Martin Willi
b886dad498
tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD found
2014-03-31 15:56:12 +02:00
Martin Willi
48d6b57c30
tls: Offer TLS signature schemes in ClientHello in order of preference
...
Additionally, we now query plugin features to find out what schemes we exactly
support.
2014-03-31 15:56:12 +02:00
Martin Willi
d06890d6e2
tls: Define AES-GCM cipher suites from RFC 5288/5289
2014-03-31 15:56:12 +02:00
Martin Willi
f0f301170b
tls: Implement the TLS AEAD abstraction for real AEAD modes
2014-03-31 15:56:12 +02:00
Martin Willi
d3204677ba
tls: Separate TLS protection to abstracted AEAD modes
...
To better separate the code path for different TLS versions and modes of
operation, we introduce a TLS AEAD abstraction. We provide three implementations
using traditional transforms, and get prepared for TLS AEAD modes.
2014-03-31 15:56:12 +02:00
Tobias Brunner
409adef43c
libtls: Move settings to <ns>.tls with fallback to libtls
2014-02-12 14:34:32 +01:00
Tobias Brunner
9af44ef5d9
Build all shared libraries with -no-undefined and link them properly
...
The flag is required to convince libtool on Cygwin to build DLLs. But on
Windows these shared libraries can not have undefined symbols, so we have to
link them explicitly to the libraries they reference.
For plugins this is currently not done, so only the monolithic build is
supported. The plugin loader wouldn't be able to load DLLs anyway, as
it tries to load files that don't exist on Cygwin.
2013-09-12 01:44:49 +02:00
Andreas Steffen
9dc3b2053d
Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LEN
2013-08-19 09:50:57 +02:00
Andreas Steffen
97b1d39de5
Extract client identity and authentication type from SASL authentication
2013-08-15 23:34:22 +02:00
Martin Willi
19cb07b890
automake: replace INCLUDES by AM_CPPFLAGS
...
INCLUDES are now deprecated and throw warnings when using automake 1.13.
We now also differentiate AM_CPPFLAGS and AM_CFLAGS, where includes and
defines are passed to AM_CPPFLAGS only.
2013-07-18 14:59:19 +02:00
Andreas Steffen
5a8dd63433
fixed typo
2013-03-27 22:56:37 +01:00
Tobias Brunner
79306b7e6e
Use proper integer types when handling TLS exchanges
...
tls_t.build takes a size_t argument not a ssize_t.
2013-03-22 11:40:57 +01:00
Martin Willi
1db6bf2f3f
If TLS peer authentication not required, the client does nonetheless, allow it to fail
2013-03-06 15:53:12 +01:00
Martin Willi
807f2facd0
Request a TLS client certificate even if no peer identity is given
...
This allows a peer to perform client authentication if it wants, but skip
it if not.
2013-02-28 16:46:08 +01:00
Martin Willi
257c80cb5b
Wrap tls_t.get_{server,peer}_id methods in tls_socket_t
2013-02-28 16:46:08 +01:00
Martin Willi
2de481e32b
Delegate tls_t.get_{peer,server}_id to handshake layer
...
This allows to get updated peer identities if the peer can't authenticate,
or does when it is optional.
2013-02-28 16:46:08 +01:00
Martin Willi
8b56943222
Merge branch 'pt-tls'
2013-02-14 17:06:07 +01:00
Andreas Steffen
bd1ee5bdc4
make AR identities available to IMVs via IF-IMV 1.4 draft
2013-02-11 15:30:44 +01:00
Martin Willi
435348f406
Send TLS close notify during tls_socket_t destruction
2013-01-15 17:43:05 +01:00
Martin Willi
7bbf7aa97a
Send TLS close notify if application returns SUCCESS
2013-01-15 17:43:05 +01:00
Martin Willi
c43e8fdec4
Block TLS read when sending data, but have to wait for the handshake data first
2013-01-15 17:43:05 +01:00
Martin Willi
ee90c78998
Use a more POSIXy tls_socket interface with more flexibility.
...
If an unsufficient read buffer is provided, application data gets cached
for subsequent read() calls.
2013-01-15 17:43:05 +01:00
Tobias Brunner
07f826af67
Fixed encoding of TLS extensions (elliptic_curves and signature_algorithms)
2012-11-28 10:20:14 +01:00
Tobias Brunner
f05b427265
Moved debug.[ch] to utils folder
2012-10-24 16:00:51 +02:00
Tobias Brunner
12642a6831
Moved data structures to new collections subfolder
2012-10-24 16:00:49 +02:00
Tobias Brunner
1407a0026f
Added missing break when building TLS cipher suites
2012-09-28 18:55:40 +02:00
Martin Willi
ab2c989c32
Don't allow NULL encryption with PEAP
2012-09-12 13:19:52 +02:00
Martin Willi
acada66a35
Use memmove on overlapping regions, and operate with correct sizeof()
2012-09-12 13:19:52 +02:00
Martin Willi
fb3cf1b708
Whitespace cleanups in tls_eap
2012-09-12 13:19:52 +02:00
Martin Willi
02cabd0f26
Check if TLS handshake received Finished before processing application data
2012-08-09 12:10:41 +02:00
Martin Willi
2df12b4c57
Fix tls_prf bug introduced with bc474883
2012-07-17 11:33:05 +02:00
Martin Willi
87dd205b61
Add a return value to hasher_t.allocate_hash()
2012-07-16 14:55:06 +02:00
Martin Willi
8bd6a30af1
Add a return value to hasher_t.get_hash()
2012-07-16 14:55:06 +02:00
Martin Willi
ce73fc19db
Add a return value to crypter_t.set_key()
2012-07-16 14:53:38 +02:00
Martin Willi
3b96189a2a
Add a return value to crypter_t.decrypt()
2012-07-16 14:53:38 +02:00
Martin Willi
e35abbe588
Add a return value to crypter_t.encrypt
2012-07-16 14:53:37 +02:00
Martin Willi
bb5eb15ccc
Check rng return value when generating TLS session identifiers
2012-07-16 14:53:37 +02:00
Tobias Brunner
126eb2af59
Check rng return value when generating secrets and IVs in libtls
2012-07-16 14:53:37 +02:00
Martin Willi
f3ca96b2bf
Add a return value to prf_t.set_key()
2012-07-16 14:53:34 +02:00
Martin Willi
bc47488323
Add a return value to prf_t.get_bytes()
2012-07-16 14:53:33 +02:00
Martin Willi
e7d98b8c99
Add a return value to tls_prf_t.set_key()
2012-07-16 14:53:33 +02:00
Martin Willi
97b30b93b0
Add a return value to tls_prf_t.get_bytes()
2012-07-16 14:53:33 +02:00
Martin Willi
2d56575d52
Add a return value to signer_t.set_key()
2012-07-16 14:53:33 +02:00
Martin Willi
9020f7d0b9
Add a return value to tls_crypto_t.derive_secrets()
2012-07-16 14:53:33 +02:00
Martin Willi
2e96de60a8
Add a return value to signer_t.get_signature()
2012-07-16 14:53:33 +02:00
Martin Willi
cbfbba7d86
Add a return value to signer_t.allocate_signature()
2012-07-16 14:53:32 +02:00
Andreas Steffen
6245edf37e
eliminate message length field in EAP-TNC
2012-07-11 17:09:05 +02:00
Andreas Steffen
c36680962c
allow to transmit 64k TLS Handshake and Application messages via EAP-[T]TLS
2012-07-11 17:09:04 +02:00
Andreas Steffen
dfe82160e4
some tls_eap optimizations
2012-07-11 17:09:04 +02:00
Andreas Steffen
3bd452f8f3
max_message_count = 0 disables limit
2012-07-11 17:09:04 +02:00
Andreas Steffen
da67c37d65
log invalid TLS packet length
2012-07-11 17:09:04 +02:00
Martin Willi
b188f23199
Install dev headers only if --with-dev-headers= option is set
2012-07-11 11:16:31 +02:00
Martin Willi
2a6bcbbdee
Install libtls development headers
2012-07-11 10:51:01 +02:00
Martin Willi
ae10ee6d0b
Double check if a cached suite is available, overwrite any old suite state
2012-02-07 11:42:57 +01:00
Tobias Brunner
b96eb46d5c
Some Doxygen fixes.
2012-02-07 11:20:46 +01:00
Martin Willi
06c150365d
Fix TLS EAP-MSK derivation, uses different order of randoms than key expansion
2012-02-07 10:54:53 +01:00
Martin Willi
1dabf5bfc7
Filter TLS suite MAC by HMAC algorithm, as the hash is not necessarily the same
2012-02-07 10:54:53 +01:00
Martin Willi
3a87c89b1b
Added a tls_socket_t.splice method to wrap a file descriptor into TLS
2011-12-31 13:14:49 +01:00
Martin Willi
6a5c86b7ad
Implemented TLS session resumption both as client and as server
2011-12-31 13:14:49 +01:00
Martin Willi
ca5767621b
Implemented a TLS session cache
2011-12-31 13:14:49 +01:00
Martin Willi
703c0db894
Check for cipherspec changes after each handshake message
2011-12-31 13:14:49 +01:00
Martin Willi
4caa380625
Separated cipherspec checking and switching, allowing us to defer the second
2011-12-31 13:14:49 +01:00
Martin Willi
84da59f609
Be less verbose about TLS extensions
2011-12-24 14:14:25 +01:00
Martin Willi
ed57dfca3f
In TLS 1.2, PRF and HASH function use at least SHA-256, not the MAC hash function
2011-12-24 12:42:28 +01:00
Martin Willi
6b01216422
Added a getter for the tls_socket file descriptor
2011-12-24 12:42:25 +01:00
Andreas Steffen
e7cb8f9b37
added dummy libtls_init() function needed for integrity testing
2011-11-08 20:27:17 +01:00
Martin Willi
5976e149eb
Don't allocate extra memory to MAC the TLS header
2011-09-28 17:32:23 +02:00
Martin Willi
b79bb79a66
Verify TLS MAC even if padding is invalid to prevent timing attacks
2011-09-28 17:16:09 +02:00
Martin Willi
18c4d010f4
Install and use libtls as dynamic library, as we have our private libdir now
2011-08-08 13:41:09 +02:00
Tobias Brunner
f3bb1bd039
Fixed common misspellings.
...
Mostly found by 'codespell'.
2011-07-20 16:14:10 +02:00
Andreas Steffen
7e432eff6b
renamed tls_reader|writer to bio_* and moved to libstrongswan
2011-05-31 15:46:51 +02:00
Andreas Steffen
7e82d26dd8
fixed type
2011-05-31 15:46:51 +02:00
Andreas Steffen
deed58393d
raw TLS debug output
2011-05-29 10:36:41 +02:00
Andreas Steffen
4b06f9f265
debug type is EAP_TLS
2011-04-21 21:04:11 +02:00
Andreas Steffen
2778b6644b
do not include length field in non-fragmented EAP-PEAP packets
2011-04-21 19:52:49 +02:00
Martin Willi
5b0bcfb1fc
Revert alloc_str changes
...
This reverts commit fdead26ffe
.
This reverts commit 3e2419ebe3
.
This reverts commit 17ce69b47a
.
2011-04-21 13:35:31 +02:00
Martin Willi
3e2419ebe3
Use thread save settings alloc_str function where appropriate
2011-04-21 10:48:16 +02:00
Martin Willi
2db8b58f62
Continue without client authentication if no matching certificate found
2011-04-14 20:02:12 +02:00
Martin Willi
6a8f1a578f
Ignore TLS certificate requests as peer if peer authentication disabled
2011-04-14 20:02:12 +02:00
Martin Willi
1c21f47a06
Send TLS Server Name Indication as peer if server identity is a FQDN
2011-04-14 20:02:12 +02:00
Martin Willi
eea2bdb203
Fix tls_writer wrap functions
2011-04-14 20:02:11 +02:00
Andreas Steffen
a9ee43e96a
added TLS renegotiation_info extension
2011-04-14 16:54:46 +02:00
Andreas Steffen
1bee89d339
added TLS_PURPOSE_EAP_PEAP
2011-04-05 18:16:28 +02:00
Andreas Steffen
6f69fb0134
implemented get|set_identifier() for tls_eap_t
2011-04-05 18:14:58 +02:00
Tobias Brunner
84545f6e7c
Some typos fixed.
2011-02-07 11:39:41 +01:00
Martin Willi
8118707845
Increase tls_writer buffer by at least 4 bytes
2011-01-19 14:41:59 +01:00
Andreas Steffen
f10e72341c
cast enumerated algorithm type as int
2010-12-18 20:24:53 +01:00
Andreas Steffen
5932f41fcc
trace back crypto algorithms to the plugins that registered them
2010-12-18 16:31:12 +01:00
Andreas Steffen
58d73d38bc
output TLS-independent error messages
2010-12-05 14:55:18 +01:00
Andreas Steffen
4d178affbb
call is_complete() if tls protocol returns with SUCCESS
2010-11-16 11:52:06 +01:00
Andreas Steffen
0cfdbaff2c
set EAP-TTLS/TNC version also in acknowledgement packets
2010-10-04 14:39:49 +02:00
Martin Willi
89821331e0
Do not change cipherspec while we have buffered handshake fragments pending
2010-09-09 14:27:41 +02:00
Andreas Steffen
3b7eb3a9f4
added explanatory comments
2010-09-09 08:57:13 +02:00
Andreas Steffen
de29e3a683
max max_message_count configurable and move it into tls_eap_t
2010-09-08 12:58:45 +02:00
Andreas Steffen
99b0f633c2
handle TLS_PURPOSE_EAP_TNC
2010-09-08 12:58:45 +02:00
Andreas Steffen
51b385d44d
moved tls_t existance test into tls_eap_create() again
2010-09-08 11:09:11 +02:00
Andreas Steffen
d2b1d4378e
generalized tls_eap_t to support EAP_TNC wrapping the TNC_IF_TNCCS protocol
2010-09-08 11:01:53 +02:00
Martin Willi
7b3c01845f
Read the compression type byte for EC groups, only
2010-09-08 10:35:29 +02:00
Martin Willi
31c65eb362
Include ec_point_format extension in ClientHello
2010-09-06 18:51:38 +02:00
Martin Willi
02281c87a4
Added TLS specific EC point formats
2010-09-06 18:42:43 +02:00
Martin Willi
ec7d4e70d3
Renamed ecp_format to ansi_format, as point formats in TLS use different identifiers
2010-09-06 18:37:24 +02:00
Martin Willi
fe559b5156
Accept TLS records with zero-length plaintext
2010-09-06 17:04:59 +02:00
Martin Willi
adb913adeb
Added strongswan.conf option to filter for specific TLS suites
2010-09-06 16:51:11 +02:00
Martin Willi
24a5b935e7
Added strongswan.conf options to filter cipher suites by specific algorithms
2010-09-06 16:51:04 +02:00
Martin Willi
a03eebdf93
Fixed key type in TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
2010-09-06 16:50:54 +02:00
Martin Willi
e6cce7ff0d
Prepend point format to ECDH public key
2010-09-06 15:37:51 +02:00
Martin Willi
e4fd2bb428
Log the selected (EC)DH group
2010-09-06 15:37:51 +02:00
Martin Willi
0f89143b84
Parse unsupported TLS Hello extensions properly
2010-09-06 15:37:51 +02:00
Martin Willi
6cf85b35a4
Added TLS extension identifiers from RFC 3546
2010-09-06 15:37:51 +02:00
Martin Willi
4e68c1cfdc
Do not propose (EC)DHE suites if we do not support them
2010-09-03 18:24:03 +02:00
Martin Willi
4254257f9d
Offer only algorithms/suites we have a registered public key backend for
2010-09-03 18:11:03 +02:00
Martin Willi
f9c0cf862c
Fixed key type of ECDHE_RSA groups
2010-09-03 17:24:39 +02:00
Martin Willi
3f7bb88ba3
Use a dynamic curve enumerator to list/convert TLS named curves
2010-09-03 17:24:23 +02:00
Martin Willi
f4c98ae664
Use ECDH group check where appropriate
2010-09-03 16:53:36 +02:00
Martin Willi
2066918da2
Add ECDHE enabled cipher suites, including ECDSA variants
2010-09-03 14:54:43 +02:00
Martin Willi
4cdade5aae
Select private key based on received cipher suites
2010-09-03 14:54:43 +02:00
Martin Willi
37a59a8fbf
Support for EC curve Hello extension, EC curve fallback
2010-09-03 14:54:43 +02:00
Martin Willi
141d7f7abd
Added server support for ECDHE key exchange
2010-09-03 14:54:43 +02:00
Martin Willi
5fc7297e38
Added client support for ECDHE key exchange
2010-09-03 14:54:43 +02:00
Martin Willi
691ca54db5
Added TLS EC curve type and name identifiers
2010-09-03 14:54:43 +02:00
Andreas Steffen
1972102e1e
fixed typo
2010-09-03 13:30:40 +02:00
Martin Willi
ccb65463e7
Check for queued TLS alerts after each handshake part
2010-09-03 09:33:15 +02:00
Andreas Steffen
c0071bde73
removed redundant debug output
2010-09-02 22:19:37 +02:00
Martin Willi
ef0a8e5892
Add DHE enabled RSA variants to the supported TLS suites
2010-09-02 19:33:08 +02:00
Martin Willi
f14358a9b5
Added TLS server side support for DHE suites
2010-09-02 19:33:08 +02:00
Martin Willi
da3f4a9fd0
Added TLS client side support for DHE suites
2010-09-02 19:33:08 +02:00
Martin Willi
35d9c15d5e
Store a MODP group we use for each TLS suite
2010-09-02 19:33:08 +02:00
Martin Willi
06109c4717
Implemented "signature algorithm" hello extension
2010-09-02 19:33:08 +02:00
Martin Willi
731611c525
Added TLS extension identifiers
2010-09-02 19:33:08 +02:00
Martin Willi
d29a82a9d4
Added generic TLS data sign/verify, hash/sig algorithm construction
2010-09-02 19:33:08 +02:00
Martin Willi
60c4b3b545
Continue with a randomized premaster if decryption failed / version mismatches
2010-09-02 19:33:08 +02:00
Martin Willi
dbb7c0306c
Support different hash/sig algorithms in handshake signing, including ECDSA
2010-09-02 13:07:25 +02:00
Martin Willi
99dcaea9bd
Added TLS ClientCertificateType identifiers
2010-09-02 13:07:24 +02:00
Martin Willi
9dd2ca924e
Added TLS specific Hash and Signature Algorithm identifiers
2010-09-02 13:07:24 +02:00
Martin Willi
ea6d7cb4be
Fixed typos in tls_writer method descriptions
2010-09-02 13:07:24 +02:00
Andreas Steffen
54cba78573
cosmetics in debug output
2010-09-01 14:30:14 +02:00
Andreas Steffen
5fb1311b2a
clarified debug output
2010-08-31 23:22:39 +02:00
Andreas Steffen
c3024a0848
fixed typo
2010-08-31 21:42:14 +02:00
Martin Willi
93709d1093
Do not process any more TLS handshake messages on fatal alerts
2010-08-31 18:10:24 +02:00
Martin Willi
c811479986
Strictly check if the server certificate matches the TLS server identity
2010-08-31 18:10:23 +02:00
Martin Willi
f9fc5f2045
Added strongswan.conf options for EAP-TLS/TTLS fragment size
2010-08-31 16:17:01 +02:00
Martin Willi
743f94067e
Support processing of partial TLS record headers
2010-08-31 16:17:01 +02:00
Martin Willi
877c910f04
Implemented a generic TLS EAP helper to implement EAP-TLS, TTLS and other variants
2010-08-31 16:16:58 +02:00
Martin Willi
ecd98efa9d
Support output fragmentation of TLS records
2010-08-31 15:54:37 +02:00
Martin Willi
ce1af73907
Implemented buffering of partial records in TLS stack
2010-08-31 15:35:29 +02:00
Martin Willi
d169aab35e
Log TLS handshake subtypes as handshakes
2010-08-31 15:35:29 +02:00
Tobias Brunner
0433b4172b
Typo in doxygen comment fixed.
2010-08-30 10:49:32 +02:00
Martin Willi
2bf0e74c38
Prefer AES/Camellia suites over 3DES/NULL encryption
2010-08-25 18:30:09 +02:00
Martin Willi
a596006e3f
Send TLS alerts for errors in TLS handshake building
2010-08-25 18:24:27 +02:00
Martin Willi
ee88ddd6aa
Refactored fragment building, use correct TLS content type for non-first fragments
2010-08-25 18:04:59 +02:00
Martin Willi
17102f7b58
Added a simple high level TLS wrapper for sockets
2010-08-25 12:52:53 +02:00
Martin Willi
bd23b9086e
Initialize output chunk before appending data to it
2010-08-25 12:43:21 +02:00
Martin Willi
69e8bb2e8d
Pass NULL peer identity to omit TLS peer authentication, added eap-ttls.request_peer_auth option
2010-08-24 11:34:43 +02:00
Martin Willi
a2c1235969
Skip the close notify if application layer completes successfully
2010-08-24 10:30:24 +02:00
Andreas Steffen
c1a929daa7
removed some redundant debug output
2010-08-24 09:02:51 +02:00
Martin Willi
bda7d9d940
Added generic TLS purposes
2010-08-24 08:45:49 +02:00
Martin Willi
c5142f110e
Check if the application layer has completed successfully
2010-08-24 08:45:49 +02:00
Martin Willi
1475800080
Moved TLS record parsing/generation to tls.c
2010-08-24 08:45:49 +02:00
Martin Willi
c310881a11
Added a TLS purpose for EAP-TTLS with client authentication
2010-08-23 15:13:48 +02:00
Martin Willi
e6f3ef1330
Implemented TLS Alert handling
2010-08-23 15:13:37 +02:00
Martin Willi
f154e30431
Verify negotiated TLS version
2010-08-23 09:47:03 +02:00
Martin Willi
3c19b3461f
Introducing a dedicated debug message group for libtls
2010-08-23 09:47:03 +02:00
Martin Willi
0bcef5fe7a
Streamlined TLS debugging output
2010-08-23 09:45:33 +02:00
Andreas Steffen
56a1167b07
fixed build_cipher_suite_list()
2010-08-21 12:52:55 +02:00
Martin Willi
96b2fbcc2c
Introducing simple purposes for the TLS stack, switches various options
2010-08-20 15:09:08 +02:00
Martin Willi
6e413d9ce9
Added more TLS cipher suites we already support
2010-08-20 12:11:21 +02:00
Martin Willi
a2bfc45bfd
Build TLS cipher suite list in a generic fashion
2010-08-20 12:11:21 +02:00
Andreas Steffen
fd86fb5183
removed debug output for TLS application data
2010-08-19 07:27:30 +02:00
Andreas Steffen
ee346b54c1
add TLS handshake packet size to debug output
2010-08-18 22:07:27 +02:00
Martin Willi
ba31fe1fd6
Use a seperate section for each nested struct member in INIT macro
2010-08-18 12:15:03 +02:00
Martin Willi
714d0bfd37
Only include certificates with CA flag in TLS cert request
2010-08-16 09:20:19 +02:00
Andreas Steffen
b51ac45c48
optional certificate-based peer authentication on TLS server side
2010-08-15 13:02:57 +02:00
Andreas Steffen
c4347aa86e
do not dump tls application data any more
2010-08-13 21:21:49 +02:00
Martin Willi
3102d8669d
Use IV length of a crypter instead of block size for IV calculations
2010-08-13 17:11:53 +02:00
Andreas Steffen
3a15a02a58
set TLS record type before state change to STATE_FINISHED_SENT
2010-08-13 00:31:45 +02:00
Andreas Steffen
b62e9a30ce
fixed sequence numbering and iv of TLS protection layer
2010-08-12 23:58:54 +02:00
Andreas Steffen
1327839da8
added generic TLS application data handler and specific EAP-TTLS instantiation
2010-08-12 23:58:54 +02:00
Martin Willi
33ddaaabec
Added support for different encryption schemes to private/public keys
2010-08-10 18:46:30 +02:00
Andreas Steffen
a6444fcdd4
EAP-TLS and EAP-TTLS use different constant MSK PRF label
2010-08-07 11:26:04 +02:00
Andreas Steffen
b4d30a425e
support server authentication only for EAP-TTLS
2010-08-07 11:26:04 +02:00
Martin Willi
37d2d7e158
Whitespace cleanups
2010-08-05 13:58:49 +02:00
Martin Willi
e85bca7f22
Use certificate subject to get a public key of the TLS server
2010-08-05 13:13:45 +02:00
Tobias Brunner
edb82ab8ae
Some Doxygen fixes.
2010-08-05 11:53:53 +02:00
Andreas Steffen
7ea87db00d
added some more TLS debug output
2010-08-05 09:51:05 +02:00
Andreas Steffen
7030e3950a
fixed type in cipher suite list build
2010-08-05 01:26:10 +02:00
Andreas Steffen
4657b3a42a
log selected TLS version and cipher suite
2010-08-05 01:21:59 +02:00
Andreas Steffen
289c9ac3d7
log TLS handshake messages in debug level 2
2010-08-04 16:55:55 +02:00
Martin Willi
0f82a47063
Moved TLS stack to its own library
2010-08-03 15:39:26 +02:00