diff options
author | Jack Lloyd <jack@randombit.net> | 2019-11-15 08:39:38 -0500 |
---|---|---|
committer | Jack Lloyd <jack@randombit.net> | 2019-11-15 08:39:38 -0500 |
commit | 09706a7bdd87ab027ad00ae5fd1f014050c36ee2 (patch) | |
tree | 4afcc593ba06ce74b18ed4fb4b18a93a577695dd | |
parent | 6c56fff65fede68dd0adf6459cca2cb09b6af1d2 (diff) | |
parent | 4fca820cc70826451881dbe5410b17efd9ceee96 (diff) |
Merge GH #2195 Update BSI policy
-rw-r--r-- | src/lib/tls/tls_policy.h | 8 | ||||
-rw-r--r-- | src/tests/data/tls-policy/bsi.txt | 8 |
2 files changed, 7 insertions, 9 deletions
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index b076d5f9d..4fbbd7545 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -420,12 +420,12 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy public: std::vector<std::string> allowed_ciphers() const override { - return std::vector<std::string>({"AES-256/GCM", "AES-128/GCM", "AES-256", "AES-128" }); + return std::vector<std::string>({"AES-256/GCM", "AES-128/GCM", "AES-256/CCM", "AES-128/CCM", "AES-256", "AES-128"}); } std::vector<std::string> allowed_signature_hashes() const override { - return std::vector<std::string>({"SHA-384", "SHA-256"}); + return std::vector<std::string>({"SHA-512", "SHA-384", "SHA-256"}); } std::vector<std::string> allowed_macs() const override @@ -435,7 +435,7 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy std::vector<std::string> allowed_key_exchange_methods() const override { - return std::vector<std::string>({"ECDH", "DH", "PSK", "ECDHE_PSK", "DHE_PSK"}); + return std::vector<std::string>({"ECDH", "DH", "ECDHE_PSK", "DHE_PSK"}); } std::vector<std::string> allowed_signature_methods() const override @@ -451,8 +451,6 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy Group_Params::BRAINPOOL256R1, Group_Params::SECP384R1, Group_Params::SECP256R1, - Group_Params::FFDHE_8192, - Group_Params::FFDHE_6144, Group_Params::FFDHE_4096, Group_Params::FFDHE_3072, Group_Params::FFDHE_2048 diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt index c62777472..935141812 100644 --- a/src/tests/data/tls-policy/bsi.txt +++ b/src/tests/data/tls-policy/bsi.txt @@ -4,12 +4,12 @@ allow_tls12 = true allow_dtls10 = false allow_dtls12 = false -ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 -signature_hashes = SHA-384 SHA-256 +ciphers = AES-256/GCM AES-128/GCM AES-256/CCM AES-128/CCM AES-256 AES-128 +signature_hashes = SHA-512 SHA-384 SHA-256 macs = AEAD SHA-384 SHA-256 -key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK +key_exchange_methods = ECDH DH ECDHE_PSK DHE_PSK signature_methods = ECDSA RSA DSA -key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/8192 ffdhe/ietf/6144 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048 +key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048 minimum_dh_group_size = 2000 minimum_dsa_group_size = 2000 minimum_ecdh_group_size = 250 |