diff options
Diffstat (limited to 'src/lib/tls')
| -rw-r--r-- | src/lib/tls/tls_policy.cpp | 1 | ||||
| -rw-r--r-- | src/lib/tls/tls_policy.h | 9 | ||||
| -rw-r--r-- | src/lib/tls/tls_server.cpp | 8 |
3 files changed, 16 insertions, 2 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 7432b276e..863958eaa 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -285,6 +285,7 @@ bool Policy::acceptable_ciphersuite(const Ciphersuite&) const return true; } +bool Policy::allow_client_initiated_renegotiation() const { return false; } bool Policy::allow_server_initiated_renegotiation() const { return false; } bool Policy::allow_insecure_renegotiation() const { return false; } bool Policy::allow_tls10() const { return true; } diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index d36a20aad..80dc9cbd6 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -120,7 +120,12 @@ class BOTAN_DLL Policy virtual bool include_time_in_hello_random() const; /** - * Allow servers to initiate a new handshake + * Consulted by server side. If true, allows clients to initiate a new handshake + */ + virtual bool allow_client_initiated_renegotiation() const; + + /** + * Consulted by client side. If true, allows servers to initiate a new handshake */ virtual bool allow_server_initiated_renegotiation() const; @@ -476,6 +481,8 @@ class BOTAN_DLL Text_Policy : public Policy bool include_time_in_hello_random() const override { return get_bool("include_time_in_hello_random", Policy::include_time_in_hello_random()); } + bool allow_client_initiated_renegotiation() const override + { return get_bool("allow_client_initiated_renegotiation", Policy::allow_client_initiated_renegotiation()); } bool allow_server_initiated_renegotiation() const override { return get_bool("allow_server_initiated_renegotiation", Policy::allow_server_initiated_renegotiation()); } diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 434acf93d..1c9ca0b86 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -387,9 +387,15 @@ void Server::initiate_handshake(Handshake_State& state, void Server::process_client_hello_msg(const Handshake_State* active_state, Server_Handshake_State& pending_state, const std::vector<uint8_t>& contents) -{ + { const bool initial_handshake = !active_state; + if(initial_handshake == false && policy().allow_client_initiated_renegotiation() == false) + { + send_warning_alert(Alert::NO_RENEGOTIATION); + return; + } + if(!policy().allow_insecure_renegotiation() && !(initial_handshake || secure_renegotiation_supported())) { |