aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRenĂ© Meusel <[email protected]>2022-04-05 10:53:45 +0200
committerRenĂ© Meusel <[email protected]>2022-04-05 10:53:45 +0200
commit13af2356e51b58ade7a1481a957d8a293b0ff9d6 (patch)
tree8358d046e4930e5285188dc881fd6356a3a3d23c
parentfd9d1c3d8891460df6da125258f8e7d7f35d8d6b (diff)
Remove redundant TLS_Policy::use_extended_master_secret()
For TLS 1.2 EMS is always enabled and TLS 1.3 won't need this extension anyway.
-rw-r--r--src/lib/tls/tls_policy.cpp2
-rw-r--r--src/lib/tls/tls_policy.h21
-rw-r--r--src/lib/tls/tls_text_policy.cpp5
3 files changed, 0 insertions, 28 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index d39ee5e51..a1f2e3004 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -299,7 +299,6 @@ bool Policy::include_time_in_hello_random() const { return true; }
bool Policy::hide_unknown_users() const { return false; }
bool Policy::server_uses_own_ciphersuite_preferences() const { return true; }
bool Policy::negotiate_encrypt_then_mac() const { return true; }
-bool Policy::use_extended_master_secret() const { return allow_tls12() || allow_dtls12(); }
bool Policy::support_cert_status_message() const { return true; }
bool Policy::allow_resumption_for_renegotiation() const { return true; }
bool Policy::hash_hello_random() const { return true; }
@@ -527,7 +526,6 @@ void Policy::print(std::ostream& o) const
print_bool(o, "hide_unknown_users", hide_unknown_users());
print_bool(o, "server_uses_own_ciphersuite_preferences", server_uses_own_ciphersuite_preferences());
print_bool(o, "negotiate_encrypt_then_mac", negotiate_encrypt_then_mac());
- print_bool(o, "use_extended_master_secret", use_extended_master_secret());
print_bool(o, "support_cert_status_message", support_cert_status_message());
print_bool(o, "hash_hello_random", hash_hello_random());
o << "session_ticket_lifetime = " << session_ticket_lifetime() << '\n';
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 2f7060870..3c5480bbf 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -259,25 +259,6 @@ class BOTAN_PUBLIC_API(2,0) Policy
virtual bool negotiate_encrypt_then_mac() const;
/**
- * TODO: This should probably be removed as it doesn't have an effect on either
- * TLS 1.2 or 1.3.
- *
- * Indicates whether the extended master secret extension (RFC 7627) should be used.
- *
- * This is always enabled if the client supports TLS 1.2 (the option has no effect).
- * For TLS 1.3 _only_ clients the extension is disabled by default.
- *
- * RFC 8446 Appendix D:
- * TLS 1.2 and prior supported an "Extended Master Secret" [RFC7627]
- * extension which digested large parts of the handshake transcript into
- * the master secret. Because TLS 1.3 always hashes in the transcript
- * up to the server Finished, implementations which support both TLS 1.3
- * and earlier versions SHOULD indicate the use of the Extended Master
- * Secret extension in their APIs whenever TLS 1.3 is used.
- */
- virtual bool use_extended_master_secret() const;
-
- /**
* Indicates whether certificate status messages should be supported
*/
virtual bool support_cert_status_message() const;
@@ -550,8 +531,6 @@ class BOTAN_PUBLIC_API(2,0) Text_Policy : public Policy
bool negotiate_encrypt_then_mac() const override;
- bool use_extended_master_secret() const override;
-
bool support_cert_status_message() const override;
bool require_client_certificate_authentication() const override;
diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp
index 11cdf41e5..94fc07b04 100644
--- a/src/lib/tls/tls_text_policy.cpp
+++ b/src/lib/tls/tls_text_policy.cpp
@@ -89,11 +89,6 @@ bool Text_Policy::negotiate_encrypt_then_mac() const
return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac());
}
-bool Text_Policy::use_extended_master_secret() const
- {
- return get_bool("use_extended_master_secret", Policy::use_extended_master_secret());
- }
-
bool Text_Policy::support_cert_status_message() const
{
return get_bool("support_cert_status_message", Policy::support_cert_status_message());