git.openssl.org Git - openssl.git/commit

Protocol version selection and negotiation rewrite

The protocol selection code is now consolidated in a few consecutive
short functions in a single file and is table driven.  Protocol-specific
constraints that influence negotiation are moved into the flags
field of the method structure.  The same protocol version constraints
are now applied in all code paths.  It is now much easier to add
new protocol versions without reworking the protocol selection
logic.

In the presence of "holes" in the list of enabled client protocols
we no longer select client protocols below the hole based on a
subset of the constraints and then fail shortly after when it is
found that these don't meet the remaining constraints (suiteb, FIPS,
security level, ...).  Ideally, with the new min/max controls users
will be less likely to create "holes" in the first place.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>

author	Viktor Dukhovni <openssl-users@dukhovni.org>
	Tue, 29 Dec 2015 08:24:17 +0000 (03:24 -0500)
committer	Viktor Dukhovni <openssl-users@dukhovni.org>
	Sat, 2 Jan 2016 15:49:06 +0000 (10:49 -0500)
commit	4fa52141b08fca89250805afcf2f112a2e0d3500
tree	ab8988a8267c6032f6a8b48846d12fb907930b3b	tree \| snapshot
parent	57ce7b617c602ae8513c22daa2bda31f179edb0f	commit \| diff

CHANGES		diff \| blob \| history
include/openssl/ssl.h		diff \| blob \| history
ssl/d1_lib.c		diff \| blob \| history
ssl/methods.c		diff \| blob \| history
ssl/s3_lib.c		diff \| blob \| history
ssl/ssl_cert.c		diff \| blob \| history
ssl/ssl_ciph.c		diff \| blob \| history
ssl/ssl_conf.c		diff \| blob \| history
ssl/ssl_err.c		diff \| blob \| history
ssl/ssl_lib.c		diff \| blob \| history
ssl/ssl_locl.h		diff \| blob \| history
ssl/statem/statem.c		diff \| blob \| history
ssl/statem/statem_clnt.c		diff \| blob \| history
ssl/statem/statem_lib.c		diff \| blob \| history
ssl/statem/statem_srvr.c		diff \| blob \| history
ssl/t1_lib.c		diff \| blob \| history