mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity
utls/testdata
History
Adam Langley a367222d8d crypto/tls: support TLS_FALLBACK_SCSV as a server. 
A new attack on CBC padding in SSLv3 was released yesterday[1]. Go only
supports SSLv3 as a server, not as a client. An easy fix is to change
the default minimum version to TLS 1.0 but that seems a little much
this late in the 1.4 process as it may break some things.

Thus this patch adds server support for TLS_FALLBACK_SCSV[2] -- a
mechanism for solving the fallback problem overall. Chrome has
implemented this since February and Google has urged others to do so in
light of yesterday's news.

With this change, clients can indicate that they are doing a fallback
connection and Go servers will be able to correctly reject them.

[1] http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
[2] https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

LGTM=rsc
R=rsc
CC=golang-codereviews
https://golang.org/cl/157090043
2014-10-15 17:54:04 -07:00
..
Client-TLSv10-ClientCert-ECDSA-ECDSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv10-ClientCert-ECDSA-RSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv10-ClientCert-RSA-ECDSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv10-ClientCert-RSA-RSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv10-ECDHE-ECDSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv10-ECDHE-RSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv10-RSA-RC4 build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv11-ECDHE-ECDSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv11-ECDHE-RSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv11-RSA-RC4 build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-ALPN build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-ALPN-NoMatch build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-ClientCert-ECDSA-ECDSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-ClientCert-ECDSA-RSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-ClientCert-RSA-ECDSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-ClientCert-RSA-RSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-ECDHE-ECDSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-ECDHE-ECDSA-AES-GCM build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-ECDHE-RSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Client-TLSv12-RSA-RC4 build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-SSLv3-RSA-3DES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-SSLv3-RSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-SSLv3-RSA-RC4 build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv10-ECDHE-ECDSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv10-RSA-3DES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv10-RSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv10-RSA-RC4 build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv11-FallbackSCSV crypto/tls: support TLS_FALLBACK_SCSV as a server. 2014-10-15 17:54:04 -07:00
Server-TLSv11-RSA-RC4 build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-ALPN build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-ALPN-NoMatch build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-CipherSuiteCertPreferenceECDSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-CipherSuiteCertPreferenceRSA build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-ClientAuthRequestedAndECDSAGiven build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-ClientAuthRequestedAndGiven build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-ClientAuthRequestedNotGiven build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-ECDHE-ECDSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-IssueTicket build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-IssueTicketPreDisable crypto/tls: ensure that we don't resume when tickets are disabled. 2014-09-26 11:02:09 +10:00
Server-TLSv12-Resume build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-ResumeDisabled crypto/tls: ensure that we don't resume when tickets are disabled. 2014-09-26 11:02:09 +10:00
Server-TLSv12-RSA-3DES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-RSA-AES build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-RSA-AES-GCM build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-RSA-RC4 build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00
Server-TLSv12-SNI build: move package sources from src/pkg to src 2014-09-08 00:08:51 -04:00