diff options
| -rw-r--r-- | src/tls/tls_policy.cpp | 4 | ||||
| -rw-r--r-- | src/tls/tls_version.cpp | 6 | ||||
| -rw-r--r-- | src/tls/tls_version.h | 2 |
3 files changed, 12 insertions, 0 deletions
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index 149adb138..bbca6a4d2 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -43,6 +43,7 @@ std::vector<std::string> Policy::allowed_signature_hashes() const std::vector<std::string> Policy::allowed_macs() const { return std::vector<std::string>({ + //"AEAD", "SHA-384", "SHA-256", "SHA-1", @@ -233,6 +234,9 @@ std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version, if(version.is_datagram_protocol() && suite.cipher_algo() == "ARC4") continue; + if(!version.supports_aead_modes() && suite.mac_algo() == "AEAD") + continue; + if(!value_exists(kex, suite.kex_algo())) continue; // unsupported key exchange diff --git a/src/tls/tls_version.cpp b/src/tls/tls_version.cpp index 9f972033b..7b880d98c 100644 --- a/src/tls/tls_version.cpp +++ b/src/tls/tls_version.cpp @@ -90,6 +90,12 @@ bool Protocol_Version::supports_ciphersuite_specific_prf() const m_version == Protocol_Version::DTLS_V12); } +bool Protocol_Version::supports_aead_modes() const + { + return (m_version == Protocol_Version::TLS_V12 || + m_version == Protocol_Version::DTLS_V12); + } + } } diff --git a/src/tls/tls_version.h b/src/tls/tls_version.h index 2fb5365dc..9fd71b629 100644 --- a/src/tls/tls_version.h +++ b/src/tls/tls_version.h @@ -108,6 +108,8 @@ class BOTAN_DLL Protocol_Version */ bool supports_ciphersuite_specific_prf() const; + bool supports_aead_modes() const; + /** * @return if this version is equal to other */ |