aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_extensions.h
diff options
context:
space:
mode:
authorJuraj Somorovsky <[email protected]>2016-05-09 00:48:13 +0200
committerJuraj Somorovsky <[email protected]>2016-05-11 07:55:02 +0200
commit7c7fcecbe6a94ffaba5752175d8da5e33fbf0d7b (patch)
tree5ed7b29e5d3441c26b8aa6b5520ab589f9e05377 /src/lib/tls/tls_extensions.h
parent6d327f879c608908ca2c6b9b99f7fd74d498b4ef (diff)
Encrypt-then-MAC extension (RFC 7366)
Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
Diffstat (limited to 'src/lib/tls/tls_extensions.h')
-rw-r--r--src/lib/tls/tls_extensions.h21
1 files changed, 21 insertions, 0 deletions
diff --git a/src/lib/tls/tls_extensions.h b/src/lib/tls/tls_extensions.h
index a5aac0020..e273ae096 100644
--- a/src/lib/tls/tls_extensions.h
+++ b/src/lib/tls/tls_extensions.h
@@ -37,6 +37,7 @@ enum Handshake_Extension_Type {
TLSEXT_HEARTBEAT_SUPPORT = 15,
TLSEXT_ALPN = 16,
+ TLSEXT_ENCRYPT_THEN_MAC = 22,
TLSEXT_EXTENDED_MASTER_SECRET = 23,
TLSEXT_SESSION_TICKET = 35,
@@ -341,6 +342,26 @@ class Extended_Master_Secret final : public Extension
};
/**
+* Encrypt-then-MAC Extension (RFC 7366)
+*/
+class Encrypt_then_MAC final : public Extension
+ {
+ public:
+ static Handshake_Extension_Type static_type()
+ { return TLSEXT_ENCRYPT_THEN_MAC; }
+
+ Handshake_Extension_Type type() const override { return static_type(); }
+
+ std::vector<byte> serialize() const override;
+
+ bool empty() const override { return false; }
+
+ Encrypt_then_MAC() {}
+
+ Encrypt_then_MAC(TLS_Data_Reader& reader, u16bit extension_size);
+ };
+
+/**
* Represents a block of extensions in a hello message
*/
class Extensions
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 06:16:21 +0000