Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL/TLS implementation #37

Merged
merged 27 commits into from
May 30, 2014
Merged

SSL/TLS implementation #37

merged 27 commits into from
May 30, 2014
+326 −70

Conversation

dimdin
Copy link
Collaborator

@dimdin dimdin commented May 29, 2014

@denisenkom please review
closes #27

dimdin added 26 commits May 20, 2014 20:28
@dimdin
encryption constants
4e15e4d
@dimdin
extract connection parameters parsing
400b946
@dimdin
formatting bug
a64c0a9
@dimdin
timeout in seconds
90ccc8d
@dimdin
encrypt parameters
93b27bc
@dimdin
encryption negotiation
8369a56
@dimdin
use std error
4458b61
@dimdin
better trust server certificate defaults
bf77f56
@dimdin
parameter for host name in certificate
be1e33a
@dimdin
reinitialize buffer
b266b6e
@dimdin
minor changes
e9e3a69
@dimdin
handshake load in one prelogin package
003e557
@dimdin
display the error
b9f0c93
@dimdin
better error messages for handshake
f3e4506
@dimdin
better error messages for login
c83d666
@dimdin
set packet id
8c0025c
@dimdin
revert change because it masks network timeout
1818209
@dimdin
test with secure connection
d905c1a
@dimdin
wrong parameter
42e9a38
@dimdin
fix prelogin negotiation bug
d73ab76 
range iteration is random and SQL server expects the prelogin items to
be in ascending order
@dimdin
confirm encryption using session information
655ce78
@dimdin
warn about man in the middle attack
23c40fc
@dimdin
add encryption as a feature
dd6300c
@dimdin
Restore the transport after the first login packet
77e3582 
Only the first TDS packet of the Login message MUST be encrypted using
TLS/SSL and encapsulated in a TLS/SSL message. All other TDS packets
sent or received MUST be in plaintext.
@dimdin
Ability to disable encryption
f7a0bdd
@dimdin
sql server 2008 ssl connection issue and fix
98d3b7a
denisenkom
denisenkom reviewed May 30, 2014
View reviewed changes
tds.go
}
if encrypt == encryptOff {
outbuf.afterFirst = func() {
outbuf.transport = toconn
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are you sure this will work? I mean will server drop encryption after login, I didn't see such feature in docs.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

copying from table in 2.2.6.4: Value returned from server is ENCRYPT_OFF: Encrypt login packet only
copying from 3.2.5.2:
If login-only encryption was negotiated as described in section 2.2 in the PRELOGIN message description, then the first TDS packet of the Login message MUST be encrypted using TLS/SSL and encapsulated in a TLS/SSL message. All other TDS packets sent or received MUST be in plaintext.

@denisenkom
Copy link
Owner

Ok, I approve this pull request

dimdin added a commit that referenced this pull request May 30, 2014
@dimdin
Merge pull request #37 from denisenkom/ssl
2555ba8 
SSL/TLS implementation
@dimdin dimdin merged commit 2555ba8 into master May 30, 2014
@dimdin dimdin deleted the ssl branch May 30, 2014 16:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for SSL encryption
2 participants
@dimdin @denisenkom