Martin Willi
|
6cf85b35a4
|
Added TLS extension identifiers from RFC 3546
|
2010-09-06 15:37:51 +02:00 |
Tobias Brunner
|
3255e489be
|
Of course, mark is also supported by pluto.
|
2010-09-06 12:04:26 +02:00 |
Tobias Brunner
|
a674c79a37
|
mark_in and mark_out are also supported by pluto.
|
2010-09-06 11:53:59 +02:00 |
Martin Willi
|
4e68c1cfdc
|
Do not propose (EC)DHE suites if we do not support them
|
2010-09-03 18:24:03 +02:00 |
Martin Willi
|
4254257f9d
|
Offer only algorithms/suites we have a registered public key backend for
|
2010-09-03 18:11:03 +02:00 |
Martin Willi
|
d987946e80
|
Added a final flag to builder registration to enumerate the actually supported algorithms
|
2010-09-03 18:09:48 +02:00 |
Martin Willi
|
f9c0cf862c
|
Fixed key type of ECDHE_RSA groups
|
2010-09-03 17:24:39 +02:00 |
Martin Willi
|
3f7bb88ba3
|
Use a dynamic curve enumerator to list/convert TLS named curves
|
2010-09-03 17:24:23 +02:00 |
Martin Willi
|
f4c98ae664
|
Use ECDH group check where appropriate
|
2010-09-03 16:53:36 +02:00 |
Martin Willi
|
7d7711aba4
|
Added a generic function to check if a DH group is an EC group
|
2010-09-03 16:22:10 +02:00 |
Martin Willi
|
2066918da2
|
Add ECDHE enabled cipher suites, including ECDSA variants
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
033fe95f0b
|
Added support for a non-truncated SHA384 HMAC variant, as used by TLS
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
4cdade5aae
|
Select private key based on received cipher suites
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
37a59a8fbf
|
Support for EC curve Hello extension, EC curve fallback
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
141d7f7abd
|
Added server support for ECDHE key exchange
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
5fc7297e38
|
Added client support for ECDHE key exchange
|
2010-09-03 14:54:43 +02:00 |
Martin Willi
|
691ca54db5
|
Added TLS EC curve type and name identifiers
|
2010-09-03 14:54:43 +02:00 |
Andreas Steffen
|
1972102e1e
|
fixed typo
|
2010-09-03 13:30:40 +02:00 |
Andreas Steffen
|
6d71f4dcb9
|
updown script variable is called PLUTO_UDP_ENC
|
2010-09-03 12:58:10 +02:00 |
Tobias Brunner
|
ddc961c369
|
Fixed left-/rightnexthop ipsec.conf options.
|
2010-09-03 11:47:42 +02:00 |
Martin Willi
|
ccb65463e7
|
Check for queued TLS alerts after each handshake part
|
2010-09-03 09:33:15 +02:00 |
Martin Willi
|
ed60dfa14f
|
Added support for MODP_CUSTOM to gcrypt plugin
|
2010-09-03 09:33:15 +02:00 |
Martin Willi
|
42b1ac91c4
|
Added support for MODP_CUSTOM to openssl plugin
|
2010-09-03 09:33:15 +02:00 |
Andreas Steffen
|
6deeacd965
|
adapted debug options
|
2010-09-03 09:29:56 +02:00 |
Andreas Steffen
|
4cbe758cd4
|
adapted debug options
|
2010-09-03 09:27:16 +02:00 |
Andreas Steffen
|
c0071bde73
|
removed redundant debug output
|
2010-09-02 22:19:37 +02:00 |
Andreas Steffen
|
25de08474b
|
version bump to 4.5.0dr2
|
2010-09-02 22:19:37 +02:00 |
Andreas Steffen
|
5175adee66
|
optimized FreeRadius scenarios for debug output
|
2010-09-02 22:19:37 +02:00 |
Andreas Steffen
|
0fb2980281
|
added ikev2/rw-eap-tnc-radius scenario
|
2010-09-02 22:19:37 +02:00 |
Andreas Steffen
|
c0cecc0a0e
|
added radius init script mit increased debugging
|
2010-09-02 22:19:37 +02:00 |
Andreas Steffen
|
f9cfb5c836
|
display configuration and log of FreeRadius servers
|
2010-09-02 22:19:37 +02:00 |
Martin Willi
|
ef0a8e5892
|
Add DHE enabled RSA variants to the supported TLS suites
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
f14358a9b5
|
Added TLS server side support for DHE suites
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
da3f4a9fd0
|
Added TLS client side support for DHE suites
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
35d9c15d5e
|
Store a MODP group we use for each TLS suite
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
08d8b9405b
|
Added support for MODP_CUSTOM to gmp plugin
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
0abd558a65
|
Added a MODP_CUSTOM DH group which takes g and p as constructor arguments
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
06109c4717
|
Implemented "signature algorithm" hello extension
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
731611c525
|
Added TLS extension identifiers
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
d29a82a9d4
|
Added generic TLS data sign/verify, hash/sig algorithm construction
|
2010-09-02 19:33:08 +02:00 |
Martin Willi
|
60c4b3b545
|
Continue with a randomized premaster if decryption failed / version mismatches
|
2010-09-02 19:33:08 +02:00 |
Tobias Brunner
|
1dfd6d18ff
|
pluto: Removed unused lifetime from raw_eroute.
|
2010-09-02 19:04:26 +02:00 |
Tobias Brunner
|
b5be105aaf
|
pluto: Added support for statically configured reqids.
|
2010-09-02 19:04:25 +02:00 |
Tobias Brunner
|
fe962bc788
|
testing: Added ikev1 xfrm mark scenarios.
|
2010-09-02 19:04:25 +02:00 |
Tobias Brunner
|
f8edbc22c7
|
pluto: Make marks available in updown script.
|
2010-09-02 19:04:25 +02:00 |
Tobias Brunner
|
190ee00c94
|
pluto: Fixed comparison of connections, if marks are specified.
|
2010-09-02 19:04:25 +02:00 |
Tobias Brunner
|
a280ba9525
|
pluto: Store xfrm marks on connection and use them when installing SAs and policies.
|
2010-09-02 19:04:25 +02:00 |
Tobias Brunner
|
a0d13f42e6
|
starter: Some whitespace cleanup.
|
2010-09-02 19:04:25 +02:00 |
Tobias Brunner
|
f23e7394ae
|
pluto: Added PLUTO_UDP_ENC argument to updown script.
This contains the remote UDP port in case of UDP encapsulated ESP.
|
2010-09-02 19:04:25 +02:00 |
Tobias Brunner
|
3251294ceb
|
pluto: Return value fixed.
|
2010-09-02 19:04:25 +02:00 |