Matt Caswell
|
65dc5c3cc1
Fix no-ec with no-dh
|
5 years ago |
Matt Caswell
|
dbc6268f68
Allow TLSv1.3 in a no-ec build
|
5 years ago |
raja-ashok
|
9aaecbfc98
TLS1.3 FFDHE Support
|
5 years ago |
Todd Short
|
555cbb328e
Collapse ssl3_state_st (s3) into ssl_st
|
5 years ago |
Kurt Roeckx
|
5c587fb6b9
Use (D)TLS_MAX_VERSION_INTERNAL internally
|
5 years ago |
Richard Levitte
|
2c18d164f5
Following the license change, modify the boilerplates in ssl/
|
5 years ago |
Matt Caswell
|
65d2c16cbe
Fix no-ec and no-tls1_2
|
5 years ago |
Viktor Dukhovni
|
a51c9f637c
Added missing signature algorithm reflection functions
|
5 years ago |
Matt Caswell
|
de4dc59802
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable
|
6 years ago |
David Woodhouse
|
ecbb2fca93
Add EVP_PKEY_supports_digest_nid()
|
6 years ago |
David Woodhouse
|
2d263a4a73
Honour mandatory digest on private key in has_usable_cert()
|
6 years ago |
Matt Caswell
|
680bd131b6
Give a better error if an attempt is made to set a zero length groups list
|
6 years ago |
Matt Caswell
|
b8fef8ee92
Don't use an RSA-PSS cert for RSA key exchange
|
6 years ago |
Matt Caswell
|
b5b993b229
Use the same min-max version range on the client consistently
|
6 years ago |
Matt Caswell
|
11d2641f96
Check that the public key OID matches the sig alg
|
6 years ago |
Matt Caswell
|
871980a9ad
Do not use GOST sig algs in TLSv1.3 where possible
|
6 years ago |
Pauli
|
8eab767a71
Check return from BN_set_word.
|
6 years ago |
Matt Caswell
|
309371d626
Fix EAP-FAST
|
6 years ago |
Dmitry Belyavskiy
|
41f10305d8
Send GOST SignatureAlgorithms when TLS 1.2 in use
|
6 years ago |
Dmitry Belyavskiy
|
1f65c0459a
Bugfix: GOST2012 certificates for GOST ciphersuites were broken.
|
6 years ago |
Kurt Roeckx
|
5f96a95e25
Set sess to NULL after freeing it.
|
6 years ago |
Matt Caswell
|
61fb59238d
Rework the decrypt ticket callback
|
6 years ago |
Matt Caswell
|
c0638adeec
Fix ticket callbacks in TLSv1.3
|
6 years ago |
Matt Caswell
|
ca50cd911c
Fix the MAX_CURVELIST definition
|
6 years ago |
Matt Caswell
|
7500bc337a
Allow TLSv1.3 EC certs to use compressed points
|
6 years ago |
Rich Salz
|
cdb10bae3f
Set error code on alloc failures
|
6 years ago |
Matt Caswell
|
dcf8b01f44
Tolerate a Certificate using a non-supported group on server side
|
6 years ago |
Todd Short
|
4bfb96f2ad
Place ticket keys into secure memory
|
6 years ago |
Matt Caswell
|
32305f8850
Always call the new_session_cb when issuing a NewSessionTicket in TLSv1.3
|
6 years ago |
Todd Short
|
df0fed9aab
Session Ticket app data
|
7 years ago |