aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_policy.h
diff options
context:
space:
mode:
authorJuraj Somorovsky <[email protected]>2016-05-09 00:48:13 +0200
committerJuraj Somorovsky <[email protected]>2016-05-11 07:55:02 +0200
commit7c7fcecbe6a94ffaba5752175d8da5e33fbf0d7b (patch)
tree5ed7b29e5d3441c26b8aa6b5520ab589f9e05377 /src/lib/tls/tls_policy.h
parent6d327f879c608908ca2c6b9b99f7fd74d498b4ef (diff)
Encrypt-then-MAC extension (RFC 7366)
Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
Diffstat (limited to 'src/lib/tls/tls_policy.h')
-rw-r--r--src/lib/tls/tls_policy.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 4ae84b833..dc24d73e2 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -203,6 +203,12 @@ class BOTAN_DLL Policy
virtual bool server_uses_own_ciphersuite_preferences() const;
/**
+ * Indicates whether the encrypt-then-MAC extension should be negotiated
+ * (RFC 7366)
+ */
+ virtual bool negotiate_encrypt_then_mac() const;
+
+ /**
* Return allowed ciphersuites, in order of preference
*/
virtual std::vector<u16bit> ciphersuite_list(Protocol_Version version,
@@ -340,6 +346,9 @@ class BOTAN_DLL Text_Policy : public Policy
bool server_uses_own_ciphersuite_preferences() const override
{ return get_bool("server_uses_own_ciphersuite_preferences", Policy::server_uses_own_ciphersuite_preferences()); }
+ bool negotiate_encrypt_then_mac() const override
+ { return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac()); }
+
std::string dh_group() const override
{ return get_str("dh_group", Policy::dh_group()); }