| /freebsd/share/man/man4/ |
| H A D | lp.4 | 1 .\" -*- nroff -*-
3 .\" Copyright (c) 1996 A.R.Gordon, andrew.gordon@net-tel.co.uk
6 .\" Redistribution and use in source and binary forms, with or without
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 point-to-point network interface between two similarly configured systems.
54 and any standard AT-compatible printer port with working interrupts may be used.
73 .Bl -tag -width Fl
75 (default) Use
91 .Bd -literal
[all …]
|
| H A D | wg.4 | 1 .\" SPDX-License-Identifier: BSD-2-Clause
5 .\" Redistribution and use in source and binary forms, with or without
20 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 .Bd -ragged -offset indent
42 .Bd -literal -offset indent
66 .Bl -tag -width indent -offset 3n
78 .It Pre-shared key
80 unique pre-shared symmetric key.
81 This is used in their handshake to guard against future compromise of the
[all …]
|
| /freebsd/crypto/openssl/test/recipes/ |
| H A D | 70-test_sslmessages.t | 2 # Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
9 use strict;
10 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
11 use OpenSSL::Test::Utils;
12 use File::Temp qw(tempfile);
13 use TLSProxy::Proxy;
14 use checkhandshake qw(checkhandshake @handmessages @extensions);
23 if disabled("engine") || disabled("dynamic-engine");
32 my $proxy = TLSProxy::Proxy->new(
[all …]
|
| H A D | 70-test_tls13messages.t | 2 # Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
9 use strict;
10 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
11 use OpenSSL::Test::Utils;
12 use File::Temp qw(tempfile);
13 use TLSProxy::Proxy;
14 use checkhandshake qw(checkhandshake @handmessages @extensions);
23 if disabled("engine") || disabled("dynamic-engine");
202 my $proxy = TLSProxy::Proxy->new(
[all …]
|
| H A D | 70-test_sslsessiontick.t | 2 # Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 # Licensed under the Apache License 2.0 (the "License"). You may not use
9 use strict;
10 use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file bldtop_dir/;
11 use OpenSSL::Test::Utils;
12 use TLSProxy::Proxy;
13 use File::Temp qw(tempfile);
22 if disabled("engine") || disabled("dynamic-engine");
39 my $proxy = TLSProxy::Proxy->new(
48 # NewSessionTicket message seen; Full handshake
[all …]
|
| /freebsd/crypto/openssl/doc/designs/quic-design/ |
| H A D | quic-tls.md | 1 QUIC-TLS Handshake Integration
4 QUIC reuses the TLS handshake for the establishment of keys. It does not use
6 confidentiality and integrity of QUIC packets itself. Only the TLS handshake is
10 ---------------
12 A QUIC-TLS handshake is managed by a QUIC_TLS object. This object provides
22 various key points during the handshake lifecycle such as when new keys are
24 handshake is complete.
28 handshake state. This is a different `SSL` object to the "user" visible `SSL`
37 When the QUIC Connection no longer needs the handshake object it can be freed
45 state of the QUIC-TLS handshake. On each call to `ossl_quic_tls_tick` newly
[all …]
|
| H A D | connection-state-machine.md | 5 ---------
7 QUIC client-side connection state can be broken down into five coarse phases of
10 - The Idle substate (which is simply the state before we have started trying to
12 - The Active state, which comprises two substates:
13 - The Establishing state, which comprises many different substates;
14 - The Open state;
15 - The Terminating state, which comprises several substates;
16 - The Terminated state, which is the terminal state.
20 These names have been deliberately chosen to use different terminology to common
21 QUIC terms such as 'handshake' to avoid confusion, as they are not the same
[all …]
|
| H A D | quic-thread-assist.md | 8 Part of the QUIC state comprises the TLS handshake layer. However, synchronising
11 At first glance, one could synchronise handshake layer public APIs by locking a
12 per-connection mutex for the duration of any public API call which we forward to
13 the handshake layer. Since we forward a very large number of APIs to the
14 handshake layer, this would require a very large number of code changes to add
15 the locking to every single public HL-related API call.
31 - **1. Application-controlled explicit locking.**
43 It would also only be required for applications which want to use thread
50 - **2. Handshake layer always belongs to the application thread.**
52 In this model, the handshake layer “belongs” to the application thread
[all …]
|
| H A D | quic-fault-injector.md | 24 libssl and will make use of 3 integration points to inject faults. 2 of these
25 integration points will use new callbacks added to libssl. The final integration
29 -----------------------
31 ### TLS Handshake
34 handshake data (i.e. the contents of CRYPTO frames). However such faults may
35 need to be done in handshake messages that would normally be encrypted.
36 Additionally the contents of handshake messages are hashed and each peer
38 "Finished" message exchange - so any modifications would be rejected and the
39 handshake would fail.
45 modified by a "man-in-the-middle".
[all …]
|
| /freebsd/secure/lib/libcrypto/man/man3/ |
| H A D | SSL_CTX_set_tlsext_servername_callback.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
19 .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
58 .TH SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3ossl 2025-09-30 3.5.4 OpenSSL
66 SSL_set_tlsext_host_name \- handle server name indication (SNI)
102 handshake will be aborted. The value of the alert to be used should be stored in
108 However, the handshake will continue and send a warning alert instead. The value
118 \&\fBSSL_CTX_set_tlsext_servername_arg()\fR sets a context-specific argument to be
123 handshake. In TLSv1.2 the servername is only negotiated on initial handshakes
125 .IP "On the client, before the handshake" 4
126 .IX Item "On the client, before the handshake"
[all …]
|
| H A D | SSL_CTX_set_verify.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
19 .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
58 .TH SSL_CTX_SET_VERIFY 3ossl 2025-09-30 3.5.4 OpenSSL
71 \&\- set various SSL/TLS parameters for peer certificate verification
111 This makes the handshake suspend and return control to the calling application
118 Note that the handshake may still be aborted if a subsequent invocation of the
128 Post-Handshake Authentication extension to be added to the ClientHello such that
129 post-handshake authentication can be requested by the server. If \fBval\fR is 0
148 certificate verification process can be checked after the TLS/SSL handshake
150 The handshake will be continued regardless of the verification result.
[all …]
|
| H A D | SSL_connect.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
19 .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
58 .TH SSL_CONNECT 3ossl 2025-09-30 3.5.4 OpenSSL
64 SSL_connect \- initiate the TLS/SSL handshake with an TLS/SSL server
74 \&\fBSSL_connect()\fR initiates the TLS/SSL handshake with a server. The communication
82 handshake has been finished or an error occurred.
86 to continue the handshake, indicating the problem by the return value \-1.
99 impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below)
100 resumption handshake, because the last peer to communicate in the handshake is
103 been received for the final handshake message.
[all …]
|
| H A D | SSL_CTX_set_ct_validation_callback.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
19 .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
58 .TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3ossl 2025-09-30 3.5.4 OpenSSL
67 SSL_ct_is_enabled, SSL_CTX_ct_is_enabled \-
94 This is accomplished by setting a built-in CT validation callback.
100 TLS handshake with the verification mode set to \fBSSL_VERIFY_PEER\fR, if the peer
101 presents no valid SCTs the handshake will be aborted.
102 If the verification mode is \fBSSL_VERIFY_NONE\fR, the handshake will continue
104 However, in that case if the verification status before the built-in callback
108 handshake completion, even after session resumption since the verification
[all …]
|
| H A D | SSL_do_handshake.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
19 .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
58 .TH SSL_DO_HANDSHAKE 3ossl 2025-09-30 3.5.4 OpenSSL
64 SSL_do_handshake \- perform a TLS/SSL handshake
74 \&\fBSSL_do_handshake()\fR will wait for an SSL/TLS handshake to take place. If the
75 connection is in client mode, the handshake will be started. The handshake
84 once the handshake has been finished or an error occurred.
88 to continue the handshake. In this case a call to \fBSSL_get_error()\fR with the
100 The TLS/SSL handshake was not successful but was shut down controlled and
105 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
[all …]
|
| H A D | SSL_in_init.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
19 .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
58 .TH SSL_IN_INIT 3ossl 2025-09-30 3.5.4 OpenSSL
70 \&\- retrieve information about the handshake state machine
88 awaiting handshake messages, or 0 otherwise.
90 \&\fBSSL_in_before()\fR returns 1 if no SSL/TLS handshake has yet been initiated, or 0
109 \&\fBSSL_get_state()\fR returns a value indicating the current state of the handshake
123 \&\fBmessage\fR is the name of a handshake message that is being or has been sent, or
130 No handshake messages have yet been been sent or received.
133 Handshake message sending/processing has completed.
[all …]
|
| H A D | SSL_accept.3 | 1 .\" -*- mode: troff; coding: utf-8 -*-
19 .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
58 .TH SSL_ACCEPT 3ossl 2025-09-30 3.5.4 OpenSSL
64 SSL_accept \- wait for a TLS/SSL client to initiate a TLS/SSL handshake
74 \&\fBSSL_accept()\fR waits for a TLS/SSL client to initiate the TLS/SSL handshake.
82 handshake has been finished or an error occurred.
86 to continue the handshake, indicating the problem by the return value \-1.
99 The TLS/SSL handshake was not successful but was shut down controlled and
104 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
108 The TLS/SSL handshake was not successful because a fatal error occurred either
[all …]
|
| /freebsd/crypto/openssl/test/ |
| H A D | README.ssltest.md | 4 SSL testcases are configured in the `ssl-tests` directory.
12 However, for verification, we also include checked-in configuration outputs
14 `test/ssl-tests/*.cnf` files.
16 For more details, see `ssl-tests/01-simple.cnf.in` for an example.
19 --------------------
26 name => "test-default",
36 * Method - the method to test. One of DTLS or TLS.
38 * HandshakeMode - which handshake flavour to test:
39 - Simple - plain handshake (default)
40 - Resume - test resumption
[all …]
|
| /freebsd/crypto/openssl/doc/man3/ |
| H A D | SSL_CTX_set_tlsext_servername_callback.pod | 7 SSL_set_tlsext_host_name - handle server name indication (SNI)
47 handshake will be aborted. The value of the alert to be used should be stored in
54 However, the handshake will continue and send a warning alert instead. The value
67 SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be
72 handshake. In TLSv1.2 the servername is only negotiated on initial handshakes
77 =item On the client, before the handshake
83 session from the original handshake had a servername accepted by the server then
88 =item On the client, during or after the handshake and a TLSv1.2 (or below)
91 If the session from the original handshake had a servername accepted by the
97 =item On the client, during or after the handshake and a TLSv1.2 (or below)
[all …]
|
| H A D | SSL_CTX_set_verify.pod | 12 - set various SSL/TLS parameters for peer certificate verification
52 This makes the handshake suspend and return control to the calling application
59 Note that the handshake may still be aborted if a subsequent invocation of the
69 Post-Handshake Authentication extension to be added to the ClientHello such that
70 post-handshake authentication can be requested by the server. If B<val> is 0
93 certificate verification process can be checked after the TLS/SSL handshake
95 The handshake will be continued regardless of the verification result.
101 fails, the TLS/SSL handshake is
109 fails, the TLS/SSL handshake is
117 handshake is immediately terminated with a "handshake failure" alert.
[all …]
|
| H A D | SSL_CTX_set_ct_validation_callback.pod | 8 SSL_ct_is_enabled, SSL_CTX_ct_is_enabled -
35 This is accomplished by setting a built-in CT validation callback.
41 TLS handshake with the verification mode set to B<SSL_VERIFY_PEER>, if the peer
42 presents no valid SCTs the handshake will be aborted.
43 If the verification mode is B<SSL_VERIFY_NONE>, the handshake will continue
45 However, in that case if the verification status before the built-in callback
49 handshake completion, even after session resumption since the verification
54 handshake continues, and the verification status is not modified, regardless of
57 handshake completion.
59 the handshake.
[all …]
|
| H A D | SSL_connect.pod | 5 SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
15 SSL_connect() initiates the TLS/SSL handshake with a server. The communication
24 handshake has been finished or an error occurred.
28 to continue the handshake, indicating the problem by the return value -1.
41 impacts after a successful TLSv1.3 handshake or a successful TLSv1.2 (or below)
42 resumption handshake, because the last peer to communicate in the handshake is
45 been received for the final handshake message.
61 The TLS/SSL handshake was not successful but was shut down controlled and
67 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
72 The TLS/SSL handshake was not successful, because a fatal error occurred either
[all …]
|
| H A D | SSL_do_handshake.pod | 5 SSL_do_handshake - perform a TLS/SSL handshake
15 SSL_do_handshake() will wait for an SSL/TLS handshake to take place. If the
16 connection is in client mode, the handshake will be started. The handshake
26 once the handshake has been finished or an error occurred.
30 to continue the handshake. In this case a call to SSL_get_error() with the
47 The TLS/SSL handshake was not successful but was shut down controlled and
53 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
58 The TLS/SSL handshake was not successful because a fatal error occurred either
74 Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
76 Licensed under the Apache License 2.0 (the "License"). You may not use
|
| H A D | SSL_CTX_set_psk_client_callback.pod | 11 - set PSK client callback
41 A client application wishing to use TLSv1.3 PSKs should use either
49 case the server will have specified a ciphersuite to use already and the PSK
57 be freed by it as required at any point after the handshake is complete.
71 Only the handshake digest associated with the ciphersuite is relevant for the
73 the digest). The application can use any TLSv1.3 ciphersuite. If B<md> is
74 not NULL the handshake digest for the ciphersuite should be the same.
76 handshake digest of an SSL_CIPHER object can be checked using
90 Alternatively an SSL_SESSION created from a previous non-PSK handshake may also
97 case no PSK will be sent to the server but the handshake will continue. To do
[all …]
|
| /freebsd/crypto/openssl/test/helpers/ |
| H A D | quictestlib.h | 2 * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
32 /* Flags for use with qtest_create_quic_objects() */
36 /* Use fake time rather than real time */
75 * Run the TLS handshake to create a QUIC connection between the client and
116 * Enable tests to listen for pre-encryption QUIC packets being sent
147 * The general handshake message listener is sent the entire handshake message
148 * data block, including the handshake header itself
161 * to resize the handshake message (either to add new data to it, or to truncate
162 * it). newlen must include the length of the handshake message header. The
[all …]
|
| H A D | ssl_test_ctx.h | 2 * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
21 /* Couldn't test resumption/renegotiation: original handshake failed. */
101 /* One of a number of predefined server names use by the client */
105 /* Supported NPN and ALPN protocols. A comma-separated list. */
120 /* SNI callback (server-side). */
122 /* Supported NPN and ALPN protocols. A comma-separated list. */
147 /* Whether the server/client CTX should use DTLS or TLS. */
149 /* Whether to test a resumed/renegotiated handshake. */
162 * Extra server/client configurations. Per-handshake.
[all …]
|