Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).

Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
author: lloyd <[email protected]> 2015-01-04 17:43:34 +0000
committer: lloyd <[email protected]> 2015-01-04 17:43:34 +0000
commit: 8fcc2825c5aa7d6c359bba63eb883088a7650c86 (patch)
tree: 47d2f503ee43d57fe947d608e133ec06edf9d24c /src/lib/tls/tls_policy.h
parent: 5fb44f29a4b27905668d90a4ff46d882a41f5951 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index c3401b8cc..e08714df8 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -130,6 +130,13 @@ class BOTAN_DLL Policy
       virtual u32bit session_ticket_lifetime() const;
 
       /**
+      * If this returns a non-empty vector, and DTLS is negotiated,
+      * then we will also attempt to negotiate the SRTP extension from
+      * RFC 5764 using the returned values as the profile ids.
+      */
+      virtual std::vector<u16bit> srtp_profiles() const;
+
+      /**
       * @return true if and only if we are willing to accept this version
       * Default accepts TLS v1.0 and later.
author	lloyd <[email protected]>	2015-01-04 17:43:34 +0000
committer	lloyd <[email protected]>	2015-01-04 17:43:34 +0000
commit	8fcc2825c5aa7d6c359bba63eb883088a7650c86 (patch)
tree	47d2f503ee43d57fe947d608e133ec06edf9d24c /src/lib/tls/tls_policy.h
parent	5fb44f29a4b27905668d90a4ff46d882a41f5951 (diff)