Cypherpunks repositories - gostls13.git/commit

]> Cypherpunks repositories - gostls13.git/commit

author	Adam Langley <agl@golang.org>
	Thu, 9 Jan 2014 18:38:11 +0000 (13:38 -0500)
committer	Adam Langley <agl@golang.org>
	Thu, 9 Jan 2014 18:38:11 +0000 (13:38 -0500)
commit	779ef7bd132ae4971f07baf2df8eec508a45f60c
tree	4d1de68aca8b7dff21ddd26e6cc16ec5d959a1f1	tree
parent	2d06e3863feaf2c5790dcea7b5a2a3d9a56bdb27	commit \| diff

crypto/tls: support renegotiation extension.

The renegotiation extension was introduced[1] due to an attack by Ray in
which a client's handshake was spliced into a connection that was
renegotiating, thus giving an attacker the ability to inject an
arbitary prefix into the connection.

Go has never supported renegotiation as a server and so this attack
doesn't apply. As a client, it's possible that at some point in the
future the population of servers will be sufficiently updated that
it'll be possible to reject connections where the server hasn't
demonstrated that it has been updated to address this problem.

We're not at that point yet, but it's good for Go servers to support
the extension so that it might be possible to do in the future.

[1] https://tools.ietf.org/search/rfc5746

R=golang-codereviews, mikioh.mikioh
CC=golang-codereviews
https://golang.org/cl/48580043

44 files changed:

src/pkg/crypto/tls/common.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_client.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_messages.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_server.go		diff \| blob \| history
src/pkg/crypto/tls/handshake_server_test.go		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ClientCert-ECDSA-RSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-ECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ClientCert-RSA-RSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-ECDHE-RSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv10-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv11-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv11-ECDHE-RSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv11-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ClientCert-ECDSA-RSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-ECDHE-RSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Client-TLSv12-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-SSLv3-RSA-3DES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-SSLv3-RSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-SSLv3-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv10-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv10-RSA-3DES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv10-RSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv10-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv11-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-ECDHE-ECDSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-IssueTicket		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-3DES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-AES		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-RSA-RC4		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-Resume		diff \| blob \| history
src/pkg/crypto/tls/testdata/Server-TLSv12-SNI		diff \| blob \| history

Go GOST TLS 1.3

RSS Atom