kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
07b6287f24
th5/testdata
History
Adam Langley 07b6287f24 crypto/tls: allow renegotiation to be handled by a client. 
This change adds Config.Renegotiation which controls whether a TLS
client will accept renegotiation requests from a server. This is used,
for example, by some web servers that wish to “add” a client certificate
to an HTTPS connection.

This is disabled by default because it significantly complicates the
state machine.

Originally, handshakeMutex was taken before locking either Conn.in or
Conn.out. However, if renegotiation is permitted then a handshake may
be triggered during a Read() call. If Conn.in were unlocked before
taking handshakeMutex then a concurrent Read() call could see an
intermediate state and trigger an error. Thus handshakeMutex is now
locked after Conn.in and the handshake functions assume that Conn.in is
locked for the duration of the handshake.

Additionally, handshakeMutex used to protect Conn.out also. With the
possibility of renegotiation that's no longer viable and so
writeRecordLocked has been split off.

Fixes #5742.

Change-Id: I935914db1f185d507ff39bba8274c148d756a1c8
Reviewed-on: https://go-review.googlesource.com/22475
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
2016-04-28 17:56:28 +00:00
..
Client-TLSv10-ClientCert-ECDSA-ECDSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv10-ClientCert-ECDSA-RSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv10-ClientCert-RSA-ECDSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv10-ClientCert-RSA-RSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv10-ECDHE-ECDSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv10-ECDHE-RSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv10-RSA-RC4 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv11-ECDHE-ECDSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv11-ECDHE-RSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv11-RSA-RC4 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-AES128-GCM-SHA256 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-AES256-GCM-SHA384 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ALPN crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ALPN-NoMatch crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ClientCert-ECDSA-ECDSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ClientCert-ECDSA-RSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ClientCert-RSA-ECDSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ClientCert-RSA-RSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ECDHE-ECDSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ECDHE-ECDSA-AES-GCM crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-ECDHE-RSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-RenegotiateOnce crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
Client-TLSv12-RenegotiateTwice crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
Client-TLSv12-RenegotiateTwiceRejected crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
Client-TLSv12-RenegotiationRejected crypto/tls: allow renegotiation to be handled by a client. 2016-04-28 17:56:28 +00:00
Client-TLSv12-RSA-RC4 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Client-TLSv12-SCT crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-SSLv3-RSA-3DES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-SSLv3-RSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-SSLv3-RSA-RC4 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv10-ECDHE-ECDSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv10-RSA-3DES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv10-RSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv10-RSA-RC4 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv11-FallbackSCSV crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv11-RSA-RC4 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-ALPN crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-ALPN-NoMatch crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-CipherSuiteCertPreferenceECDSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-CipherSuiteCertPreferenceRSA crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-ClientAuthRequestedAndECDSAGiven crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-ClientAuthRequestedAndGiven crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-ClientAuthRequestedNotGiven crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-ECDHE-ECDSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-IssueTicket crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-IssueTicketPreDisable crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-Resume crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-ResumeDisabled crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-RSA-3DES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-RSA-AES crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-RSA-AES256-GCM-SHA384 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-RSA-AES-GCM crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-RSA-RC4 crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-SNI crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-SNI-GetCertificate crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
Server-TLSv12-SNI-GetCertificateNotFound crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00