diff options
-rw-r--r-- | src/tls/c_kex.cpp | 6 | ||||
-rw-r--r-- | src/tls/tls_ciphersuite.cpp | 20 | ||||
-rw-r--r-- | src/tls/tls_client.cpp | 4 | ||||
-rw-r--r-- | src/tls/tls_policy.cpp | 8 | ||||
-rw-r--r-- | src/tls/tls_server.cpp | 4 |
5 files changed, 22 insertions, 20 deletions
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index ea2e91972..df96d9dec 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -153,13 +153,13 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents, const Ciphersuite& suite, Protocol_Version using_version) { - if(suite.kex_algo() == "" && using_version == Protocol_Version::SSL_V3) + if(suite.kex_algo() == "RSA" && using_version == Protocol_Version::SSL_V3) key_material = contents; else { TLS_Data_Reader reader(contents); - if(suite.kex_algo() == "" || suite.kex_algo() == "DH") + if(suite.kex_algo() == "RSA" || suite.kex_algo() == "DH") key_material = reader.get_range<byte>(2, 0, 65535); else if(suite.kex_algo() == "ECDH") key_material = reader.get_range<byte>(1, 1, 255); @@ -177,7 +177,7 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, { const std::string kex_algo = state->suite.kex_algo(); - if(kex_algo == "") + if(kex_algo == "RSA") { BOTAN_ASSERT(state->server_certs && !state->server_certs->cert_chain().empty(), "No server certificate to use for RSA"); diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index a46be8404..b81d4adc4 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -25,32 +25,32 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite) // RSA ciphersuites case TLS_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "RSA", "SHA-1", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "RSA", "SHA-1", "AES-256", 32); case TLS_RSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("RSA", "", "SHA-256", "AES-128", 16); + return Ciphersuite("RSA", "RSA", "SHA-256", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA256: - return Ciphersuite("RSA", "", "SHA-256", "AES-256", 32); + return Ciphersuite("RSA", "RSA", "SHA-256", "AES-256", 32); case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "3DES", 24); + return Ciphersuite("RSA", "RSA", "SHA-1", "3DES", 24); case TLS_RSA_WITH_RC4_128_SHA: - return Ciphersuite("RSA", "", "SHA-1", "ARC4", 16); + return Ciphersuite("RSA", "RSA", "SHA-1", "ARC4", 16); case TLS_RSA_WITH_RC4_128_MD5: - return Ciphersuite("RSA", "", "MD5", "ARC4", 16); + return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16); case TLS_RSA_WITH_SEED_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "SEED", 16); + return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16); #if defined(BOTAN_HAS_IDEA) case TLS_RSA_WITH_IDEA_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "IDEA", 16); + return Ciphersuite("RSA", "RSA", "SHA-1", "IDEA", 16); #endif // DH/DSS ciphersuites @@ -185,7 +185,7 @@ std::string Ciphersuite::to_string() const out << "TLS_"; - if(kex_algo() != "") + if(kex_algo() != "RSA") { if(kex_algo() == "DH") out << "DHE"; diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index ba0d1e506..e0fde4573 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -221,7 +221,7 @@ void Client::process_handshake_msg(Handshake_Type type, { state->set_expected_next(CERTIFICATE); } - else if(state->suite.kex_algo() != "") + else if(state->suite.kex_algo() != "RSA") { state->set_expected_next(SERVER_KEX); } @@ -234,7 +234,7 @@ void Client::process_handshake_msg(Handshake_Type type, } else if(type == CERTIFICATE) { - if(state->suite.kex_algo() != "") + if(state->suite.kex_algo() != "RSA") { state->set_expected_next(SERVER_KEX); } diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index ea3e4f144..6d95ada40 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -20,9 +20,8 @@ std::vector<std::string> Policy::allowed_ciphers() const allowed.push_back("AES-256"); allowed.push_back("AES-128"); - allowed.push_back("TripleDES"); + allowed.push_back("3DES"); allowed.push_back("ARC4"); - // Note that SEED and IDEA are not included by default return allowed; @@ -51,16 +50,19 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const //allowed.push_back("PSK"); allowed.push_back("ECDH"); allowed.push_back("DH"); - allowed.push_back(""); // means RSA via server cert + allowed.push_back("RSA"); // RSA via server cert + return allowed; } std::vector<std::string> Policy::allowed_signature_methods() const { std::vector<std::string> allowed; + allowed.push_back("ECDSA"); allowed.push_back("RSA"); allowed.push_back("DSA"); + return allowed; } diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 1253a7327..74d4106a2 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -269,7 +269,7 @@ void Server::process_handshake_msg(Handshake_Type type, std::auto_ptr<Private_Key> private_key(0); - if(kex_algo == "" || sig_algo != "") + if(kex_algo == "RSA" || sig_algo != "") { private_key.reset( creds.private_key_for(state->server_certs->cert_chain()[0], @@ -277,7 +277,7 @@ void Server::process_handshake_msg(Handshake_Type type, m_hostname)); } - if(kex_algo == "") + if(kex_algo == "RSA") { state->server_rsa_kex_key = private_key.release(); } |