Commit Graph

5 Commits

Author SHA1 Message Date
Johannes Bauer
2cde43d357 Fix issue with TLSv1.3 negotiation
TLSv1.3 behaves differently in how PSK identity/PSK identity hints are
exchanged, at least in regards to OpenSSL. This caused the TLS client to
not send their TLS identity to the server, which rejected the connection
(it expected "luksrku v1"). Couldn't solve it with TLSv1.3, so we're now
simply forcing TLSv1.2.
2019-07-22 21:46:18 +02:00
Johannes Bauer
fd2e456076 Remove references to SSL and replace by TLS.
We're using TLS, not SSL. Use the proper terminology.
2017-03-07 21:48:00 +01:00
Johannes Bauer
8b892e3347 Update OpenSSL version and change sig algs
While the PSK cipher suites do not use any ECDHE/RSA signatures, in the
future someone may change the code. In that case, as a robustness
measure, already set the acceptable signature algorithms now.
Additionally upgrade to OpenSSL v1.1.0e and include the comment to
include X448 once it becomes available for TLS ECDHE (it's not yet,
unfortunately).
2017-03-07 21:40:21 +01:00
Johannes Bauer
edb25da877 LICENSE added (GPLv3) 2016-09-22 20:47:43 +02:00
Johannes Bauer
2df69508aa Initial import 2016-09-22 20:40:58 +02:00