2010-08-15 13:02:57 +02:00
Andreas Steffen
1327839da8
added generic TLS application data handler and specific EAP-TTLS instantiation
2010-08-12 23:58:54 +02:00
Andreas Steffen
a6444fcdd4
EAP-TLS and EAP-TTLS use different constant MSK PRF label
2010-08-07 11:26:04 +02:00
Martin Willi
0f82a47063
Moved TLS stack to its own library
2010-08-03 15:39:26 +02:00