Glenn Strauss
6fb63fa8d6
[multiple] include mbedtls/config.h after select
include mbedtls/config.h crypto lib config
after selecting crypto lib to use
6 months ago
Glenn Strauss
31fc3a0773
[TLS] server.feature-flags "ssl.session-cache"
disabled by default, but can be enabled
(session tickets should be preferred)
applies to mod_openssl, mod_wolfssl, mod_nss
session cache is not currently implemented in mod_mbedtls or mod_gnutls
6 months ago
Glenn Strauss
1d27391c29
[mod_mbedtls] wrap addtl code in preproc defines
wrap additional code in preprocessor defines to check if enabled in lib
6 months ago
Glenn Strauss
949662d27e
[multiple] add some missing config cleanup
(thx stbuehler)
6 months ago
Glenn Strauss
61f7d531eb
[mod_mbedtls] newer mbedTLS vers support TLSv1.3
6 months ago
Glenn Strauss
f98dff9bc3
[mod_mbedtls] quiet unused variable warning
6 months ago
Glenn Strauss
d865d8c330
[TLS] ignore empty "CipherString" in ssl-conf-cmd
e.g. ssl.openssl.ssl-conf-cmd = ("CipherString" => "")
6 months ago
Glenn Strauss
496cd8ff44
[mod_mbedtls] quiet CLOSE_NOTIFY after conn reset
do not log error after connection reset
6 months ago
Glenn Strauss
874707cd66
[TLS] use fdevent_load_file_bytes() for STEK file
remove direct dependency on <unistd.h> from lighttpd TLS modules
6 months ago
Glenn Strauss
16a70b9253
[multiple] TLS modules use chunkqueue_peek_data()
7 months ago
Glenn Strauss
a330746f06
[TLS] error if inherit empty TLS cfg from globals
error if $SERVER["socket"] inherits empty TLS config from global scope
and ssl.engine = "enable" in the $SERVER["socket"]
7 months ago
Glenn Strauss
bbcc2f229a
[multiple] allow TLS ALPN "h2" if "server.h2proto"
9 months ago
Glenn Strauss
33c8cf41db
[multiple] rename connection_reset hook to request
rename connection_reset to handle_request_reset
9 months ago
Glenn Strauss
164f7600b7
[multiple] con hooks store ctx in con->plugin_ctx
modules with connection level hooks now store ctx in con->plugin_ctx
9 months ago
Glenn Strauss
0ad57da55b
[mod_openssl,mbedtls,gnutls,nss] fdevent_load_file
employ fdevent_load_file() to load CRL, X509 cert, and private key files
into memory
10 months ago
Glenn Strauss
3e2e8e6d29
[mod_mbedtls] ssl.stek-file to specify encrypt key
difference from mod_openssl:
Admin should schedule an independent job to periodically
generate a new STEK up to 2 times during key lifetime
(mbedtls internals store up to 2 keys)
(more details in prior commit message for mod_openssl)
11 months ago
Glenn Strauss
cb753ec5b5
[mod_mbedtls] mbedTLS option for TLS
(experimental)
mod_mbedtls supports most ssl.* config options supported by mod_openssl
thx Ward Willats for the initial discussion and attempt in the comments
https://redmine.lighttpd.net/boards/3/topics/7029
1 year ago
Glenn Strauss