From 13af2356e51b58ade7a1481a957d8a293b0ff9d6 Mon Sep 17 00:00:00 2001 From: René Meusel Date: Tue, 5 Apr 2022 10:53:45 +0200 Subject: Remove redundant TLS_Policy::use_extended_master_secret() For TLS 1.2 EMS is always enabled and TLS 1.3 won't need this extension anyway. --- src/lib/tls/tls_policy.cpp | 2 -- src/lib/tls/tls_policy.h | 21 --------------------- src/lib/tls/tls_text_policy.cpp | 5 ----- 3 files changed, 28 deletions(-) diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index d39ee5e51..a1f2e3004 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -299,7 +299,6 @@ bool Policy::include_time_in_hello_random() const { return true; } bool Policy::hide_unknown_users() const { return false; } bool Policy::server_uses_own_ciphersuite_preferences() const { return true; } bool Policy::negotiate_encrypt_then_mac() const { return true; } -bool Policy::use_extended_master_secret() const { return allow_tls12() || allow_dtls12(); } bool Policy::support_cert_status_message() const { return true; } bool Policy::allow_resumption_for_renegotiation() const { return true; } bool Policy::hash_hello_random() const { return true; } @@ -527,7 +526,6 @@ void Policy::print(std::ostream& o) const print_bool(o, "hide_unknown_users", hide_unknown_users()); print_bool(o, "server_uses_own_ciphersuite_preferences", server_uses_own_ciphersuite_preferences()); print_bool(o, "negotiate_encrypt_then_mac", negotiate_encrypt_then_mac()); - print_bool(o, "use_extended_master_secret", use_extended_master_secret()); print_bool(o, "support_cert_status_message", support_cert_status_message()); print_bool(o, "hash_hello_random", hash_hello_random()); o << "session_ticket_lifetime = " << session_ticket_lifetime() << '\n'; diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h index 2f7060870..3c5480bbf 100644 --- a/src/lib/tls/tls_policy.h +++ b/src/lib/tls/tls_policy.h @@ -258,25 +258,6 @@ class BOTAN_PUBLIC_API(2,0) Policy */ virtual bool negotiate_encrypt_then_mac() const; - /** - * TODO: This should probably be removed as it doesn't have an effect on either - * TLS 1.2 or 1.3. - * - * Indicates whether the extended master secret extension (RFC 7627) should be used. - * - * This is always enabled if the client supports TLS 1.2 (the option has no effect). - * For TLS 1.3 _only_ clients the extension is disabled by default. - * - * RFC 8446 Appendix D: - * TLS 1.2 and prior supported an "Extended Master Secret" [RFC7627] - * extension which digested large parts of the handshake transcript into - * the master secret. Because TLS 1.3 always hashes in the transcript - * up to the server Finished, implementations which support both TLS 1.3 - * and earlier versions SHOULD indicate the use of the Extended Master - * Secret extension in their APIs whenever TLS 1.3 is used. - */ - virtual bool use_extended_master_secret() const; - /** * Indicates whether certificate status messages should be supported */ @@ -550,8 +531,6 @@ class BOTAN_PUBLIC_API(2,0) Text_Policy : public Policy bool negotiate_encrypt_then_mac() const override; - bool use_extended_master_secret() const override; - bool support_cert_status_message() const override; bool require_client_certificate_authentication() const override; diff --git a/src/lib/tls/tls_text_policy.cpp b/src/lib/tls/tls_text_policy.cpp index 11cdf41e5..94fc07b04 100644 --- a/src/lib/tls/tls_text_policy.cpp +++ b/src/lib/tls/tls_text_policy.cpp @@ -89,11 +89,6 @@ bool Text_Policy::negotiate_encrypt_then_mac() const return get_bool("negotiate_encrypt_then_mac", Policy::negotiate_encrypt_then_mac()); } -bool Text_Policy::use_extended_master_secret() const - { - return get_bool("use_extended_master_secret", Policy::use_extended_master_secret()); - } - bool Text_Policy::support_cert_status_message() const { return get_bool("support_cert_status_message", Policy::support_cert_status_message()); -- cgit v1.2.3