commit | 6df654076660aca3fdca0fe4e5efad092308724a | [log] [tgz] |
---|---|---|
author | David Benjamin <davidben@google.com> | Mon Dec 18 18:00:23 2017 -0500 |
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | Thu Dec 21 01:50:33 2017 +0000 |
tree | ed6faf8cf52ef6c83d6479b8a1fca783a3092324 | |
parent | 02e6256b16b54319b1c01d4133ca3317e82b2dbb [diff] |
Add a draft TLS 1.3 anti-downgrade signal. TLS 1.3 includes a server-random-based anti-downgrade signal, as a workaround for TLS 1.2's ServerKeyExchange signature failing to cover the entire handshake. However, because TLS 1.3 draft versions are each doomed to die, we cannot deploy it until the final RFC. (Suppose a draft-TLS-1.3 client checked the signal and spoke to a final-TLS-1.3 server. The server would correctly negotiate TLS 1.2 and send the signal. But the client would then break. An anologous situation exists with reversed roles.) However, it appears that Cisco devices have non-compliant TLS 1.2 implementations[1] and copy over another server's server-random when acting as a TLS terminator (client and server back-to-back). Hopefully they are the only ones doing this. Implement a measurement-only version with a different value. This sentinel must not be enforced, but it will tell us whether enforcing it will cause problems. [1] https://www.ietf.org/mail-archive/web/tls/current/msg25168.html Bug: 226 Change-Id: I976880bdb2ef26f51592b2f6b3b97664342679c8 Reviewed-on: https://boringssl-review.googlesource.com/24284 Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Adam Langley <agl@google.com>
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
There are other files in this directory which might be helpful: