Add TLS_PSK tests

Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
author: Jack Lloyd <[email protected]> 2015-11-13 12:52:20 -0500
committer: Jack Lloyd <[email protected]> 2015-11-13 12:52:20 -0500
commit: 406c57f09eac849c10807b74c8e7ba051a6a5c2c (patch)
tree: fcb26fab346948c2647ff7db4144bb9d5ed07295 /src/lib/tls/tls_policy.cpp
parent: 3dbcfb6297acfdb8818742acfb0fa9ffe70bcdbc (diff)
1 files changed, 2 insertions, 5 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index d8dd2c828..7d1af71ef 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -1,6 +1,6 @@
 /*
 * Policies for TLS
-* (C) 2004-2010,2012 Jack Lloyd
+* (C) 2004-2010,2012,2015 Jack Lloyd
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -44,7 +44,7 @@ std::vector<std::string> Policy::allowed_signature_hashes() const
       "SHA-512",
       "SHA-384",
       "SHA-256",
-      "SHA-224",
+      //"SHA-224",
       //"SHA-1",
       //"MD5",
       };
@@ -282,9 +282,6 @@ std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version,
       if(!have_srp && suite.kex_algo() == "SRP_SHA")
          continue;
 
-      if(version.is_datagram_protocol() && suite.cipher_algo() == "RC4")
-         continue;
-
       if(!version.supports_aead_modes() && suite.mac_algo() == "AEAD")
          continue;
author	Jack Lloyd <[email protected]>	2015-11-13 12:52:20 -0500
committer	Jack Lloyd <[email protected]>	2015-11-13 12:52:20 -0500
commit	406c57f09eac849c10807b74c8e7ba051a6a5c2c (patch)
tree	fcb26fab346948c2647ff7db4144bb9d5ed07295 /src/lib/tls/tls_policy.cpp
parent	3dbcfb6297acfdb8818742acfb0fa9ffe70bcdbc (diff)