| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
| |
BSI TR-02102-1 version 2019-01 added CCM ciphersuites
as recommended, so we add them to the BSI TLS policy.
|
|
|
|
|
|
|
| |
BSI TR-02102-2 version 2019-01 explicitly lists
the FFDHE groups recommended now. ffdhe6144 and
ffdhe8192 are not listed, so we remove them from
the BSI TLS policy.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- BoGo sends unparseable OCSP responses, so we have to accomodate for
this by delaying decoding until verification and simply ignoring
OCSP responses that we can't parse.
- Check that there is no trailing garbage at the end of various messages.
- Don't send empty SNI
- Check the TLS record header versions (previously ignored)
- For CBC 1/n-1 splitting split every record instead of just first.
I think this is not a problem but it is what BoGo expects.
- New Channel::application_protocol virtual (previously was
implemented on both Client and Server but not shared).
- Changes to resumption version handling.
- Fix server version selection when newer versions are disabled.
New policy hooks added in service of BoGo:
- maximum_certificate_chain_size gives the maximum cert chain in bytes
that we'll accept.
- allow_resumption_for_renegotiation specifies if a renegotiation
attempt can be simply (re-)resumed instead.
- abort_handshake_on_undesired_renegotiation - previously we just
ignored it with a warning alert. Now behavior is configurable.
- request_client_certificate_authentication
- require_client_certificate_authentication
|
|
|
|
| |
Since 128-bit policy is actually not even allowed since 2015.
|
| |
|
| |
|
| |
|
|
|
|
| |
Adds support for PSS signatures (currently verifying only).
|
|
|
|
|
| |
It was never supported and never will be. Removing negotiation entirely
simplifies the code a bit.
|
| |
|
|
|
|
|
|
|
|
| |
Don't postpone the verification of a server certificate if certificate
status messages are not expected in client handshake. When using an
external crypto device it may be necessary to verify the certificate
before using the public key for verification of the signature in the
server key exchange message.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Done by a perl script which converted all classes to final, followed
by selective reversion where it caused compilation failures.
|
|
|
|
|
| |
Getting a little large to be all defined in a header, and sticking
it in a source file allows removing several includes from tls_policy.h
|
| |
|
|
|
|
| |
Some help from include-what-you-use
|
|
|
|
|
|
| |
ISO C++ reserves names with double underscores in them
Closes #512
|
| |
|
|
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Turning the policy off broke the server entirely.
Expose the new flag to Text_Policy
|
| |
| |
| |
| | |
Parallel of the server policy flag.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Previously if the client did not send signature_algorithms, or if
it only included algos not in the policy, we would just fallback to
the hardcoded SHA-1 default of TLS v1.2
Instead check the policy before accepting anything.
|
| |
| |
| |
| | |
Based on VC2017 output
|
| |
| |
| |
| |
| |
| | |
This way, the library user can improve the class by adding missing functions
or some other tweak they may find useful. Without any access to m_kv this is
impossible.
|
| | |
|
|/
|
|
|
|
|
|
|
| |
* fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations)
* `default` specifier instead of `{}` in some places(probably all)
* removal of unreachable code (for example `return` after `throw`)
* removal of compilation unit only visible, but not used functions
* fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT`
* removed not needed semicolons
|
|
|
|
|
| |
Moves BSI policy file to test data dir where it can be compared with
what the hardcoded class outputs.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| |
|
| |
|
|
|
|
| |
Also (unrelated) enable CECPQ1 in Strict_Policy
|
|
|
|
|
|
| |
Changes TLS callback API for cert verify to accept Policy&
Sets default signature strength to 110 to force RSA ~2048.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Disables static RSA by default. The advantage here is twofold: enforcing forward
security and protecting TLS servers from oracle attacks since by default they
will never negotiate a suite which forces them to act as a decryption
oracle. Some applications/users may be forced to enable RSA in order to speak
with old or misconfigured peers, but these can be the exception not the default.
Disable DSA and CCM-8 by default: if you need to enable these things, you know it.
Adds TLS policy hooks to enforce DSA key sizes, default 2048 bits.
Remove an incorrect warning about DTLS in the manual; the sequence number window
check prevents this scenario from occuring.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit
for the changes in 7c7fcecbe6a and 6d327f879c
Add Policy::check_peer_key_acceptable which lets the app set an arbitrary
callback for examining keys - both the end entity signature keys from
certificates and the peer PFS public keys. Default impl checks that the
algorithm size matches the min keylength. This centralizes this logic
and lets the application do interesting things.
Adds a policy for ECDSA group size checks.
Increases default policy minimums to 2048 RSA and 256 ECC.
(Maybe I'm an optimist after all.)
|
|\
| |
| |
| | |
Merged recent changes and resolved minor conflicts in tls record classes.
|
| |
| |
| |
| | |
warnings.
|
| |
| |
| |
| |
| |
| | |
Introduced a countermeasure against the logjam attack
Short TLS records (AES-CBC) now return BAD_RECORD_MAC
Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
|
|/
|
|
|
|
|
| |
* --policy works for TLS Server and TLS Client
* Example policy BSI_TR-02102-2.txt
* Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2
* Minimum ecdh and rsa group size
|
|
|
|
|
| |
Otherwise a MITM who can in real time break any supported ECC curve can
downgrade us.
|