diff options
author | Jack Lloyd <[email protected]> | 2016-11-25 12:09:57 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-11-25 12:09:57 -0500 |
commit | c821af9ecb9df8b8e2e5ce0f9616a03193b23f55 (patch) | |
tree | 27552491e4cbf441be22370e0a4ceabb96567b6a /src | |
parent | f4f6726262d1096974d191de3f3220b6e1a41c06 (diff) |
Add minimum_signature_strenght to Text_Policy
Also (unrelated) enable CECPQ1 in Strict_Policy
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 3 | ||||
-rw-r--r-- | src/lib/tls/tls_policy.h | 9 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 4dc1206e7..4bd071d0b 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -471,6 +471,7 @@ void Policy::print(std::ostream& o) const o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n'; o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n'; o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n'; + o << "minimum_signature_strength = " << minimum_signature_strength() << '\n'; } std::vector<std::string> Strict_Policy::allowed_ciphers() const @@ -490,7 +491,7 @@ std::vector<std::string> Strict_Policy::allowed_macs() const std::vector<std::string> Strict_Policy::allowed_key_exchange_methods() const { - return { "ECDH" }; + return { "CECPQ1", "ECDH" }; } bool Strict_Policy::allow_tls10() const { return false; } diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 92814277f..519139fff 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -310,7 +310,9 @@ class BOTAN_DLL NSA_Suite_B_128 : public Policy std::vector<std::string> allowed_ecc_curves() const override { return std::vector<std::string>({"secp256r1"}); } - + + size_t minimum_signature_strength() const override { return 128; } + bool allow_tls10() const override { return false; } bool allow_tls11() const override { return false; } bool allow_tls12() const override { return true; } @@ -428,7 +430,10 @@ class BOTAN_DLL Text_Policy : public Policy size_t minimum_rsa_bits() const override { return get_len("minimum_rsa_bits", Policy::minimum_rsa_bits()); } - + + size_t minimum_signature_strength() const override + { return get_len("minimum_signature_strength", Policy::minimum_signature_strength()); } + bool hide_unknown_users() const override { return get_bool("hide_unknown_users", Policy::hide_unknown_users()); } |