the initial ClientHello to work around a Windows SChannel bug.
r=ryan.sleevi,bsmith.
git-svn-id: svn://10.0.0.236/trunk@264269 18797224-902f-48f8-a5cc-f745e15eee43
from the heap after bug 793033 is fixed. r=ekr.
Modified Files:
dtlscon.c ssl3con.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@264267 18797224-902f-48f8-a5cc-f745e15eee43
default. Enable the non-ECC Triple DES and AES cipher suites by default.
Enable SSL_RSA_WITH_RC4_128_SHA and SSL_RSA_WITH_RC4_128_MD5 by default.
r=rrelyea.
git-svn-id: svn://10.0.0.236/trunk@264251 18797224-902f-48f8-a5cc-f745e15eee43
to at most { 3, 1 } (TLS 1.0) if we don't know what protocol version the
server supports. r=bsmith.
Modified Files:
dtlscon.c ssl3con.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@264158 18797224-902f-48f8-a5cc-f745e15eee43
r wtc Patches 1 and 4 in the original bug (lib/softoken lib/freebl, and lib/ssl)
git-svn-id: svn://10.0.0.236/trunk@263930 18797224-902f-48f8-a5cc-f745e15eee43
out from behind the TRACE and DEBUG defines and add a new CLIENT_RANDOM
format to support ECDHE-RSA key agreement (and others). The patch is
contributed by Adam Langley <agl@chromium.org>. r=wtc.
Modified Files:
ssl3con.c sslsock.c
git-svn-id: svn://10.0.0.236/trunk@263919 18797224-902f-48f8-a5cc-f745e15eee43
certificate_authorities list. The patch is contributed by Eric Rescorla
<ekr@rtfm.com>. r=wtc,bsmith,rrelyea.
Modified Files:
ssl3con.c sslerr.h
git-svn-id: svn://10.0.0.236/trunk@263794 18797224-902f-48f8-a5cc-f745e15eee43
zero or one. The bug was reported by Nikos Mavrogiannopoulos. The patch
was contributed by Adam Langley <agl@chromium.org>. r=wtc.
git-svn-id: svn://10.0.0.236/trunk@263762 18797224-902f-48f8-a5cc-f745e15eee43
enabled. Patch contributed by Alexei Volkov <alvolkov.bgs@gmail.com> and
Eric Rescorla <ekr@rtfm.com>. r=wtc.
git-svn-id: svn://10.0.0.236/trunk@263646 18797224-902f-48f8-a5cc-f745e15eee43
patch is contributed by Brian Smith <bsmith@mozilla.com>. r=wtc.
Modified Files:
SSLerrs.h ssl3con.c sslerr.h
git-svn-id: svn://10.0.0.236/trunk@263634 18797224-902f-48f8-a5cc-f745e15eee43
ssl3_HandleHandshakeMessage when the handshake message spans multiple TLS
records. Patch by Brian Smith <bsmith@mozilla.com>. r=wtc.
git-svn-id: svn://10.0.0.236/trunk@263633 18797224-902f-48f8-a5cc-f745e15eee43
stream and datagram variants of SSL/TLS. Add an SSLProtocolVariant
argument to the version range functions that don't take an fd. The patch
is written by Brian Smith <bsmith@mozilla.com> and Eric Rescorla
<ekr@rtfm.com>. r=wtc.
Modified Files:
ssl.h ssl3con.c sslimpl.h sslsock.c sslt.h
git-svn-id: svn://10.0.0.236/trunk@263575 18797224-902f-48f8-a5cc-f745e15eee43
decode_error when the cipher text is shorter than an IV block. Reduce
MAX_IV_LENGTH to 24 to match the size of IVs in ssl3SidKeys. r=rrelyea.
Modified Files:
ssl3con.c sslimpl.h
git-svn-id: svn://10.0.0.236/trunk@263570 18797224-902f-48f8-a5cc-f745e15eee43
suites. The patch is written by Brian Smith <bsmith@mozilla.com>. r=wtc.
Modified Files:
ssl3con.c sslimpl.h sslproto.h
git-svn-id: svn://10.0.0.236/trunk@263561 18797224-902f-48f8-a5cc-f745e15eee43
by Douglas Stebila <douglas@stebila.ca> and improved by Adam Langley
<agl@chromium.org>. r=wtc.
Modified Files:
ssl.def ssl.h ssl3con.c sslimpl.h sslinfo.c
git-svn-id: svn://10.0.0.236/trunk@263533 18797224-902f-48f8-a5cc-f745e15eee43
warning about 'rv' and simplify the conditional expression around the
ss->sec.cache call. r=bsmith.
git-svn-id: svn://10.0.0.236/trunk@263520 18797224-902f-48f8-a5cc-f745e15eee43
The change to the suiteInfo table in sslinfo.c is not necessary but is
made to keep that table in roughly the same order as the other two tables
in ssl3con.c and sslenum.c. r=rrelyea.
Modified Files:
ssl3con.c sslenum.c sslinfo.c
git-svn-id: svn://10.0.0.236/trunk@263519 18797224-902f-48f8-a5cc-f745e15eee43
correctly. Fix variable declarations in lib/ssl/ssl3con.c to not start
from column 0, which would confuse cvs diff -p. r=kaie.
git-svn-id: svn://10.0.0.236/trunk@263475 18797224-902f-48f8-a5cc-f745e15eee43
ss->ssl3.clientPrivateKey for all key exchange algorithms, otherwise we
will send a Certificate message in renegotiation even if the renegotiation
doesn't request client auth. Move the cleanup of clientCertChain and
clientPrivateKey from ssl3_HandleCertificateRequest to
ssl3_HandleServerHello as a second defense. The patch is contributed by
Ryan Sleevi <ryan.sleevi@gmail.com>. r=wtc.
git-svn-id: svn://10.0.0.236/trunk@261791 18797224-902f-48f8-a5cc-f745e15eee43
SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY to be specific about key type.
TBR=kaie.
Modified Files:
cmd/lib/SSLerrs.h lib/ssl/ssl3con.c lib/ssl/sslerr.h
git-svn-id: svn://10.0.0.236/trunk@261157 18797224-902f-48f8-a5cc-f745e15eee43
Based on patch contributed by Adam Langley of Google <agl@chromium.org>.
r=agl,nelson.
Modified Files:
notes.txt ssl3con.c sslcon.c sslimpl.h sslsecur.c
git-svn-id: svn://10.0.0.236/trunk@261113 18797224-902f-48f8-a5cc-f745e15eee43
Add a new error code SSL_ERROR_WEAK_SERVER_KEY for the dh_p size check in
ssl3_HandleServerKeyExchange. r=nelson.
Modified Files:
cmd/lib/SSLerrs.h lib/ssl/ssl3con.c lib/ssl/sslerr.h
git-svn-id: svn://10.0.0.236/trunk@261049 18797224-902f-48f8-a5cc-f745e15eee43
