aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_policy.h
Commit message (Collapse)AuthorAgeFilesLines
* Address some issues with PR 492Jack Lloyd2016-08-131-1/+36
| | | | | | | | | | | | | | | | Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
* Merge branch 'master' into Encrypt-then-MAC-with-policyJuraj Somorovsky2016-05-121-1/+1
|\ | | | | | | Merged recent changes and resolved minor conflicts in tls record classes.
| * Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-271-1/+1
| | | | | | | | warnings.
* | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-111-0/+9
| | | | | | | | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
* | TLS Policy supportChristian Mainka2016-05-031-8/+71
|/ | | | | | | * --policy works for TLS Server and TLS Client * Example policy BSI_TR-02102-2.txt * Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2 * Minimum ecdh and rsa group size
* Client must verify that the server sent an ECC curve which policy accepts.Jack Lloyd2016-03-171-0/+2
| | | | | Otherwise a MITM who can in real time break any supported ECC curve can downgrade us.
* TLS client featuresJack Lloyd2016-03-161-0/+3
| | | | | | Add flags --policy, --print-certs, --tls1.0, --tls1.1, --tls1.2 Update todo
* Check that TLS signature type is accepted by the policy.Jack Lloyd2016-03-061-0/+2
| | | | | | Previously the signature hashes and algos info was used to set the v1.2 signature_algorithms extension, but if the counterparty ignored the extension and sent something else, we wouldn't notice.
* Remaining cppcheck fixes that are not covered by GH #444Daniel Neus2016-03-051-4/+2
|
* cppcheck fixes: Class 'X' has a constructor with 1 argument that is not ↵Daniel Neus2016-03-051-2/+2
| | | | explicit.
* Remove TLS heartbeat support.Jack Lloyd2016-02-071-8/+0
| | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* String comparision fixesDaniel Neus2016-01-041-3/+3
| | | | fix PVS-Studio perfomance warnings
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-1/+1
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* TLS improvementsJack Lloyd2015-10-251-0/+15
| | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* Add a runtime map of string->func() which when called returnlloyd2015-01-281-17/+5
| | | | | | | | | | | | | | | | | Transforms and BlockCiphers. Registration for all types is done at startup but is very cheap as just a std::function and a std::map entry are created, no actual objects are created until needed. This is a huge improvement over Algorithm_Factory which used T::clone() as the function and thus kept a prototype object of each type in memory. Replace existing lookup mechanisms for ciphers, AEADs, and compression to use the transform lookup. The existing Engine framework remains in place for BlockCipher, but the engines now just call to the registry instead of having hardcoded lookups. s/Transformation/Transform/ with typedefs for compatability. Remove lib/selftest code (for runtime selftesting): not the right approach.
* Add Strict_Policy. Disable server initiated renegotiation by default.lloyd2015-01-231-4/+37
|
* Add support for configuring a TLS::Policy by text filelloyd2015-01-231-4/+117
|
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-111-4/+1
|
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-0/+7
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Let TLS policy disable putting the timestamp in the hello random fieldslloyd2014-11-041-0/+8
|
* No need to pass version by referencelloyd2014-10-311-1/+1
|
* Add TLS fallback signalling (draft-ietf-tls-downgrade-scsv-00)lloyd2014-10-311-2/+23
|
* Verify that the server did not send any extension that the client didn'tlloyd2014-04-111-2/+2
| | | | offer. Previously the client only checked a couple of special cases.
* Move lib into srclloyd2014-01-101-0/+194
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-20 22:18:54 +0000