aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_policy.h
Commit message (Collapse)AuthorAgeFilesLines
* Prefer CCM over CBC ciphersuitesRené Korthaus2019-11-151-1/+1
|
* Remove non-ephemeral PSK ciphersuites from BSI TLS policyRené Korthaus2019-11-141-1/+1
|
* Add SHA-512 to BSI TLS policy's allowed sigatures hashesRené Korthaus2019-11-141-1/+1
|
* Add AES-128/CCM and AES-256/CCM ciphersuites to BSI TLS policyRené Korthaus2019-11-141-1/+1
| | | | | BSI TR-02102-1 version 2019-01 added CCM ciphersuites as recommended, so we add them to the BSI TLS policy.
* Remove some FFDHE groups from BSI TLS policyRené Korthaus2019-11-141-2/+0
| | | | | | | BSI TR-02102-2 version 2019-01 explicitly lists the FFDHE groups recommended now. ffdhe6144 and ffdhe8192 are not listed, so we remove them from the BSI TLS policy.
* Fix DTLS reconnectionJack Lloyd2019-07-131-0/+6
|
* Fix various issues in TLS found using BoGoJack Lloyd2019-05-201-0/+31
| | | | | | | | | | | | | | | | | | | | | | | | | - BoGo sends unparseable OCSP responses, so we have to accomodate for this by delaying decoding until verification and simply ignoring OCSP responses that we can't parse. - Check that there is no trailing garbage at the end of various messages. - Don't send empty SNI - Check the TLS record header versions (previously ignored) - For CBC 1/n-1 splitting split every record instead of just first. I think this is not a problem but it is what BoGo expects. - New Channel::application_protocol virtual (previously was implemented on both Client and Server but not shared). - Changes to resumption version handling. - Fix server version selection when newer versions are disabled. New policy hooks added in service of BoGo: - maximum_certificate_chain_size gives the maximum cert chain in bytes that we'll accept. - allow_resumption_for_renegotiation specifies if a renegotiation attempt can be simply (re-)resumed instead. - abort_handshake_on_undesired_renegotiation - previously we just ignored it with a warning alert. Now behavior is configurable. - request_client_certificate_authentication - require_client_certificate_authentication
* Add 192-bit Suite B policyJack Lloyd2018-06-141-0/+36
| | | | Since 128-bit policy is actually not even allowed since 2015.
* Add missing overrides [ci skip]Jack Lloyd2018-02-191-1/+1
|
* Remove cruftJack Lloyd2018-02-131-10/+10
|
* Use enums for TLS key exchange group paramsJack Lloyd2018-02-131-43/+26
|
* Use enums to represent TLS signature and kex algorithms.Jack Lloyd2018-01-281-0/+3
| | | | Adds support for PSS signatures (currently verifying only).
* Remove vestigial support for TLS compressionJack Lloyd2018-01-211-9/+0
| | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit.
* Add copyright statements to files modified in the preceding 2 commitsHarry Reimann2017-12-041-0/+1
|
* Make support for certificate status messages optional via policyHarry Reimann2017-12-041-0/+7
| | | | | | | | Don't postpone the verification of a server certificate if certificate status messages are not expected in client handshake. When using an external crypto device it may be necessary to verify the certificate before using the public key for verification of the signature in the server key exchange message.
* Remove final on TLS policy objects (GH #1292)Jack Lloyd2017-11-131-4/+4
|
* Add allowed values for allowed groupsRené Korthaus2017-10-181-3/+13
|
* Add supported groups TLS extension (RFC 7919)René Korthaus2017-10-171-0/+18
|
* Make kv in TLS_Text_Policy private, add protected setterJack Lloyd2017-10-021-0/+3
|
* Apply final annotations to the library alsoJack Lloyd2017-09-221-4/+4
| | | | | Done by a perl script which converted all classes to final, followed by selective reversion where it caused compilation failures.
* De-inline TLS::Text_PolicyJack Lloyd2017-09-211-122/+42
| | | | | Getting a little large to be all defined in a header, and sticking it in a source file allows removing several includes from tls_policy.h
* More include header cleanupsJack Lloyd2017-09-211-1/+0
|
* Header file cleanupsJack Lloyd2017-09-211-0/+1
| | | | Some help from include-what-you-use
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* More annotationsJack Lloyd2017-09-191-1/+1
|
* Add API stability annotations.Jack Lloyd2017-09-191-5/+5
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Merge GH #872 Add ability for TLS servers to prohibit renegotiationJack Lloyd2017-09-191-1/+8
|\
| * Fix logic of renegotiation checkJack Lloyd2017-02-201-0/+2
| | | | | | | | | | | | Turning the policy off broke the server entirely. Expose the new flag to Text_Policy
| * Add TLS::Policy::allow_client_initiated_renegotiationJack Lloyd2017-02-191-1/+6
| | | | | | | | Parallel of the server policy flag.
* | Enforce signature hash policy properlyJack Lloyd2017-08-311-0/+1
| | | | | | | | | | | | | | | | Previously if the client did not send signature_algorithms, or if it only included algos not in the policy, we would just fallback to the hardcoded SHA-1 default of TLS v1.2 Instead check the policy before accepting anything.
* | Fix various MSVC warningsJack Lloyd2017-08-311-2/+2
| | | | | | | | Based on VC2017 output
* | Make it easier to customize Text_Policy when inheriting from itlouiz’2017-04-271-1/+1
| | | | | | | | | | | | This way, the library user can improve the class by adding missing functions or some other tweak they may find useful. Without any access to m_kv this is impossible.
* | Add some missing function overrides in TLS::Text_Policylouiz’2017-04-251-0/+12
| |
* | Content:Tomasz Frydrych2017-04-031-15/+15
|/ | | | | | | | | * fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations) * `default` specifier instead of `{}` in some places(probably all) * removal of unreachable code (for example `return` after `throw`) * removal of compilation unit only visible, but not used functions * fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT` * removed not needed semicolons
* Increase default TLS DH min to 2048 bits, and add BSI policy class.Jack Lloyd2016-12-301-0/+55
| | | | | Moves BSI policy file to test data dir where it can be compared with what the hardcoded class outputs.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-8/+8
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add TLS::Policy::require_cert_revocation_infoJack Lloyd2016-11-281-0/+7
|
* Add TLS::Policy::to_stringJack Lloyd2016-11-261-0/+6
|
* Add minimum_signature_strenght to Text_PolicyJack Lloyd2016-11-251-2/+7
| | | | Also (unrelated) enable CECPQ1 in Strict_Policy
* Add TLS::Policy::minimum_signature_strengthJack Lloyd2016-11-251-0/+9
| | | | | | Changes TLS callback API for cert verify to accept Policy& Sets default signature strength to 110 to force RSA ~2048.
* Change TLS default policy to disable DSA, CCM-8, and static RSAJack Lloyd2016-11-021-3/+9
| | | | | | | | | | | | | | | Disables static RSA by default. The advantage here is twofold: enforcing forward security and protecting TLS servers from oracle attacks since by default they will never negotiate a suite which forces them to act as a decryption oracle. Some applications/users may be forced to enable RSA in order to speak with old or misconfigured peers, but these can be the exception not the default. Disable DSA and CCM-8 by default: if you need to enable these things, you know it. Adds TLS policy hooks to enforce DSA key sizes, default 2048 bits. Remove an incorrect warning about DTLS in the manual; the sequence number window check prevents this scenario from occuring.
* Fix doxygen warnings [ci skip]René Korthaus2016-10-191-2/+2
|
* Improve tls doxygen [ci skip]René Korthaus2016-10-191-0/+13
|
* Support encoding of supported point formats extensionRené Korthaus2016-10-031-0/+8
|
* Address some issues with PR 492Jack Lloyd2016-08-131-1/+36
| | | | | | | | | | | | | | | | Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
* Merge branch 'master' into Encrypt-then-MAC-with-policyJuraj Somorovsky2016-05-121-1/+1
|\ | | | | | | Merged recent changes and resolved minor conflicts in tls record classes.
| * Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-271-1/+1
| | | | | | | | warnings.
* | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-111-0/+9
| | | | | | | | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
* | TLS Policy supportChristian Mainka2016-05-031-8/+71
|/ | | | | | | * --policy works for TLS Server and TLS Client * Example policy BSI_TR-02102-2.txt * Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2 * Minimum ecdh and rsa group size
* Client must verify that the server sent an ECC curve which policy accepts.Jack Lloyd2016-03-171-0/+2
| | | | | Otherwise a MITM who can in real time break any supported ECC curve can downgrade us.