boringssl/ssl
David Benjamin ece3de95c6 Enforce that sessions are resumed at the version they're created.
After sharding the session cache for fallbacks, the numbers have been pretty
good; 0.03% on dev and 0.02% on canary. Stable is at 0.06% but does not have
the sharded session cache. Before sharding, stable, beta, and dev had been
fairly closely aligned. Between 0.03% being low and the fallback saving us in
all but extremely contrived cases, I think this should be fairly safe.

Add tests for both the cipher suite and protocol version mismatch checks.

BUG=441456

Change-Id: I2374bf64d0aee0119f293d207d45319c274d89ab
Reviewed-on: https://boringssl-review.googlesource.com/3972
Reviewed-by: Adam Langley <agl@google.com>
2015-04-06 21:40:32 +00:00
..
pqueue Fix memory leak in pqueue_test. 2015-02-11 23:18:45 +00:00
test Enforce that sessions are resumed at the version they're created. 2015-04-06 21:40:32 +00:00
CMakeLists.txt Convert ssl_test to C++. 2015-03-31 23:03:54 +00:00
d1_both.c Remove redundant SSL_READING lines after ssl_read_bytes. 2015-04-06 20:49:00 +00:00
d1_clnt.c Remove the stats block in SSL_CTX. 2015-03-23 23:07:56 +00:00
d1_lib.c Remove buffered_app_data as well. 2015-04-06 21:39:27 +00:00
d1_meth.c Move the is_dtls bit from SSL3_ENC_METHOD to SSL_PROTOCOL_METHOD. 2015-03-19 11:51:49 +00:00
d1_pkt.c Remove dead code in do_dtls1_write and document another bug. 2015-04-06 21:39:58 +00:00
d1_srtp.c Store SRTP_PROTECTION_PROFILES as const. 2015-01-14 22:10:08 +00:00
d1_srvr.c Remove the stats block in SSL_CTX. 2015-03-23 23:07:56 +00:00
s3_both.c Tidy record length check. 2015-04-06 20:50:45 +00:00
s3_clnt.c Enforce that sessions are resumed at the version they're created. 2015-04-06 21:40:32 +00:00
s3_enc.c Factor out sequence number updates. 2015-04-06 20:50:37 +00:00
s3_lib.c Simplify server-side ECDH curve selection. 2015-04-02 18:37:06 +00:00
s3_meth.c Move the is_dtls bit from SSL3_ENC_METHOD to SSL_PROTOCOL_METHOD. 2015-03-19 11:51:49 +00:00
s3_pkt.c Remove dead code in do_dtls1_write and document another bug. 2015-04-06 21:39:58 +00:00
s3_srvr.c Simplify server-side ECDH curve selection. 2015-04-02 18:37:06 +00:00
ssl_algs.c Precompute sorted array for error strings. 2015-02-09 17:35:31 -08:00
ssl_asn1.c Clean up error reporting. 2015-03-20 22:12:59 +00:00
ssl_cert.c Simplify server-side ECDH curve selection. 2015-04-02 18:37:06 +00:00
ssl_ciph.c Rename EECDH and EDH to ECDHE and DHE. 2015-03-19 19:54:58 +00:00
ssl_lib.c Clean up SSL_export_keying_material implementation. 2015-04-06 20:47:54 +00:00
ssl_locl.h Factor out sequence number updates. 2015-04-06 20:50:37 +00:00
ssl_rsa.c Remove ssl_cert_inst() 2015-03-19 11:35:46 +00:00
ssl_sess.c Remove the stats block in SSL_CTX. 2015-03-23 23:07:56 +00:00
ssl_stat.c Remove server-side HelloVerifyRequest support. 2015-02-17 20:50:08 +00:00
ssl_test.cc Fix leak in ssl_test. 2015-04-01 18:22:23 +00:00
ssl_txt.c Add in missing curly braces part 3. 2015-02-11 15:14:46 -08:00
t1_enc.c Factor out sequence number updates. 2015-04-06 20:50:37 +00:00
t1_lib.c Simplify server-side ECDH curve selection. 2015-04-02 18:37:06 +00:00
t1_reneg.c Minor formatting tweaks. 2015-03-13 19:17:23 +00:00