aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/tls/c_kex.cpp6
-rw-r--r--src/tls/tls_ciphersuite.cpp20
-rw-r--r--src/tls/tls_client.cpp4
-rw-r--r--src/tls/tls_policy.cpp8
-rw-r--r--src/tls/tls_server.cpp4
5 files changed, 22 insertions, 20 deletions
diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp
index ea2e91972..df96d9dec 100644
--- a/src/tls/c_kex.cpp
+++ b/src/tls/c_kex.cpp
@@ -153,13 +153,13 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion<byte>& contents,
const Ciphersuite& suite,
Protocol_Version using_version)
{
- if(suite.kex_algo() == "" && using_version == Protocol_Version::SSL_V3)
+ if(suite.kex_algo() == "RSA" && using_version == Protocol_Version::SSL_V3)
key_material = contents;
else
{
TLS_Data_Reader reader(contents);
- if(suite.kex_algo() == "" || suite.kex_algo() == "DH")
+ if(suite.kex_algo() == "RSA" || suite.kex_algo() == "DH")
key_material = reader.get_range<byte>(2, 0, 65535);
else if(suite.kex_algo() == "ECDH")
key_material = reader.get_range<byte>(1, 1, 255);
@@ -177,7 +177,7 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng,
{
const std::string kex_algo = state->suite.kex_algo();
- if(kex_algo == "")
+ if(kex_algo == "RSA")
{
BOTAN_ASSERT(state->server_certs && !state->server_certs->cert_chain().empty(),
"No server certificate to use for RSA");
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp
index a46be8404..b81d4adc4 100644
--- a/src/tls/tls_ciphersuite.cpp
+++ b/src/tls/tls_ciphersuite.cpp
@@ -25,32 +25,32 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite)
// RSA ciphersuites
case TLS_RSA_WITH_AES_128_CBC_SHA:
- return Ciphersuite("RSA", "", "SHA-1", "AES-128", 16);
+ return Ciphersuite("RSA", "RSA", "SHA-1", "AES-128", 16);
case TLS_RSA_WITH_AES_256_CBC_SHA:
- return Ciphersuite("RSA", "", "SHA-1", "AES-256", 32);
+ return Ciphersuite("RSA", "RSA", "SHA-1", "AES-256", 32);
case TLS_RSA_WITH_AES_128_CBC_SHA256:
- return Ciphersuite("RSA", "", "SHA-256", "AES-128", 16);
+ return Ciphersuite("RSA", "RSA", "SHA-256", "AES-128", 16);
case TLS_RSA_WITH_AES_256_CBC_SHA256:
- return Ciphersuite("RSA", "", "SHA-256", "AES-256", 32);
+ return Ciphersuite("RSA", "RSA", "SHA-256", "AES-256", 32);
case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
- return Ciphersuite("RSA", "", "SHA-1", "3DES", 24);
+ return Ciphersuite("RSA", "RSA", "SHA-1", "3DES", 24);
case TLS_RSA_WITH_RC4_128_SHA:
- return Ciphersuite("RSA", "", "SHA-1", "ARC4", 16);
+ return Ciphersuite("RSA", "RSA", "SHA-1", "ARC4", 16);
case TLS_RSA_WITH_RC4_128_MD5:
- return Ciphersuite("RSA", "", "MD5", "ARC4", 16);
+ return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16);
case TLS_RSA_WITH_SEED_CBC_SHA:
- return Ciphersuite("RSA", "", "SHA-1", "SEED", 16);
+ return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16);
#if defined(BOTAN_HAS_IDEA)
case TLS_RSA_WITH_IDEA_CBC_SHA:
- return Ciphersuite("RSA", "", "SHA-1", "IDEA", 16);
+ return Ciphersuite("RSA", "RSA", "SHA-1", "IDEA", 16);
#endif
// DH/DSS ciphersuites
@@ -185,7 +185,7 @@ std::string Ciphersuite::to_string() const
out << "TLS_";
- if(kex_algo() != "")
+ if(kex_algo() != "RSA")
{
if(kex_algo() == "DH")
out << "DHE";
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index ba0d1e506..e0fde4573 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -221,7 +221,7 @@ void Client::process_handshake_msg(Handshake_Type type,
{
state->set_expected_next(CERTIFICATE);
}
- else if(state->suite.kex_algo() != "")
+ else if(state->suite.kex_algo() != "RSA")
{
state->set_expected_next(SERVER_KEX);
}
@@ -234,7 +234,7 @@ void Client::process_handshake_msg(Handshake_Type type,
}
else if(type == CERTIFICATE)
{
- if(state->suite.kex_algo() != "")
+ if(state->suite.kex_algo() != "RSA")
{
state->set_expected_next(SERVER_KEX);
}
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index ea3e4f144..6d95ada40 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -20,9 +20,8 @@ std::vector<std::string> Policy::allowed_ciphers() const
allowed.push_back("AES-256");
allowed.push_back("AES-128");
- allowed.push_back("TripleDES");
+ allowed.push_back("3DES");
allowed.push_back("ARC4");
-
// Note that SEED and IDEA are not included by default
return allowed;
@@ -51,16 +50,19 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const
//allowed.push_back("PSK");
allowed.push_back("ECDH");
allowed.push_back("DH");
- allowed.push_back(""); // means RSA via server cert
+ allowed.push_back("RSA"); // RSA via server cert
+
return allowed;
}
std::vector<std::string> Policy::allowed_signature_methods() const
{
std::vector<std::string> allowed;
+
allowed.push_back("ECDSA");
allowed.push_back("RSA");
allowed.push_back("DSA");
+
return allowed;
}
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index 1253a7327..74d4106a2 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -269,7 +269,7 @@ void Server::process_handshake_msg(Handshake_Type type,
std::auto_ptr<Private_Key> private_key(0);
- if(kex_algo == "" || sig_algo != "")
+ if(kex_algo == "RSA" || sig_algo != "")
{
private_key.reset(
creds.private_key_for(state->server_certs->cert_chain()[0],
@@ -277,7 +277,7 @@ void Server::process_handshake_msg(Handshake_Type type,
m_hostname));
}
- if(kex_algo == "")
+ if(kex_algo == "RSA")
{
state->server_rsa_kex_key = private_key.release();
}