Have default TLS policy reject SSLv3. Add TLS::Policy::acceptable_ciphersuite

to allow either party to filter out specific ciphersuites they don't wish to support for whatever reason.
author: lloyd <[email protected]> 2013-12-10 00:34:10 +0000
committer: lloyd <[email protected]> 2013-12-10 00:34:10 +0000
commit: c6ad94933ec0d718414ba41b3c289b872c04017f (patch)
tree: d336c90d8df5bcc81c853c6e7d8a036885fb8a83 /src/tls/tls_policy.h
parent: 2b44af4c51bf31405f1361eba5f0a555106430a7 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index 6a51f2bbf..5b205dfeb 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -9,6 +9,7 @@
 #define BOTAN_TLS_POLICY_H__
 
 #include <botan/tls_version.h>
+#include <botan/tls_ciphersuite.h>
 #include <botan/x509cert.h>
 #include <botan/dl_group.h>
 #include <vector>
@@ -127,6 +128,8 @@ class BOTAN_DLL Policy
       */
       virtual bool acceptable_protocol_version(Protocol_Version version) const;
 
+      virtual bool acceptable_ciphersuite(const Ciphersuite& suite) const;
+
       /**
       * @return true if servers should choose the ciphersuite matching
       *         their highest preference, rather than the clients.
author	lloyd <[email protected]>	2013-12-10 00:34:10 +0000
committer	lloyd <[email protected]>	2013-12-10 00:34:10 +0000
commit	c6ad94933ec0d718414ba41b3c289b872c04017f (patch)
tree	d336c90d8df5bcc81c853c6e7d8a036885fb8a83 /src/tls/tls_policy.h
parent	2b44af4c51bf31405f1361eba5f0a555106430a7 (diff)