kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3cfeb9522b
boringssl/ssl/test/runner
History
David Benjamin 3cfeb9522b Disable SSLv3 by default. 
As a precursor to removing the code entirely later, disable the protocol
by default. Callers must use SSL_CTX_set_min_version to enable it.

This change also makes SSLv3_method *not* enable SSL 3.0. Normally
version-specific methods set the minimum and maximum version to their
version. SSLv3_method leaves the minimum at the default, so we will
treat it as all versions disabled. To help debugging, the error code is
switched from WRONG_SSL_VERSION to a new NO_SUPPORTED_VERSIONS_ENABLED.

This also defines OPENSSL_NO_SSL3 and OPENSSL_NO_SSL3_METHOD to kick in
any no-ssl3 build paths in consumers which should provide a convenient
hook for any upstreaming changes that may be needed. (OPENSSL_NO_SSL3
existed in older versions of OpenSSL, so in principle one may encounter
an OpenSSL with the same settings.)

Change-Id: I96a8f2f568eb77b2537b3a774b2f7108bd67dd0c
Reviewed-on: https://boringssl-review.googlesource.com/14031
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-04-11 16:38:16 +00:00
..
curve25519 Sync vendored copies of Go poly1305 and curve25519. 2017-03-30 20:04:23 +00:00
ed25519 Support Ed25519 keys in BoGo. 2017-04-05 23:21:30 +00:00
poly1305 Sync vendored copies of Go poly1305 and curve25519. 2017-03-30 20:04:23 +00:00
alert.go Enforce the SSL 3.0 no_certificate alert in tests. 2017-01-04 13:41:56 +00:00
cert.pem
chacha20_poly1305_test.go Remove old ChaCha20-Poly1305 AEAD. 2017-01-19 23:27:54 +00:00
chacha20_poly1305.go Remove old ChaCha20-Poly1305 AEAD. 2017-01-19 23:27:54 +00:00
channel_id_key.pem
cipher_suites.go Remove DHE ciphersuites from TLS. 2017-03-21 23:55:10 +00:00
common.go Acknowledge KeyUpdate messages. 2017-04-10 17:49:58 +00:00
conn.go Acknowledge KeyUpdate messages. 2017-04-10 17:49:58 +00:00
deterministic.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
dtls.go Moving TLS 1.3 version negotiation into extension. 2016-09-27 20:12:22 +00:00
ecdsa_p224_cert.pem Support P-224 certificates as a server. 2017-02-27 21:27:39 +00:00
ecdsa_p224_key.pem Support P-224 certificates as a server. 2017-02-27 21:27:39 +00:00
ecdsa_p256_cert.pem
ecdsa_p256_key.pem
ecdsa_p384_cert.pem
ecdsa_p384_key.pem
ecdsa_p521_cert.pem
ecdsa_p521_key.pem
ed25519_cert.pem Support Ed25519 in TLS. 2017-04-06 15:30:17 +00:00
ed25519_key.pem Support Ed25519 in TLS. 2017-04-06 15:30:17 +00:00
fuzzer_mode.json Update fuzzer exclusions. 2017-03-30 16:54:38 +00:00
handshake_client.go Support Ed25519 keys in BoGo. 2017-04-05 23:21:30 +00:00
handshake_messages.go Remove experimental TLS 1.3 short record header extension. 2017-03-02 22:39:17 +00:00
handshake_server.go Support Ed25519 keys in BoGo. 2017-04-05 23:21:30 +00:00
hkdf_test.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
hkdf.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
key_agreement.go Support Ed25519 keys in BoGo. 2017-04-05 23:21:30 +00:00
key.pem
packet_adapter.go
prf.go Remove Fake TLS 1.3 code from prf.go. 2016-12-06 22:11:09 +00:00
recordingconn.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
rsa_1024_cert.pem
rsa_1024_key.pem Convert rsa_1024_key.pem to a PKCS#8 PEM blob. 2016-08-01 18:42:17 +00:00
rsa_chain_cert.pem Add runner tests which send intermediate certificates. 2016-11-15 01:36:37 +00:00
rsa_chain_key.pem Add runner tests which send intermediate certificates. 2016-11-15 01:36:37 +00:00
runner_test.go Fix mixed comment markers. 2016-08-01 14:52:39 +00:00
runner.go Disable SSLv3 by default. 2017-04-11 16:38:16 +00:00
shim_ticket.go Test bad records at all cipher suites. 2016-11-10 16:19:51 +00:00
sign.go Support Ed25519 in TLS. 2017-04-06 15:30:17 +00:00
test_output.go
ticket.go Add Data-less Zero-RTT support. 2017-03-25 21:00:18 +00:00
tls.go Support Ed25519 keys in BoGo. 2017-04-05 23:21:30 +00:00