Paul Bakker 
							
						 
					 
					
						
						
							
						
						b7149bcc90 
					 
					
						
						
							
							Corrected behaviour for CBC-based suites using the SHA384 MAC and PRF  
						
						
						
						
					 
					
						2013-03-20 15:30:09 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						41c83d3f67 
					 
					
						
						
							
							Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS  
						
						... 
						
						
						
						Made all modifications to include Ephemeral Elliptic Curve Diffie
Hellman ciphersuites into the existing SSL/TLS modules. All basic
handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
has been included. 
						
						
					 
					
						2013-03-20 14:39:14 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						68884e3c09 
					 
					
						
						
							
							Moved to advanced ciphersuite representation and more dynamic SSL code  
						
						
						
						
					 
					
						2013-03-13 14:48:32 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						78a8c71993 
					 
					
						
						
							
							Re-added support for parsing and handling SSLv2 Client Hello messages  
						
						... 
						
						
						
						If the define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is enabled,
the SSL Server module can handle the old SSLv2 Client Hello messages.
It has been updated to deny SSLv2 Client Hello messages during
renegotiation. 
						
						
					 
					
						2013-03-06 18:01:03 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1961b709d8 
					 
					
						
						
							
							Added ssl_handshake_step() to allow single stepping the handshake  
						
						... 
						
						
						
						process
Single stepping the handshake process allows for better support of
non-blocking network stacks and for getting information from specific
handshake messages if wanted. 
						
						
					 
					
						2013-01-25 14:49:24 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						21dca69ef0 
					 
					
						
						
							
							Handle future version properly in ssl_write_certificate_request()  
						
						
						
						
					 
					
						2013-01-03 11:41:08 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						bc3d98469f 
					 
					
						
						
							
							Fixed multiple DN size  
						
						
						
						
					 
					
						2012-11-26 16:12:02 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						78ce507988 
					 
					
						
						
							
							Fixed typo  
						
						
						
						
					 
					
						2012-11-23 14:23:53 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						926af7582a 
					 
					
						
						
							
							Fixed client certificate handling with TLS 1.2  
						
						
						
						
					 
					
						2012-11-23 13:38:07 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						645ce3a2b4 
					 
					
						
						
							
							- Moved ciphersuite naming scheme to IANA reserved names  
						
						
						
						
					 
					
						2012-10-31 12:32:41 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						35a7fe52f3 
					 
					
						
						
							
							- Prevent compiler warning  
						
						
						
						
					 
					
						2012-10-31 09:07:14 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						8611e73dd3 
					 
					
						
						
							
							- Fixed infinite loop  
						
						
						
						
					 
					
						2012-10-30 07:52:29 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						81420abcb6 
					 
					
						
						
							
							- properly print minimum version  
						
						
						
						
					 
					
						2012-10-23 10:31:15 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						23f3680898 
					 
					
						
						
							
							- Added proper support for TLS 1.2 signature_algorithm extension on server  
						
						... 
						
						
						
						side
 - Minor const changes to other extension parsing functions 
						
						
					 
					
						2012-09-28 14:15:14 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1d29fb5e33 
					 
					
						
						
							
							- Added option to add minimum accepted SSL/TLS protocol version  
						
						
						
						
					 
					
						2012-09-28 13:28:45 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						5701cdcd02 
					 
					
						
						
							
							- Added ServerName extension parsing (SNI) at server side  
						
						
						
						
					 
					
						2012-09-27 21:49:42 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						eb2c658163 
					 
					
						
						
							
							- Generalized external private key implementation handling (like PKCS#11) in SSL/TLS  
						
						
						
						
					 
					
						2012-09-27 19:15:01 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						0a59707523 
					 
					
						
						
							
							- Added simple SSL session cache implementation  
						
						... 
						
						
						
						- Revamped session resumption handling 
						
						
					 
					
						2012-09-25 21:55:46 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						29b64761fd 
					 
					
						
						
							
							- Added predefined DHM groups from RFC 5114  
						
						
						
						
					 
					
						2012-09-25 09:36:44 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						d0f6fa7bdc 
					 
					
						
						
							
							- Sending of handshake_failures during renegotiation added  
						
						... 
						
						
						
						- Handle two legacy modes differently: SSL_LEGACY_BREAK_HANDSHAKE and SSL_LEGACY_NO_RENEGOTIATION 
						
						
					 
					
						2012-09-17 09:18:12 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						48916f9b67 
					 
					
						
						
							
							- Added Secure Renegotiation (RFC 5746)  
						
						
						
						
					 
					
						2012-09-16 19:57:18 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						ec636f3bdd 
					 
					
						
						
							
							- Removed handling for SSLv2 Client Hello (as per RFC 5246 recommendation)  
						
						
						
						
					 
					
						2012-09-09 19:17:02 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						2770fbd651 
					 
					
						
						
							
							- Added DEFLATE compression support as per RFC3749 (requires zlib)  
						
						
						
						
					 
					
						2012-07-03 13:30:23 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						380da53c48 
					 
					
						
						
							
							- Abstracted checksum updating during handshake  
						
						
						
						
					 
					
						2012-04-18 16:10:25 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						ca4ab49158 
					 
					
						
						
							
							- Added GCM ciphersuites to TLS implementation  
						
						
						
						
					 
					
						2012-04-18 14:23:57 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						10cd225962 
					 
					
						
						
							
							- Added support for the SHA256 ciphersuites of AES and Camellia  
						
						
						
						
					 
					
						2012-04-12 21:26:34 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						bf63b36127 
					 
					
						
						
							
							- Updated comments  
						
						
						
						
					 
					
						2012-04-12 20:44:34 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1ef83d66dd 
					 
					
						
						
							
							- Initial bare version of TLS 1.2  
						
						
						
						
					 
					
						2012-04-11 12:09:53 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						fab5c829e7 
					 
					
						
						
							
							- Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default!  
						
						
						
						
					 
					
						2012-02-06 16:45:10 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1c70d409ad 
					 
					
						
						
							
							- Added better handling of missing session struct  
						
						
						
						
					 
					
						2011-12-04 22:30:17 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						a3d195c41f 
					 
					
						
						
							
							- Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs  
						
						
						
						
					 
					
						2011-11-27 21:07:34 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						5690efccc4 
					 
					
						
						
							
							- Fixed a whole bunch of dependencies on defines between files, examples and tests  
						
						
						
						
					 
					
						2011-05-26 13:16:06 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						9d781407bc 
					 
					
						
						
							
							- A error_strerror function() has been added to translate between error codes and their description.  
						
						... 
						
						
						
						- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
 - Descriptions to all error codes have been added.
 - Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers. 
						
						
					 
					
						2011-05-09 16:17:09 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						23986e5d5d 
					 
					
						
						
							
							- Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops  
						
						
						
						
					 
					
						2011-04-24 08:57:21 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						99a03afc22 
					 
					
						
						
							
							- Fixed possible uninitialized values  
						
						
						
						
					 
					
						2011-04-01 11:39:39 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						9dcc32236b 
					 
					
						
						
							
							- Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21)  
						
						
						
						
					 
					
						2011-03-08 14:16:06 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						e3166ce040 
					 
					
						
						
							
							- Renamed ciphers member of ssl_context and cipher member of ssl_session to ciphersuites and ciphersuite respectively. This clarifies the difference with the generic cipher layer and is better naming altogether  
						
						... 
						
						
						
						- Adapted in the rest of using code as well 
						
						
					 
					
						2011-01-27 17:40:50 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						43b7e35b25 
					 
					
						
						
							
							- Support for PKCS#11 through the use of the pkcs11-helper library  
						
						
						
						
					 
					
						2011-01-18 15:27:19 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						61c324bbdd 
					 
					
						
						
							
							- Enabled TLSv1.1 support in server as well  
						
						
						
						
					 
					
						2010-07-29 21:09:03 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						b96f154e51 
					 
					
						
						
							
							- Fixed copyright message  
						
						
						
						
					 
					
						2010-07-18 20:36:00 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						84f12b76fc 
					 
					
						
						
							
							- Updated Copyright to correct entity  
						
						
						
						
					 
					
						2010-07-18 10:13:04 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						77a43580da 
					 
					
						
						
							
							- Added support for the  SSL_EDH_RSA_AES_128_SHA and SSL_EDH_RSA_CAMELLIA_128_SHA ciphersuites  
						
						
						
						
					 
					
						2010-06-15 21:32:46 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						2908713af1 
					 
					
						
						
							
							- Corrected behaviour  
						
						
						
						
					 
					
						2010-03-21 21:03:34 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						fc8c4360b8 
					 
					
						
						
							
							- Updated copyright line to 2010  
						
						
						
						
					 
					
						2010-03-21 17:37:16 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1f3c39c194 
					 
					
						
						
							
							- Removed copyright line for Christophe Devine for clarity  
						
						
						
						
					 
					
						2010-03-21 17:30:05 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						ff60ee6c2a 
					 
					
						
						
							
							- Added const-correctness to main codebase  
						
						
						
						
					 
					
						2010-03-16 21:09:09 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						1f76115340 
					 
					
						
						
							
							- Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request()  
						
						
						
						
					 
					
						2010-02-18 18:16:31 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						77b385e91a 
					 
					
						
						
							
							- Updated copyright messages on all relevant files  
						
						
						
						
					 
					
						2009-07-28 17:23:11 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						fc22c441bc 
					 
					
						
						
							
							- Renamed RSA_RAW to SIG_RSA_RAW for consistency in the code.  
						
						
						
						
					 
					
						2009-07-19 20:36:27 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Bakker 
							
						 
					 
					
						
						
							
						
						785a9eeece 
					 
					
						
						
							
							- Added email address to header license information  
						
						
						
						
					 
					
						2009-01-25 14:15:10 +00:00