| /freebsd/crypto/openssl/test/ssl-tests/ |
| H A D | 26-tls13_client_auth.cnf | 11 test-6 = 6-client-auth-TLSv1.3-request-post-handshake
12 test-7 = 7-client-auth-TLSv1.3-require-fail-post-handshake
13 test-8 = 8-client-auth-TLSv1.3-require-post-handshake
14 test-9 = 9-client-auth-TLSv1.3-require-non-empty-names-post-handshake
15 test-10 = 10-client-auth-TLSv1.3-noroot-post-handshake
16 test-11 = 11-client-auth-TLSv1.3-request-force-client-post-handshake
17 test-12 = 12-client-auth-TLSv1.3-request-force-server-post-handshake
18 test-13 = 13-client-auth-TLSv1.3-request-force-both-post-handshake
210 [6-client-auth-TLSv1.3-request-post-handshake]
211 ssl_conf = 6-client-auth-TLSv1.3-request-post-handshake-ssl
[all …]
|
| /freebsd/crypto/openssl/doc/designs/quic-design/ |
| H A D | connection-state-machine.md | 21 QUIC terms such as 'handshake' to avoid confusion, as they are not the same
22 concepts. For example, the Establishing state uses Initial, Handshake and 1-RTT
36 the handshake has been completed but not yet confirmed).
44 - The Establishing state involves the use of Initial and Handshake
45 packets. It is terminated when the handshake is confirmed.
47 Handshake confirmation is not the same as handshake completion.
48 Handshake confirmation occurs on the client when it receives
51 On the server, handshake confirmation occurs as soon as
52 the handshake is considered completed (see RFC 9001 s. 4.1).
109 an arbitrarily long period until the handshake layer indicates the
[all …]
|
| H A D | quic-thread-assist.md | 8 Part of the QUIC state comprises the TLS handshake layer. However, synchronising
11 At first glance, one could synchronise handshake layer public APIs by locking a
13 the handshake layer. Since we forward a very large number of APIs to the
14 handshake layer, this would require a very large number of code changes to add
50 - **2. Handshake layer always belongs to the application thread.**
52 In this model, the handshake layer “belongs” to the application thread
60 future which would be processed by the handshake layer.
63 as the handshake layer, the only thing we actually need to worry about
64 servicing after handshake completion is the New Session Ticket message,
66 post-handshake messages used by TLS 1.3 aren't relevant to QUIC TLS:
[all …]
|
| H A D | quic-tls.md | 1 QUIC-TLS Handshake Integration
4 QUIC reuses the TLS handshake for the establishment of keys. It does not use
6 confidentiality and integrity of QUIC packets itself. Only the TLS handshake is
12 A QUIC-TLS handshake is managed by a QUIC_TLS object. This object provides
22 various key points during the handshake lifecycle such as when new keys are
24 handshake is complete.
28 handshake state. This is a different `SSL` object to the "user" visible `SSL`
37 When the QUIC Connection no longer needs the handshake object it can be freed
45 state of the QUIC-TLS handshake. On each call to `ossl_quic_tls_tick` newly
87 * Note: These parameters are not authenticated until the handshake is
[all …]
|
| H A D | quic-fault-injector.md | 31 ### TLS Handshake
34 handshake data (i.e. the contents of CRYPTO frames). However such faults may
35 need to be done in handshake messages that would normally be encrypted.
36 Additionally the contents of handshake messages are hashed and each peer
39 handshake would fail.
48 that enables modification of handshake data prior to it being encrypted and
71 called after each handshake message has been constructed and is ready to send, but
72 before it has been passed through the handshake hashing code. It will be passed
73 a pointer to the constructed handshake message in `msgin` along with its
74 associated length in `inlen`. The mutator will construct a replacement handshake
[all …]
|
| /freebsd/secure/lib/libcrypto/man/man3/ |
| H A D | SSL_CTX_set_tlsext_servername_callback.3 | 102 handshake will be aborted. The value of the alert to be used should be stored in
108 However, the handshake will continue and send a warning alert instead. The value
123 handshake. In TLSv1.2 the servername is only negotiated on initial handshakes
125 .IP "On the client, before the handshake" 4
126 .IX Item "On the client, before the handshake"
131 session from the original handshake had a servername accepted by the server then
135 .IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred" 4
136 .IX Item "On the client, during or after the handshake and a TLSv1.2 (or below) resumption occurred"
137 If the session from the original handshake had a servername accepted by the
142 .IP "On the client, during or after the handshake and a TLSv1.2 (or below) resumption did not occur…
[all …]
|
| H A D | SSL_CTX_set_verify.3 | 111 This makes the handshake suspend and return control to the calling application
118 Note that the handshake may still be aborted if a subsequent invocation of the
128 Post-Handshake Authentication extension to be added to the ClientHello such that
129 post-handshake authentication can be requested by the server. If \fBval\fR is 0
148 certificate verification process can be checked after the TLS/SSL handshake
150 The handshake will be continued regardless of the verification result.
155 fails, the TLS/SSL handshake is
163 fails, the TLS/SSL handshake is
170 handshake is immediately terminated with a "handshake failure" alert.
179 during the initial handshake. This flag must be used together with
[all …]
|
| H A D | SSL_connect.3 | 64 SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server
74 \&\fBSSL_connect()\fR initiates the TLS/SSL handshake with a server. The communication
82 handshake has been finished or an error occurred.
86 to continue the handshake, indicating the problem by the return value \-1.
99 impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below)
100 resumption handshake, because the last peer to communicate in the handshake is
103 been received for the final handshake message.
114 The TLS/SSL handshake was not successful but was shut down controlled and
119 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
123 The TLS/SSL handshake was not successful, because a fatal error occurred either
|
| H A D | SSL_do_handshake.3 | 64 SSL_do_handshake \- perform a TLS/SSL handshake
74 \&\fBSSL_do_handshake()\fR will wait for an SSL/TLS handshake to take place. If the
75 connection is in client mode, the handshake will be started. The handshake
84 once the handshake has been finished or an error occurred.
88 to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the
100 The TLS/SSL handshake was not successful but was shut down controlled and
105 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
109 The TLS/SSL handshake was not successful because a fatal error occurred either
|
| H A D | SSL_CTX_set_ct_validation_callback.3 | 100 TLS handshake with the verification mode set to \fBSSL_VERIFY_PEER\fR, if the peer
101 presents no valid SCTs the handshake will be aborted.
102 If the verification mode is \fBSSL_VERIFY_NONE\fR, the handshake will continue
108 handshake completion, even after session resumption since the verification
113 handshake continues, and the verification status is not modified, regardless of
116 handshake completion.
118 the handshake.
120 handshake completion, such delayed SCT checks should only be performed when the
128 The TLS handshake is aborted if the verification mode is not \fBSSL_VERIFY_NONE\fR
141 In that case the handshake continues as it would had no callback been
|
| H A D | SSL_in_init.3 | 70 \&\- retrieve information about the handshake state machine
88 awaiting handshake messages, or 0 otherwise.
90 \&\fBSSL_in_before()\fR returns 1 if no SSL/TLS handshake has yet been initiated, or 0
109 \&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake
123 \&\fBmessage\fR is the name of a handshake message that is being or has been sent, or
130 No handshake messages have yet been been sent or received.
133 Handshake message sending/processing has completed.
145 \&\fBSSL_get_state()\fR returns the current handshake state.
|
| /freebsd/crypto/openssl/test/recipes/ |
| H A D | 70-test_sslmessages.t | 172 #Test 1: Check we get all the right messages for a default handshake
181 "Default handshake test");
183 #Test 2: Resumption handshake
191 "Resumption handshake test");
198 #Test 3: A status_request handshake (client request only)
206 "status_request handshake test (client)");
208 #Test 4: A status_request handshake (server support only)
217 "status_request handshake test (server)");
219 #Test 5: A status_request handshake (client and server)
230 "status_request handshake test");
[all …]
|
| H A D | 70-test_tls13messages.t | 209 #Test 1: Check we get all the right messages for a default handshake
219 "Default handshake test");
221 #Test 2: Resumption handshake
230 "Resumption handshake test");
235 #Test 3: A status_request handshake (client request only)
243 "status_request handshake test (client)");
245 #Test 4: A status_request handshake (server support only)
254 "status_request handshake test (server)");
256 #Test 5: A status_request handshake (client and server)
267 "status_request handshake test");
[all …]
|
| /freebsd/crypto/openssl/doc/man3/ |
| H A D | SSL_CTX_set_tlsext_servername_callback.pod | 47 handshake will be aborted. The value of the alert to be used should be stored in
54 However, the handshake will continue and send a warning alert instead. The value
72 handshake. In TLSv1.2 the servername is only negotiated on initial handshakes
77 =item On the client, before the handshake
83 session from the original handshake had a servername accepted by the server then
88 =item On the client, during or after the handshake and a TLSv1.2 (or below)
91 If the session from the original handshake had a servername accepted by the
97 =item On the client, during or after the handshake and a TLSv1.2 (or below)
103 =item On the server, before the handshake
105 The function will always return NULL before the handshake
[all …]
|
| H A D | SSL_connect.pod | 5 SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
15 SSL_connect() initiates the TLS/SSL handshake with a server. The communication
24 handshake has been finished or an error occurred.
28 to continue the handshake, indicating the problem by the return value -1.
41 impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below)
42 resumption handshake, because the last peer to communicate in the handshake is
45 been received for the final handshake message.
61 The TLS/SSL handshake was not successful but was shut down controlled and
67 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
72 The TLS/SSL handshake was not successful, because a fatal error occurred either
|
| H A D | SSL_do_handshake.pod | 5 SSL_do_handshake - perform a TLS/SSL handshake
15 SSL_do_handshake() will wait for an SSL/TLS handshake to take place. If the
16 connection is in client mode, the handshake will be started. The handshake
26 once the handshake has been finished or an error occurred.
30 to continue the handshake. In this case a call to SSL_get_error() with the
47 The TLS/SSL handshake was not successful but was shut down controlled and
53 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
58 The TLS/SSL handshake was not successful because a fatal error occurred either
|
| H A D | SSL_CTX_set_verify.pod | 52 This makes the handshake suspend and return control to the calling application
59 Note that the handshake may still be aborted if a subsequent invocation of the
69 Post-Handshake Authentication extension to be added to the ClientHello such that
70 post-handshake authentication can be requested by the server. If B<val> is 0
93 certificate verification process can be checked after the TLS/SSL handshake
95 The handshake will be continued regardless of the verification result.
101 fails, the TLS/SSL handshake is
109 fails, the TLS/SSL handshake is
117 handshake is immediately terminated with a "handshake failure" alert.
127 during the initial handshake. This flag must be used together with
[all …]
|
| H A D | SSL_in_init.pod | 11 - retrieve information about the handshake state machine
29 awaiting handshake messages, or 0 otherwise.
31 SSL_in_before() returns 1 if no SSL/TLS handshake has yet been initiated, or 0
50 SSL_get_state() returns a value indicating the current state of the handshake
64 B<message> is the name of a handshake message that is being or has been sent, or
74 No handshake messages have yet been been sent or received.
78 Handshake message sending/processing has completed.
95 SSL_get_state() returns the current handshake state.
|
| H A D | SSL_CTX_set_ct_validation_callback.pod | 41 TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
42 presents no valid SCTs the handshake will be aborted.
43 If the verification mode is B<SSL_VERIFY_NONE>, the handshake will continue
49 handshake completion, even after session resumption since the verification
54 handshake continues, and the verification status is not modified, regardless of
57 handshake completion.
59 the handshake.
61 handshake completion, such delayed SCT checks should only be performed when the
69 The TLS handshake is aborted if the verification mode is not B<SSL_VERIFY_NONE>
82 In that case the handshake continues as it would had no callback been
|
| H A D | SSL_accept.pod | 5 SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
15 SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
24 handshake has been finished or an error occurred.
28 to continue the handshake, indicating the problem by the return value -1.
46 The TLS/SSL handshake was not successful but was shut down controlled and
52 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
57 The TLS/SSL handshake was not successful because a fatal error occurred either
|
| H A D | SSL_key_update.pod | 34 SSL_key_update() must only be called after the initial handshake has been
51 handshake over an existing SSL/TLS connection. The next time an IO operation
56 handshake. Note that some servers will respond to reneogitation attempts with
62 session associated with the current connection in the new handshake.
66 for a new handshake to be sent to the client. The next time an IO operation is
69 handshake and it may or may not attempt to resume an existing session. If
70 a new handshake is started then this will be handled transparently by calling
76 new handshake. For historical reasons, DTLS clients will not attempt to resume
77 the session in the new handshake.
|
| /freebsd/share/man/man4/ |
| H A D | lp.4 | 110 data plus one handshake).
112 different choice of which line to use as handshake.
123 Handshake out.
135 Handshake in.
140 sender writes the 4 most significant bits and raises the handshake line;
141 receiver reads the 4 bits and raises its handshake to acknowledge;
143 the handshake; receiver reads the data and lowers its handshake.
152 to be transmitted) without changing the state of the handshake.
154 Note that the end-of-packet marker assumes that the handshake signal and
172 Handshake out.
[all …]
|
| H A D | wg.4 | 81 This is used in their handshake to guard against future compromise of the
106 .It Handshake
107 Two peers handshake to mutually authenticate each other and to
109 Either peer may initiate a handshake.
113 Due to the handshake behavior, there is no connected or disconnected
178 .It "Handshake for peer X did not complete after 5 seconds, retrying"
189 .It "Invalid handshake initiation"
190 The incoming handshake packet could not be processed.
194 The incoming handshake initiation packet had an invalid MAC.
196 for the handshake receiver.
|
| /freebsd/crypto/openssl/test/ |
| H A D | README.ssltest.md | 38 * HandshakeMode - which handshake flavour to test:
39 - Simple - plain handshake (default)
44 When HandshakeMode is Resume or Renegotiate, the original handshake is expected
46 handshake.
55 both client and server. Lowering the fragment size will split handshake and
63 * ExpectedResult - expected handshake outcome. One of
64 - Success - handshake success
65 - ServerFail - serverside handshake failure
66 - ClientFail - clientside handshake failure
90 - Yes - resumed handshake
[all …]
|
| /freebsd/crypto/openssl/test/helpers/ |
| H A D | quictestlib.h | 75 * Run the TLS handshake to create a QUIC connection between the client and
147 * The general handshake message listener is sent the entire handshake message
148 * data block, including the handshake header itself
161 * to resize the handshake message (either to add new data to it, or to truncate
162 * it). newlen must include the length of the handshake message header. The
163 * handshake message buffer is over allocated, so this just changes the logical
177 * Handshake message specific listeners. Unlike the general handshake message
179 * data and exclude the handshake header
190 /* Add listeners for other types of handshake message here */
195 * is the new length of the specific message excluding the handshake message
|