plan9fox/sys
kemal 775a4bea43 libsec: various changes to tls
1. add the curve x25519 to tls, both client and server.
it's more faster, immune to timing attacks by design,
does not require verifying if the public key is valid,
etc etc. server-side has to check if the client supports
the curve, so a new function has been introduced to parse
the client's extensions.

2. reject weak dhe primes that can be easily cracked with
the number field sieve algorithm. this avoids attacks like
logjam.

3. stop putting unix time to the first 4 bytes of client/
server random. it can allow fingerprinting, tls 1.3 doesn't
recommend it any more and there was a draft to deprecate
this behaviour earlier.[1]

4. simply prf code, remove useless cipher enums.

[1] https://datatracker.ietf.org/doc/html/draft-mathewson-no-gmtunixtime-00
2021-06-18 19:12:44 +00:00
..
doc /sys/doc: fix mkfile to and remove files that now can be regenerated 2017-05-09 16:23:48 +02:00
games/lib fortunes: That depends on how you define native. -- Andre Garzia 2021-02-09 23:11:08 -05:00
include lib9p: remove Srv.srvfd, make postsrv() and threadpostsrv() return the mountable file descriptor, update documentation 2021-05-01 19:58:58 +02:00
lib troff: fix mangled fonts and character files 2021-06-15 16:13:59 +00:00
man nusbrc(8): fix typo (thanks igor@9lab.org) 2021-06-19 12:03:53 +00:00
src libsec: various changes to tls 2021-06-18 19:12:44 +00:00