diff options
| author | lloyd <[email protected]> | 2012-08-09 14:22:55 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-08-09 14:22:55 +0000 |
| commit | 46d917264986d2c876128765f4c2424083197555 (patch) | |
| tree | 3fafbc9232b07712beb9781878a8db60d0a8413d /doc/tls.rst | |
| parent | 22041f0d8b863122dfafeb53f80e459adbdd938f (diff) | |
More 1.11.1 notes. Update TLS docs
Diffstat (limited to 'doc/tls.rst')
| -rw-r--r-- | doc/tls.rst | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/doc/tls.rst b/doc/tls.rst index 09b9da3d3..e9cc07aa7 100644 --- a/doc/tls.rst +++ b/doc/tls.rst @@ -279,7 +279,12 @@ There are also functions for serialization and deserializing sessions: RandomNumberGenerator& rng) Encrypts a session using a symmetric key *key* and returns a raw - binary value that can later be passed to ``decrypt``. + binary value that can later be passed to ``decrypt``. The key + may be of any length. + + Currently the implementation uses AES-256 in CBC mode with a + SHA-256 HMAC. The keys for these are derived from *key* using + KDF2(SHA-256). .. cpp:function:: static Session decrypt(const byte ciphertext[], \ size_t length, \ @@ -410,12 +415,6 @@ be negotiated during a handshake. .. cpp:class:: TLS::Policy - .. cpp:function:: Protocol_Version min_version() const - - Returns the minimum protocol version we are willing to negotiate. - - Default: SSL v3 - .. cpp:function:: Protocol_Version pref_version() const Return the protocol version we would prefer to negotiate. This is @@ -423,6 +422,13 @@ be negotiated during a handshake. Default: TLS v1.2 + .. cpp:function:: bool acceptable_protocol_version(const Protocol_Version& version) + + Return true if this version of the protocol is one that we are + willing to negotiate. + + Default: True for all known protocol versions + .. cpp:function:: std::vector<std::string> allowed_ciphers() const Returns the list of ciphers we are willing to negotiate, in order @@ -432,6 +438,10 @@ be negotiated during a handshake. Also allowed: "Camellia-256", "Camellia-128", "SEED" + .. note:: + + ARC4 will never be negotiated in DTLS due to protocol limitations + .. cpp:function:: std::vector<std::string> allowed_macs() const Returns the list of algorithms we are willing to use for @@ -489,6 +499,14 @@ be negotiated during a handshake. TLS compression is not currently supported. + .. cpp:function:: bool allow_server_initiated_renegotiation() const + + If this function returns true, a client will accept a + server-initiated renegotiation attempt. Otherwise it will send + the server a non-fatal ``no_renegotiation`` alert. + + Default: true + .. cpp:function:: bool allow_insecure_renegotiation() const If this function returns true, we will allow renegotiation attempts |