| /third_party/mbedtls/docs/architecture/ |
| D | tls13-support.md | 1 TLS 1.3 support
5 --------
7 Mbed TLS provides a minimum viable implementation of the TLS 1.3 protocol
8 defined in the "MVP definition" section below. The TLS 1.3 support enablement
11 The development of the TLS 1.3 protocol is based on the TLS 1.3 prototype
20 --------------
22 - Overview
24 - The TLS 1.3 MVP implements only the client side of the protocol.
26 - The TLS 1.3 MVP supports ECDHE key establishment.
28 - The TLS 1.3 MVP does not support DHE key establishment.
[all …]
|
| /third_party/nghttp2/ |
| D | gennghttpxfun.py | 6 "private-key-file",
7 "private-key-passwd-file",
8 "certificate-file",
9 "dh-param-file",
14 "http2-max-concurrent-streams",
15 "log-level",
17 "http2-proxy",
18 "http2-bridge",
19 "client-proxy",
20 "add-x-forwarded-for",
[all …]
|
| /third_party/nghttp2/doc/bash_completion/ |
| D | nghttpx | 10 -*)
11 …-W '--backend --frontend --backlog --backend-address-family --backend-http-proxy-uri --workers --s…
19 complete -F _nghttpx nghttpx
|
| /third_party/libcoap/ |
| D | .travis.yml | 2 - linux
7 - gcc
8 - clang
11 - docker
14 - PLATFORM=posix TESTS=yes TLS=no
15 - PLATFORM=posix TESTS=yes TLS=gnutls SMALL_STACK=yes
16 - PLATFORM=posix TESTS=yes TLS=gnutls SMALL_STACK=no
17 - PLATFORM=posix TESTS=yes TLS=gnutls SMALL_STACK=yes EPOLL=no
18 - PLATFORM=posix TESTS=yes TLS=gnutls SMALL_STACK=no EPOLL=no
19 - PLATFORM=posix TESTS=yes TLS=openssl
[all …]
|
| /third_party/openssl/test/ssl-tests/ |
| D | 17-renegotiate.cnf.in | 1 # -*- mode: perl; -*-
2 # Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
20 name => "renegotiate-client-no-resume",
27 "Method" => "TLS",
29 "ResumptionExpected" => "No",
34 name => "renegotiate-client-resume",
40 "Method" => "TLS",
47 name => "renegotiate-server-no-resume",
54 "Method" => "TLS",
56 "ResumptionExpected" => "No",
[all …]
|
| D | 20-cert-select.cnf | 5 test-0 = 0-ECDSA CipherString Selection
6 test-1 = 1-ECDSA CipherString Selection
7 test-2 = 2-ECDSA CipherString Selection
8 test-3 = 3-RSA CipherString Selection
9 test-4 = 4-P-256 CipherString and Signature Algorithm Selection
10 test-5 = 5-ECDSA CipherString Selection, no ECDSA certificate
11 test-6 = 6-ECDSA Signature Algorithm Selection
12 test-7 = 7-ECDSA Signature Algorithm Selection SHA384
13 test-8 = 8-ECDSA Signature Algorithm Selection compressed point
14 test-9 = 9-ECDSA Signature Algorithm Selection, no ECDSA certificate
[all …]
|
| D | 17-renegotiate.cnf | 5 test-0 = 0-renegotiate-client-no-resume
6 test-1 = 1-renegotiate-client-resume
7 test-2 = 2-renegotiate-server-no-resume
8 test-3 = 3-renegotiate-server-resume
9 test-4 = 4-renegotiate-client-auth-require
10 test-5 = 5-renegotiate-client-auth-once
11 test-6 = 6-renegotiate-client-legacy-connect
12 test-7 = 7-renegotiate-aead-to-non-aead
13 test-8 = 8-renegotiate-non-aead-to-aead
14 test-9 = 9-renegotiate-non-aead-to-non-aead
[all …]
|
| /third_party/mbedtls/docs/ |
| D | 3.0-migration-guide.md | 1 # Migrating from Mbed TLS 2.x to Mbed TLS 3.0
3 This guide details the steps required to migrate from Mbed TLS version 2.x to
4 Mbed TLS version 3.0 or greater. Unlike normal releases, Mbed TLS 3.0 breaks
6 need to change their own code in order to make it work with Mbed TLS 3.0.
13 - Removal of many insecure or obsolete features
14 - Tidying up of configuration options (including removing some less useful options).
15 - Changing function signatures, e.g. adding return codes, adding extra parameters, or making some a…
16 - Removal of functions previously marked as deprecated.
35 Defining it to a particular value will ensure that Mbed TLS interprets
37 used by the Mbed TLS release whose `MBEDTLS_VERSION_NUMBER` has the same
[all …]
|
| D | use-psa-crypto.md | 1 This document describes the compile-time configuration option
9 -------------------
11 Compile-time: enabling `MBEDTLS_USE_PSA_CRYPTO` requires
15 Effect: `MBEDTLS_USE_PSA_CRYPTO` has no effect on TLS 1.3 for which PSA
24 -------------------------
27 pre-existing APIs, in order to get access to the benefits; in the sub-sections
28 below these are indicated by "Use in (X.509 and) TLS: opt-in", meaning that
29 this requires changes to the application code for the (X.509 and) TLS layers
32 Some of these APIs are mostly meant for internal use by the TLS (and X.509)
33 layers; they are indicated below by "Use in (X.509 and) TLS: automatic",
[all …]
|
| /third_party/nghttp2/doc/sources/ |
| D | nghttpx-howto.rst | 3 nghttpx - HTTP/2 proxy - HOW-TO
9 describes each operation mode and explains the intended use-cases. It
13 ------------
15 If nghttpx is invoked without :option:`--http2-proxy`, it operates in
20 By default, frontend connection is encrypted using SSL/TLS. So
25 To turn off encryption on frontend connection, use ``no-tls`` keyword
26 in :option:`--frontend` option. HTTP/2 and HTTP/1 are available on
32 :option:`--frontend` option (.e.g, ``--frontend='*,443;quic'``)
35 by using multiple :option:`--frontend` options. For each frontend
36 address, TLS can be enabled or disabled.
[all …]
|
| /third_party/libwebsockets/READMEs/ |
| D | README.lws_metrics.md | 9 - the architecture inside lws for collecting and aggregating / decimating the
12 - an external handler for forwarding aggregated metrics. An lws_system ops
18 - a policy for when to emit each type of aggregated information to the external
20 a linked-list of lws_metric_policy_t object passed it at context creation in
26 ### `lws_metrics` policy-based reporting
28 Normally metrics implementations are fixed at build-time and cannot change
35 
62 There is no predefined metrics schema, metrics objects, including those created
84 Histogram metrics track differently-qualified results in the same metric, for
89 …dcert_selfsigned",hostname="invalidca.badcert.warmcat.com",peer="46.105.127.147",tls="invalidca"} 2
[all …]
|
| /third_party/nghttp2/src/ |
| D | shrpx_config.h | 2 * nghttp2 - HTTP/2 C Library
20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
71 namespace tls {
75 } // namespace tls
78 StringRef::from_lit("private-key-file");
80 StringRef::from_lit("private-key-passwd-file");
82 StringRef::from_lit("certificate-file");
83 constexpr auto SHRPX_OPT_DH_PARAM_FILE = StringRef::from_lit("dh-param-file");
89 StringRef::from_lit("http2-max-concurrent-streams");
90 constexpr auto SHRPX_OPT_LOG_LEVEL = StringRef::from_lit("log-level");
[all …]
|
| /third_party/nghttp2/doc/ |
| D | nghttpx.1 | 4 .nr rst2man-indent-level 0
7 \\$1 \\n[an-margin]
8 level \\n[rst2man-indent-level]
9 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
10 -
11 \\n[rst2man-indent0]
12 \\n[rst2man-indent1]
13 \\n[rst2man-indent2]
18 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
19 . nr rst2man-indent-level +1
[all …]
|
| D | nghttpx.1.rst | 10 --------
15 -----------
23 "no-tls" parameter is used in :option:`--frontend` option.
28 "no-tls" parameter is used in :option:`--frontend` option. To
33 -------
40 .. option:: -b, --backend=(<HOST>,<PORT>|unix:<PATH>)[;[<PATTERN>[:...]][[;<PARAM>]...]
62 listener with "sni-fwd" parameter enabled, SNI host is
96 pattern, which matches all request paths (catch-all
97 pattern). The catch-all backend must be given.
101 converted to lower case. For path part, percent-encoded
[all …]
|
| /third_party/mbedtls/docs/proposed/ |
| D | psa-conditional-inclusion-c.md | 1 Conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS
6 This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA.
12 …-crypto/psa/#application-programming-interface) specifies the interface between a PSA Cryptography…
18 Mbed TLS offers a way to select which cryptographic mechanisms are included in a build through its …
22 …-in implementations of cryptographic mechanisms) can be augmented with drivers. **Transparent driv…
24 … for asymmetric cryptography. For example, many parts of the ECC code have no `MBEDTLS_xxx_ALT` sy…
30 …d Mbed TLS build must not include it. The granularity of mechanisms must work for typical use case…
32 [Req.drivers] If a PSA driver is available in the build, a suitably configured Mbed TLS build must …
34 …ssary to allow building an application and Mbed TLS in development environments that do not allow …
36 …able with future evolution of the PSA cryptography specifications and Mbed TLS. Therefore the inte…
[all …]
|
| /third_party/wpa_supplicant/wpa_supplicant-2.9_standard/src/eap_peer/ |
| D | eap_tls_common.c | 2 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
13 #include "crypto/tls.h"
47 return -1; in eap_tls_check_blob()
51 *data = blob->data; in eap_tls_check_blob()
52 *data_len = blob->len; in eap_tls_check_blob()
64 params->flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5; in eap_tls_params_flags()
66 params->flags |= TLS_CONN_DISABLE_TIME_CHECKS; in eap_tls_params_flags()
68 params->flags |= TLS_CONN_DISABLE_SESSION_TICKET; in eap_tls_params_flags()
70 params->flags &= ~TLS_CONN_DISABLE_SESSION_TICKET; in eap_tls_params_flags()
[all …]
|
| /third_party/wpa_supplicant/wpa_supplicant-2.9/src/eap_peer/ |
| D | eap_tls_common.c | 2 * EAP peer: EAP-TLS/PEAP/TTLS/FAST common functions
3 * Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi>
13 #include "crypto/tls.h"
47 return -1; in eap_tls_check_blob()
51 *data = blob->data; in eap_tls_check_blob()
52 *data_len = blob->len; in eap_tls_check_blob()
64 params->flags |= TLS_CONN_ALLOW_SIGN_RSA_MD5; in eap_tls_params_flags()
66 params->flags |= TLS_CONN_DISABLE_TIME_CHECKS; in eap_tls_params_flags()
68 params->flags |= TLS_CONN_DISABLE_SESSION_TICKET; in eap_tls_params_flags()
70 params->flags &= ~TLS_CONN_DISABLE_SESSION_TICKET; in eap_tls_params_flags()
[all …]
|
| /third_party/python/Doc/library/ |
| D | ssl.rst | 1 :mod:`ssl` --- TLS/SSL wrapper for socket objects
5 :synopsis: TLS/SSL wrapper for socket objects
14 .. index:: TLS, SSL, Transport Layer Security, Secure Sockets Layer
16 --------------
20 sockets, both client-side and server-side. This module uses the OpenSSL
32 Don't use this module without reading the :ref:`ssl-security`. Doing so
38 general information about TLS, SSL, and certificates, the reader is referred to
42 :class:`socket.socket` type, and provides a socket-like wrapper that also
57 OpenSSL 0.9.8, 1.0.0 and 1.0.1 are deprecated and no longer supported.
70 ------------------------------------
[all …]
|
| /third_party/node/test/parallel/ |
| D | test-tls-no-cert-required.js | 17 // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
28 const tls = require('tls'); constant
30 // Omitting the cert or pfx option to tls.createServer() should not throw.
31 // AECDH-NULL-SHA is a no-authentication/no-encryption cipher and hence
33 tls.createServer({ ciphers: 'AECDH-NULL-SHA' })
36 tls.createServer(assert.fail)
39 tls.createServer({})
43 () => tls.createServer('this is not valid'),
52 tls.createServer()
|
| /third_party/openssl/doc/man3/ |
| D | SSL_CIPHER_get_name.pod | 20 - get SSL_CIPHER properties
49 has no standard name, it returns B<NULL>. If B<cipher> was defined in both
50 SSLv3 and TLS, it returns the TLS name.
53 If the B<stdname> is NULL, or B<stdname> has no corresponding OpenSSL name,
54 it returns "(NONE)". Where both exist, B<stdname> should be the TLS name rather
60 SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol
64 If there is no cipher (e.g. for cipher suites with no encryption) then
68 used by B<c> during record encryption/decryption. If there is no digest (e.g.
72 the SSL/TLS handshake when using the SSL_CIPHER B<c>. Note that this may be
76 used by B<c>. If there is no key exchange, then B<NID_undef> is returned.
[all …]
|
| D | SSL_get_error.pod | 5 SSL_get_error - obtain result code for TLS/SSL I/O operation
18 SSL_write_ex() or SSL_write() on B<ssl>. The value returned by that TLS/SSL I/O
23 used in the same thread that performed the TLS/SSL I/O operation, and no
25 thread's error queue must be empty before the TLS/SSL I/O operation is
30 Some TLS implementations do not send a close_notify alert on shutdown.
45 The TLS/SSL I/O operation completed. This result code is returned
50 The TLS/SSL peer has closed the connection for writing by sending the
52 No more data can be read.
81 There is no fixed upper limit for the number of iterations that
94 TLS/SSL I/O function should be retried.
[all …]
|
| /third_party/mbedtls/tests/ |
| D | ssl-opt.sh | 3 # ssl-opt.sh
5 # Copyright The Mbed TLS Contributors
6 # SPDX-License-Identifier: Apache-2.0
12 # http://www.apache.org/licenses/LICENSE-2.0
22 # Executes tests to prove various TLS/SSL options and extensions.
33 set -u
37 ulimit -f 20971520
50 : ${GNUTLS_CLI:=gnutls-cli}
51 : ${GNUTLS_SERV:=gnutls-serv}
55 if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then
[all …]
|
| /third_party/libwebsockets/lib/tls/ |
| D | tls-server.c | 2 * libwebsockets - small server side websockets and web server implementation
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
25 #include "private-lib-core.h"
35 lws_tls_check_all_cert_lifetimes(pt->context); in lws_sul_tls_cb()
37 __lws_sul_insert_us(&pt->pt_sul_owner[LWSSULLI_MISS_IF_SUSPENDED], in lws_sul_tls_cb()
38 &pt->sul_tls, in lws_sul_tls_cb()
46 struct lws_context *context = vhost->context; in lws_context_init_server_ssl()
47 lws_fakewsi_def_plwsa(&vhost->context->pt[0]); in lws_context_init_server_ssl()
49 lws_fakewsi_prep_plwsa_ctx(vhost->context); in lws_context_init_server_ssl()
[all …]
|
| /third_party/libcoap/man/ |
| D | coap_tls_library.txt.in | 1 // -*- mode:doc; -*-
12 ----
21 - Work with CoAP TLS libraries
24 --------
41 For specific (D)TLS library support, link with
42 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
43 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
44 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*. Otherwise, link with
45 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
48 -----------
[all …]
|
| /third_party/libwebsockets/lib/tls/openssl/ |
| D | openssl-ssl.c | 2 * libwebsockets - small server side websockets and web server implementation
4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com>
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
25 #include "private-lib-core.h"
26 #include "private-lib-tls-openssl.h"
39 int np = -1; in lws_openssl_describe_cipher()
40 SSL *s = wsi->tls.ssl; in lws_openssl_describe_cipher()
55 if (!wsi->tls.ssl) in lws_ssl_get_error()
58 m = SSL_get_error(wsi->tls.ssl, n); in lws_ssl_get_error()
59 lwsl_debug("%s: %p %d -> %d (errno %d)\n", __func__, wsi->tls.ssl, n, m, LWS_ERRNO); in lws_ssl_get_error()
[all …]
|