diff options
author | Juraj Somorovsky <[email protected]> | 2016-05-09 00:48:13 +0200 |
---|---|---|
committer | Juraj Somorovsky <[email protected]> | 2016-05-11 07:55:02 +0200 |
commit | 7c7fcecbe6a94ffaba5752175d8da5e33fbf0d7b (patch) | |
tree | 5ed7b29e5d3441c26b8aa6b5520ab589f9e05377 /src/lib/tls/tls_policy.h | |
parent | 6d327f879c608908ca2c6b9b99f7fd74d498b4ef (diff) |
Encrypt-then-MAC extension (RFC 7366)
Introduced a countermeasure against the logjam attack
Short TLS records (AES-CBC) now return BAD_RECORD_MAC
Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
Diffstat (limited to 'src/lib/tls/tls_policy.h')
-rw-r--r-- | src/lib/tls/tls_policy.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 4ae84b833..dc24d73e2 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -203,6 +203,12 @@ class BOTAN_DLL Policy virtual bool server_uses_own_ciphersuite_preferences() const; /** + * Indicates whether the encrypt-then-MAC extension should be negotiated + * (RFC 7366) + */ + virtual bool negotiate_encrypt_then_mac() const; + + /** * Return allowed ciphersuites, in order of preference */ virtual std::vector<u16bit> ciphersuite_list(Protocol_Version version, @@ -340,6 +346,9 @@ class BOTAN_DLL Text_Policy : public Policy bool server_uses_own_ciphersuite_preferences() const override { return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences()); } + bool negotiate_encrypt_then_mac() const override + { return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac()); } + std::string dh_group() const override { return get_str("dh_group", Policy::dh_group()); } |