- ce572d6 Standardize on Init vs InitForOverwrite for value vs default initialization by David Benjamin · 4 months ago
- 4bc2b66 Change around some "client CA" things by Bob Beck · 5 months ago
- 0f55aa8 Use InplaceVector for the various handshake derivations by David Benjamin · 5 months ago
- 87d0c17 Add a bssl::InplaceVector to libssl by David Benjamin · 5 months ago
- a0b324f Remove redudant version information from SSLAEADContext by David Benjamin · 5 months ago
- 5a94aff Check for 0-RTT vs final version mismatches earlier by David Benjamin · 5 months ago
- 15b580f Remove redundant have_version bit by David Benjamin · 5 months ago
- 83824d2 Move ssl->version to ssl->s3->version by David Benjamin · 5 months ago
- 86c2e62 Rearrange 0-RTT key schedule setup slightly by David Benjamin · 5 months ago
- df091b2 Check for HelloRetryRequest in the ServerHello state by David Benjamin · 5 months ago
- 0d9bb20 [DTLS 1.3] Use HelloRetryRequest in place of HelloVerifyRequest. by Nick Harper · 6 months ago
- cee4fe2 Disable compatibility mode for DTLS 1.3. by Nick Harper · 7 months ago
- b7f5443 Add ssl_compliance_policy_cnsa_202407 by Adam Langley · 7 months ago
- 5af122c Implement DTLS 1.25 by Nick Harper · 9 months ago
- e1d209d Send a consistent alert when the peer sends a bad signature algorithm by David Benjamin · 11 months ago
- 05c285d Only negotiate ECDHE curves and sigalgs once by David Benjamin · 12 months ago
- 91a3f26 Add an SSL_CREDENTIAL API for ECDSA/RSA and delegated credentials by David Benjamin · 1 year, 1 month ago
- 60c2867 Check client certificate types in TLS <= 1.2 by David Benjamin · 12 months ago
- 88a537f Fold ssl_add_cert_chain into its caller by David Benjamin · 1 year ago
- 2f6409e Support WPA 3.1 "enterprise" mode. by Adam Langley · 1 year, 11 months ago
- 8cacbd9 Add functions to allow the mocking of AES hw support for testing. by Bob Beck · 1 year, 11 months ago
- 44a389a Tidy up some lengths in SSL_SESSION by David Benjamin · 2 years, 3 months ago
- 08b1f38 Use KEM terminology in TLS ECDHE and key_share abstractions by David Benjamin · 2 years ago
- 7fa0910 Create the SSLKeyShare object in TLS 1.2 client ECDHE slightly later by David Benjamin · 2 years, 1 month ago
- dcabfe2 Make OPENSSL_malloc push ERR_R_MALLOC_FAILURE on failure. by Bob Beck · 2 years, 1 month ago
- a614d46 Add SSL_was_key_usage_invalid. by David Benjamin · 2 years, 3 months ago
- 361e3e0 Move the DTLS cookie to SSL_HANDSHAKE. by David Benjamin · 2 years, 6 months ago
- dfddbc4 Align with OpenSSL on TLS 1.3 cipher suite constants. by David Benjamin · 2 years, 8 months ago
- 451ea3c Add SSL_[CTX_]_set_compliance_policy. by Adam Langley · 2 years, 10 months ago
- 123eaae Record ClientHelloInner values in msg_callback. by David Benjamin · 3 years, 1 month ago
- 18b6836 Update to draft-ietf-tls-esni-13. by David Benjamin · 3 years, 9 months ago
- a75027b Make ssl_parse_extensions a little easier to use. by David Benjamin · 3 years, 7 months ago
- e2cb423 Deduplicate our three ServerHello parsers. by David Benjamin · 3 years, 8 months ago
- ba423c9 Implement ClientHelloOuter handshakes. by David Benjamin · 3 years, 9 months ago
- a10017c Reduce bouncing on the cache lock in ssl_update_cache. by David Benjamin · 3 years, 9 months ago
- 10a76ac Only clear not_resumable after the handshake. by David Benjamin · 3 years, 9 months ago
- 9734e44 More reliably report handshake errors through SSL_write. by David Benjamin · 3 years, 9 months ago
- e9c5d72 Add an option to permute ClientHello extension order. by David Benjamin · 3 years, 9 months ago
- 83a4993 Add most of an ECH client implementation. by David Benjamin · 3 years, 10 months ago
- c89ce97 Move the TLS vs DTLS header length adjustment into ssl_add_clienthello_tlsext. by David Benjamin · 3 years, 9 months ago
- 5acf9f4 Replace hs->needs_psk_binder with an output parameter. by David Benjamin · 3 years, 9 months ago
- 246c556 Compute the ECH GREASE payload outside of the callbacks. by David Benjamin · 3 years, 10 months ago
- 97ede40 Move key_share computation out of ClientHello callbacks. by David Benjamin · 3 years, 10 months ago
- 6c9758f Release some temporaries outside of ClientHello callbacks. by David Benjamin · 3 years, 10 months ago
- 4e93cd4 Move the early_data_{offered,reason} logic out of extension callbacks. by David Benjamin · 3 years, 10 months ago
- b587911 Remove the Channel ID callback. by David Benjamin · 3 years, 10 months ago
- 8acec00 Manage Channel ID handshake state better. by David Benjamin · 3 years, 10 months ago
- 3675eb3 GREASE is now RFC 8701. by David Benjamin · 3 years, 10 months ago
- d89ec68 Remove draft tokbind implementation. by David Benjamin · 3 years, 10 months ago
- 71a3b82 Check for resumption identifiers in SSL_SESSION_is_resumable. by David Benjamin · 3 years, 10 months ago
- 6ff9429 Don't use SHA256(ticket) as the signaling session ID for tickets. by David Benjamin · 3 years, 10 months ago
- 1f6c3dc Simplify renego + resumption handling. by David Benjamin · 3 years, 10 months ago
- 962b375 Move session ID assignment out of ssl_get_new_session. by David Benjamin · 3 years, 10 months ago
- 9b2cdb7 Add SSL_can_release_private_key. by David Benjamin · 4 years ago
- 5351c8b Rename the master_key field in SSL_SESSION to secret. by David Benjamin · 4 years, 3 months ago
- 0a6bfa3 Always check the TLS 1.3 downgrade signal. by David Benjamin · 4 years, 3 months ago
- c4ec14c Switch ssl_parse_extensions to bool and Span. by David Benjamin · 4 years, 5 months ago
- 3743aaf Add SSL_CIPHER_get_protocol_id. by David Benjamin · 4 years, 5 months ago
- cd8f3d3 Enforce the keyUsage extension in TLS 1.2 client certs. by David Benjamin · 4 years, 9 months ago
- e32549e Disable TLS 1.3 compatibility mode for QUIC. by Nick Harper · 4 years, 10 months ago
- 6bfd25c Add is_quic bit to SSL_SESSION by Nick Harper · 5 years ago
- 1e85905 Revise QUIC encryption secret APIs. by David Benjamin · 5 years ago
- 754d4c9 Fix client handling of 0-RTT rejects with cipher mismatch. by David Benjamin · 5 years ago
- f9cc26f Require handshake flights end at record boundaries. by David Benjamin · 5 years ago
- ebad508 Switch verify sigalg pref functions to SSL_HANDSHAKE. by David Benjamin · 5 years ago
- ee0716f Defer early keys to QUIC clients to after certificate reverification. by David Benjamin · 5 years ago
- 3ba9586 Rename a number of BUF_* functions to OPENSSL_*. by David Benjamin · 5 years ago
- d634357 Add initial support for 0-RTT with QUIC. by David Benjamin · 6 years ago
- e530ea3 Use spans for the various TLS 1.3 secrets. by David Benjamin · 6 years ago
- 79b8b3a Switch tls13_enc.cc to spans. by David Benjamin · 6 years ago
- 9806ae0 Check the second ClientHello's PSK binder on resumption. by David Benjamin · 6 years ago
- 4dfd5af Only bypass the signature verification itself in fuzzer mode. by David Benjamin · 6 years ago
- d7266ec Enforce key usage for RSA keys in TLS 1.2. by Jesse Selover · 6 years ago
- b84674b Delete the variants/draft code. by Steven Valdez · 7 years ago
- 9cde848 Use handshake parameters to decide if cert/key are available by Christopher Patton · 7 years ago
- 7b93593 Add initial HRSS support. by Adam Langley · 6 years ago
- 6965d25 Work around a JDK 11 TLS 1.3 bug. by David Benjamin · 6 years ago
- f241a59 In 0RTT mode, reverify the server certificate before sending early data. by Jesse Selover · 6 years ago
- c8e0f90 Add an interface for QUIC integration. by Steven Valdez · 7 years ago
- 2d98d49 Add a per-SSL TLS 1.3 downgrade enforcement option and improve tests. by David Benjamin · 6 years ago
- 8c7c635 Support symbol prefixes by Joshua Liebow-Feeser · 7 years ago
- 492c9aa Fill in a fake session ID for TLS 1.3. by David Benjamin · 7 years ago
- 12f5878 Some more bools. by David Benjamin · 7 years ago
- a130ce0 Update TLS 1.3 citations for the final RFC. by David Benjamin · 7 years ago
- f1af129 Implement TLS 1.3 anti-downgrade signal. by Steven Valdez · 7 years ago
- 1c337e5 Option to reverify certs on resumption. by Jesse Selover · 7 years ago
- e0afc85 Send an alert if we fail to pick a signature algorithm. by Adam Langley · 7 years ago
- 4685376 Remove other unnecessary tlsext_ prefixes. by David Benjamin · 7 years ago
- 50596f8 Switch some easy SSL fields to UniquePtr. by David Benjamin · 7 years ago
- bfdd1a9 Give SSL_SESSION a destructor. by David Benjamin · 7 years ago
- 2908dd1 Add bssl::UpRef. by David Benjamin · 7 years ago
- a3a71e9 Flip SSL_SESSION fields to bool. by David Benjamin · 7 years ago
- 9bb15f5 Remove SSL 3.0 implementation. by David Benjamin · 7 years ago
- b7bc80a SSL_CONFIG: new struct for sheddable handshake configuration. by Matthew Braithwaite · 7 years ago
- e325c3f Give CERT a destructor. by David Benjamin · 7 years ago
- 9f0e7cb Move TB state to ssl->s3. by David Benjamin · 7 years ago
- a0bc29a Remove remnants of the HRR message. by David Benjamin · 7 years ago
- 7e5dd25 Remove draft22 and experiment2. by Steven Valdez · 7 years ago
- 0ab3f0c Notice earlier if a server echoes the TLS 1.3 compatibility session ID. by David Benjamin · 7 years ago
- a7bc944 Don't use the client_random entropy for GREASE. by David Benjamin · 7 years ago