Add TLS fallback signalling (draft-ietf-tls-downgrade-scsv-00)

author: lloyd <[email protected]> 2014-10-31 10:18:47 +0000
committer: lloyd <[email protected]> 2014-10-31 10:18:47 +0000
commit: 05d29e973175889685a695d34cf810992497b316 (patch)
tree: 1863a1819f3c02a5b27f6f9266ce2c31bf408ab5 /src/lib/tls/tls_policy.cpp
parent: 8916b9e071503bc8033370c9806075e0b083e84d (diff)
1 files changed, 14 insertions, 1 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index c1f2c311c..602667f05 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -139,13 +139,26 @@ u32bit Policy::session_ticket_lifetime() const
    return 86400; // 1 day
    }
 
+bool Policy::send_fallback_scsv(const Protocol_Version& version) const
+   {
+   return version != latest_supported_version(version.is_datagram_protocol());
+   }
+
 bool Policy::acceptable_protocol_version(Protocol_Version version) const
    {
    // By default require TLS to minimize surprise
    if(version.is_datagram_protocol())
       return false;
 
-   return (version > Protocol_Version::SSL_V3);
+   return (version >= Protocol_Version::TLS_V10);
+   }
+
+Protocol_Version Policy::latest_supported_version(bool datagram) const
+   {
+   if(datagram)
+      return Protocol_Version::latest_dtls_version();
+   else
+      return Protocol_Version::latest_tls_version();
    }
 
 bool Policy::acceptable_ciphersuite(const Ciphersuite&) const
author	lloyd <[email protected]>	2014-10-31 10:18:47 +0000
committer	lloyd <[email protected]>	2014-10-31 10:18:47 +0000
commit	05d29e973175889685a695d34cf810992497b316 (patch)
tree	1863a1819f3c02a5b27f6f9266ce2c31bf408ab5 /src/lib/tls/tls_policy.cpp
parent	8916b9e071503bc8033370c9806075e0b083e84d (diff)