f550aef6074c43642bdecb0ce21c511c3fbf81eb: Bug 1485864 - Constant time mp_to_fixlen_octets, r=franziskus NSS_3_36_BRANCH
Martin Thomson <martin.thomson@gmail.com> - Fri, 30 Nov 2018 17:07:28 +0100 - rev 14942
Push 3227 by jjones@mozilla.com at Fri, 30 Nov 2018 21:51:02 +0000
Bug 1485864 - Constant time mp_to_fixlen_octets, r=franziskus Differential Revision: https://phabricator.services.mozilla.com/D11722
2ac9939c87ccd681fab7bdbe20eaf092eb26e8ed: Bug 1485864 - improve padding checks in RSA_DecryptBlock, r=mt NSS_3_36_BRANCH
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 31 Oct 2018 14:15:59 +0100 - rev 14941
Push 3227 by jjones@mozilla.com at Fri, 30 Nov 2018 21:51:02 +0000
Bug 1485864 - improve padding checks in RSA_DecryptBlock, r=mt Differential Revision: https://phabricator.services.mozilla.com//D10357
93b536c98e60fe27e4cbf859e746c0929905ec23: Bug 1485864 - improve RSA key exchange handling, r=mt NSS_3_36_BRANCH
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 26 Oct 2018 12:50:22 +0200 - rev 14940
Push 3227 by jjones@mozilla.com at Fri, 30 Nov 2018 21:51:02 +0000
Bug 1485864 - improve RSA key exchange handling, r=mt Differential Revision: https://phabricator.services.mozilla.com//D9914
f5ef342733116dda9998d90a5809c5ddfa9090e3: Bug 1485864 - Constant time mp_to_fixlen_octets, r=franziskus NSS_3_41_BETA1
Martin Thomson <martin.thomson@gmail.com> - Fri, 30 Nov 2018 17:07:28 +0100 - rev 14939
Push 3226 by franziskuskiefer@gmail.com at Fri, 30 Nov 2018 17:05:12 +0000
Bug 1485864 - Constant time mp_to_fixlen_octets, r=franziskus Differential Revision: https://phabricator.services.mozilla.com/D11722
9d1be6a2e610fe0b82832b187def81d103b697d7: Bug 1485864 - improve padding checks in RSA_DecryptBlock, r=mt
Franziskus Kiefer <franziskuskiefer@gmail.com> - Wed, 31 Oct 2018 14:15:59 +0100 - rev 14938
Push 3226 by franziskuskiefer@gmail.com at Fri, 30 Nov 2018 17:05:12 +0000
Bug 1485864 - improve padding checks in RSA_DecryptBlock, r=mt Differential Revision: https://phabricator.services.mozilla.com//D10357
4b966fea84c8c271af7a4b30ec5fc5406344e430: Bug 1485864 - improve RSA key exchange handling, r=mt
Franziskus Kiefer <franziskuskiefer@gmail.com> - Fri, 26 Oct 2018 12:50:22 +0200 - rev 14937
Push 3226 by franziskuskiefer@gmail.com at Fri, 30 Nov 2018 17:05:12 +0000
Bug 1485864 - improve RSA key exchange handling, r=mt Differential Revision: https://phabricator.services.mozilla.com//D9914
a7ff3c6aff5b4607caa09d9f2fbd51832c8efaf9: Bug 1507179, reject CCS after handshake is complete in TLS 1.3, r=mt
Daiki Ueno <dueno@redhat.com> - Thu, 29 Nov 2018 18:13:10 +0100 - rev 14936
Push 3225 by dueno@redhat.com at Thu, 29 Nov 2018 17:14:13 +0000
Bug 1507179, reject CCS after handshake is complete in TLS 1.3, r=mt Reviewers: mt Reviewed By: mt Subscribers: mt, ekr, franziskus, ueno Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3 Bug #: 1507179 Differential Revision: https://phabricator.services.mozilla.com/D12887
4b9cf6e61a480e2a82e8bdfc3c3b460fc2abaf0e: Bug 1507760, modutil: print warning when adding module while p11-kit is enabled, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Fri, 16 Nov 2018 13:13:37 +0100 - rev 14935
Push 3224 by dueno@redhat.com at Thu, 22 Nov 2018 17:33:53 +0000
Bug 1507760, modutil: print warning when adding module while p11-kit is enabled, r=rrelyea
bbe3464ce4398278c0eaeffba4fb46720968a927: Bug 1413308, document PKCS #11 URI usage in tools manual, r=rrelyea
Daiki Ueno <dueno@redhat.com> - Fri, 16 Nov 2018 10:14:44 +0100 - rev 14934
Push 3224 by dueno@redhat.com at Thu, 22 Nov 2018 17:33:53 +0000
Bug 1413308, document PKCS #11 URI usage in tools manual, r=rrelyea
01f74d6a5cb2c6cf54ae2f09970939cdfbe9e27c: Bug 1412829, reject empty supported_signature_algorithms in CR in TLS 1.2, r=mt
Daiki Ueno <dueno@redhat.com> - Thu, 22 Nov 2018 10:55:20 +0100 - rev 14933
Push 3224 by dueno@redhat.com at Thu, 22 Nov 2018 17:33:53 +0000
Bug 1412829, reject empty supported_signature_algorithms in CR in TLS 1.2, r=mt Summary: This basically reverts bug 1335069 to align with RFC 5246. Reviewers: mt Reviewed By: mt Bug #: 1412829 Differential Revision: https://phabricator.services.mozilla.com/D12563
c15f06c09e7d834c743a1015b65eedc609fed9f3: Bug 1444444, apply crypto-policy on RSA-PSS hash algorithms, r=mt
Daiki Ueno <dueno@redhat.com> - Thu, 22 Nov 2018 10:55:10 +0100 - rev 14932
Push 3224 by dueno@redhat.com at Thu, 22 Nov 2018 17:33:53 +0000
Bug 1444444, apply crypto-policy on RSA-PSS hash algorithms, r=mt Reviewers: mt Reviewed By: mt Bug #: 1444444 Differential Revision: https://phabricator.services.mozilla.com/D12441
6fa77de9d93bd7c086eeb3b2d2a2faace99156ea: Bug 1481271, resend the same ticket in ClientHello after HRR, r=mt
Daiki Ueno <dueno@redhat.com> - Wed, 21 Nov 2018 10:11:42 +0100 - rev 14931
Push 3223 by dueno@redhat.com at Wed, 21 Nov 2018 09:12:14 +0000
Bug 1481271, resend the same ticket in ClientHello after HRR, r=mt Summary: This is an another attempt to fix the issue: store the sent session ticket in `ssl3.hs` until the client receives ServerHello. Test is not ready as I couldn't find any easy way to establish multiple connections in gtests to reproduce the scenario described in comment 7. Reviewers: mt Reviewed By: mt Subscribers: franziskus, jcj, mt, ekr, ueno, rrelyea, Alex_Gaynor, mccr8, HubertKario Tags: #secure-revision, PHID-PROJ-ffhf7tdvqze7zrdn6dh3 Bug #: 1481271 Differential Revision: https://phabricator.services.mozilla.com/D7493
59ef418bf92591c9fb2242f04d362bd029dc7bb2: Bug 1505899 - November 2018 batch of root CA changes r=kwilson
J.C. Jones <jjones@mozilla.com> - Thu, 08 Nov 2018 13:34:37 -0700 - rev 14930
Push 3222 by jjones@mozilla.com at Fri, 16 Nov 2018 16:19:59 +0000
Bug 1505899 - November 2018 batch of root CA changes r=kwilson * Add Google Trust Services LLC (GTS) root certificates to NSS (bug 1496204) * Add SHECA UCA Global G2 and UCA EV root certificates to NSS (bug 1496214) * Remove Opentrust and Certplus root certs that currently only have the Email trust bit enabled (bug 1499320) * Remove Certicámara root (bug 1501457) * Add Certigna Root CA root certificate to NSS (bug 1505614)
aa7940a0d822d762464e7d7bfbbb33cad9ea31e9: Bug 1493215, enable AES-256-GCM ciphersuites by default in TLS 1.2, r=kaie
Daiki Ueno <dueno@redhat.com> - Wed, 14 Nov 2018 14:52:15 +0100 - rev 14929
Push 3221 by dueno@redhat.com at Wed, 14 Nov 2018 13:53:07 +0000
Bug 1493215, enable AES-256-GCM ciphersuites by default in TLS 1.2, r=kaie
0d97145d524ab35b8bc2a4a8aea60a83bd244f14: Bug 1252891
Robert Relyea <rrelyea@redhat.com> - Mon, 12 Nov 2018 09:42:23 -0800 - rev 14928
Push 3220 by rrelyea@redhat.com at Mon, 12 Nov 2018 17:42:29 +0000
Bug 1252891 Update ABI whitelist to include new SECOIDs.
11a3860392d789e64a18921246fb5f4f5bcf21f2: # Bug 1252891 Implement certUsageIPSec as defined in RFC 4945
Robert Relyea <rrelyea@redhat.com> - Fri, 09 Nov 2018 15:42:43 -0800 - rev 14927
Push 3219 by rrelyea@redhat.com at Fri, 09 Nov 2018 23:43:44 +0000
# Bug 1252891 Implement certUsageIPSec as defined in RFC 4945 Patch by Kai r=rrelyea
070bebf39672054410437b0cf931e00a8920a1ff: Bug 1505317, update PayPal test certs, r=franziskus
Daiki Ueno <dueno@redhat.com> - Wed, 07 Nov 2018 14:02:14 +0100 - rev 14926
Push 3218 by dueno@redhat.com at Thu, 08 Nov 2018 09:05:36 +0000
Bug 1505317, update PayPal test certs, r=franziskus
3b79af0fa294b4b1c009c1c0b659bb72b4d2c1c8: Bug 1423043 - Enable half-close, r=ttaubert,ekr
Martin Thomson <martin.thomson@gmail.com> - Thu, 25 Oct 2018 13:55:30 +1100 - rev 14925
Push 3217 by martin.thomson@gmail.com at Fri, 26 Oct 2018 06:07:19 +0000
Bug 1423043 - Enable half-close, r=ttaubert,ekr Summary: TLS 1.3 explicitly changed to allow close_notify on one half of the connection. Since SSL, an endpoint was required to send close_notify if it received close_notify. The general agreement was that this was a silly requirement and that we would remove it and allow one side of the connection to be closed. This is critical for some protocols that are being moved to use TLS. NSS was almost perfect here. The only problem was that it suppressed the second close_notify. I've added a test for that. Differential Revision: https://phabricator.services.mozilla.com/D797
9dd8d5e2156ed106da285f29a7b1cf991e52c506: Bug 1487280 - Update interop harness, r=jallmann
Martin Thomson <martin.thomson@gmail.com> - Thu, 25 Oct 2018 07:53:39 +1100 - rev 14924
Push 3216 by martin.thomson@gmail.com at Wed, 24 Oct 2018 20:54:33 +0000
Bug 1487280 - Update interop harness, r=jallmann Differential Revision: https://phabricator.services.mozilla.com/D9630
51583e738b219c7e2f895c9e3a31160b29d8dda6: Bug 1499732 - add expiration time to tokenInfo, r=mt
Franziskus Kiefer <franziskuskiefer@gmail.com> - Tue, 23 Oct 2018 14:56:22 +0200 - rev 14923
Push 3215 by franziskuskiefer@gmail.com at Wed, 24 Oct 2018 09:12:04 +0000
Bug 1499732 - add expiration time to tokenInfo, r=mt Differential Revision: https://phabricator.services.mozilla.com/D9510
(0) -10000 -3000 -1000 -300 -100 -50 -20 +20 +50 +100 +300 tip