Tobias Brunner
|
409adef43c
|
libtls: Move settings to <ns>.tls with fallback to libtls
|
2014-02-12 14:34:32 +01:00 |
Tobias Brunner
|
07f826af67
|
Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms)
|
2012-11-28 10:20:14 +01:00 |
Tobias Brunner
|
f05b427265
|
Moved debug.[ch] to utils folder
|
2012-10-24 16:00:51 +02:00 |
Tobias Brunner
|
1407a0026f
|
Added missing break when building TLS cipher suites
|
2012-09-28 18:55:40 +02:00 |
Martin Willi
|
ab2c989c32
|
Don't allow NULL encryption with PEAP
|
2012-09-12 13:19:52 +02:00 |
Martin Willi
|
87dd205b61
|
Add a return value to hasher_t.allocate_hash()
|
2012-07-16 14:55:06 +02:00 |
Martin Willi
|
8bd6a30af1
|
Add a return value to hasher_t.get_hash()
|
2012-07-16 14:55:06 +02:00 |
Martin Willi
|
ce73fc19db
|
Add a return value to crypter_t.set_key()
|
2012-07-16 14:53:38 +02:00 |
Martin Willi
|
e7d98b8c99
|
Add a return value to tls_prf_t.set_key()
|
2012-07-16 14:53:33 +02:00 |
Martin Willi
|
97b30b93b0
|
Add a return value to tls_prf_t.get_bytes()
|
2012-07-16 14:53:33 +02:00 |
Martin Willi
|
2d56575d52
|
Add a return value to signer_t.set_key()
|
2012-07-16 14:53:33 +02:00 |
Martin Willi
|
9020f7d0b9
|
Add a return value to tls_crypto_t.derive_secrets()
|
2012-07-16 14:53:33 +02:00 |
Martin Willi
|
ae10ee6d0b
|
Double check if a cached suite is available, overwrite any old suite state
|
2012-02-07 11:42:57 +01:00 |
Martin Willi
|
06c150365d
|
Fix TLS EAP-MSK derivation, uses different order of randoms than key expansion
|
2012-02-07 10:54:53 +01:00 |
Martin Willi
|
1dabf5bfc7
|
Filter TLS suite MAC by HMAC algorithm, as the hash is not necessarily the same
|
2012-02-07 10:54:53 +01:00 |
Martin Willi
|
6a5c86b7ad
|
Implemented TLS session resumption both as client and as server
|
2011-12-31 13:14:49 +01:00 |
Martin Willi
|
ed57dfca3f
|
In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash function
|
2011-12-24 12:42:28 +01:00 |
Tobias Brunner
|
f3bb1bd039
|
Fixed common misspellings.
Mostly found by 'codespell'.
|
2011-07-20 16:14:10 +02:00 |
Andreas Steffen
|
7e432eff6b
|
renamed tls_reader|writer to bio_* and moved to libstrongswan
|
2011-05-31 15:46:51 +02:00 |
Martin Willi
|
5b0bcfb1fc
|
Revert alloc_str changes
This reverts commit fdead26ffe .
This reverts commit 3e2419ebe3 .
This reverts commit 17ce69b47a .
|
2011-04-21 13:35:31 +02:00 |
Martin Willi
|
3e2419ebe3
|
Use thread save settings alloc_str function where appropriate
|
2011-04-21 10:48:16 +02:00 |
Andreas Steffen
|
1bee89d339
|
added TLS_PURPOSE_EAP_PEAP
|
2011-04-05 18:16:28 +02:00 |
Andreas Steffen
|
f10e72341c
|
cast enumerated algorithm type as int
|
2010-12-18 20:24:53 +01:00 |
Andreas Steffen
|
5932f41fcc
|
trace back crypto algorithms to the plugins that registered them
|
2010-12-18 16:31:12 +01:00 |
Andreas Steffen
|
99b0f633c2
|
handle TLS_PURPOSE_EAP_TNC
|
2010-09-08 12:58:45 +02:00 |
Martin Willi
|
02281c87a4
|
Added TLS specific EC point formats
|
2010-09-06 18:42:43 +02:00 |
Martin Willi
|
ec7d4e70d3
|
Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers
|
2010-09-06 18:37:24 +02:00 |
Martin Willi
|
adb913adeb
|
Added strongswan.conf option to filter for specific TLS suites
|
2010-09-06 16:51:11 +02:00 |
Martin Willi
|
24a5b935e7
|
Added strongswan.conf options to filter cipher suites by specific algorithms
|
2010-09-06 16:51:04 +02:00 |
Martin Willi
|
a03eebdf93
|
Fixed key type in TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
|
2010-09-06 16:50:54 +02:00 |
Martin Willi
|
e6cce7ff0d
|
Prepend point format to ECDH public key
|
2010-09-06 15:37:51 +02:00 |
Martin Willi
|
4e68c1cfdc
|
Do not propose (EC)DHE suites if we do not support them
|
2010-09-03 18:24:03 +02:00 |
Martin Willi
|
4254257f9d
|
Offer only algorithms/suites we have a registered public key backend for
|
2010-09-03 18:11:03 +02:00 |
Martin Willi
|
f9c0cf862c
|
Fixed key type of ECDHE_RSA groups
|
2010-09-03 17:24:39 +02:00 |
Martin Willi
|
3f7bb88ba3
|
Use a dynamic curve enumerator to list/convert TLS named curves
|
2010-09-03 17:24:23 +02:00 |
Martin Willi
|
2066918da2
|
Add ECDHE enabled cipher suites, including ECDSA variants
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
4cdade5aae
|
Select private key based on received cipher suites
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
37a59a8fbf
|
Support for EC curve Hello extension, EC curve fallback
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
691ca54db5
|
Added TLS EC curve type and name identifiers
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
ef0a8e5892
|
Add DHE enabled RSA variants to the supported TLS suites
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
35d9c15d5e
|
Store a MODP group we use for each TLS suite
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
d29a82a9d4
|
Added generic TLS data sign/verify, hash/sig algorithm construction
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
dbb7c0306c
|
Support different hash/sig algorithms in handshake signing, including ECDSA
|
2010-09-02 13:07:25 +02:00 |
Martin Willi
|
99dcaea9bd
|
Added TLS ClientCertificateType identifiers
|
2010-09-02 13:07:24 +02:00 |
Martin Willi
|
9dd2ca924e
|
Added TLS specific Hash and Signature Algorithm identifiers
|
2010-09-02 13:07:24 +02:00 |
Martin Willi
|
2bf0e74c38
|
Prefer AES/Camellia suites over 3DES/NULL encryption
|
2010-08-25 18:30:09 +02:00 |
Martin Willi
|
69e8bb2e8d
|
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
|
2010-08-24 11:34:43 +02:00 |
Martin Willi
|
bda7d9d940
|
Added generic TLS purposes
|
2010-08-24 08:45:49 +02:00 |
Martin Willi
|
c310881a11
|
Added a TLS purpose for EAP-TTLS with client authentication
|
2010-08-23 15:13:48 +02:00 |
Martin Willi
|
3c19b3461f
|
Introducing a dedicated debug message group for libtls
|
2010-08-23 09:47:03 +02:00 |