From c6ad94933ec0d718414ba41b3c289b872c04017f Mon Sep 17 00:00:00 2001
From: lloyd <lloyd@randombit.net>
Date: Tue, 10 Dec 2013 00:34:10 +0000
Subject: Have default TLS policy reject SSLv3. Add
 TLS::Policy::acceptable_ciphersuite to allow either party to filter out
 specific ciphersuites they don't wish to support for whatever reason.

---
 doc/relnotes/1_11_6.rst |  3 ++-
 src/tls/tls_policy.cpp  | 22 +++++++++++++++-------
 src/tls/tls_policy.h    |  3 +++
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/doc/relnotes/1_11_6.rst b/doc/relnotes/1_11_6.rst
index b51339791..4b7284f53 100644
--- a/doc/relnotes/1_11_6.rst
+++ b/doc/relnotes/1_11_6.rst
@@ -3,7 +3,8 @@ Version 1.11.6, Not Yet Released
 
  * Botan now requires Boost, specifically the filesystem and asio libraries.
 
- * The default TLS policy no longer includes RC4 in the cipher list.
+ * The default TLS policy no longer includes RC4 in the cipher list, and
+   refuses to negotation SSLv3 by default.
 
  * Add HKDF from :rfc:`5869`
 
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index 3271c3abe..05251e186 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -20,10 +20,10 @@ std::vector<std::string> Policy::allowed_ciphers() const
    return std::vector<std::string>({
       "AES-256/GCM",
       "AES-128/GCM",
-      "AES-256/CCM(16,3)",
-      "AES-128/CCM(16,3)",
-      "AES-256/CCM(8,3)",
-      "AES-128/CCM(8,3)",
+      "AES-256/CCM",
+      "AES-128/CCM",
+      "AES-256/CCM-8",
+      "AES-128/CCM-8",
       //"Camellia-256/GCM",
       //"Camellia-128/GCM",
       "AES-256",
@@ -141,11 +141,16 @@ u32bit Policy::session_ticket_lifetime() const
 
 bool Policy::acceptable_protocol_version(Protocol_Version version) const
    {
-   if(!version.known_version())
+   // By default require TLS to minimize surprise
+   if(version.is_datagram_protocol())
       return false;
 
-   // By default require TLS to minimize surprise
-   return !version.is_datagram_protocol();
+   return (version > Protocol_Version::SSL_V3);
+   }
+
+bool Policy::acceptable_ciphersuite(const Ciphersuite&) const
+   {
+   return true;
    }
 
 namespace {
@@ -235,6 +240,9 @@ std::vector<u16bit> Policy::ciphersuite_list(Protocol_Version version,
 
    for(auto suite : Ciphersuite::all_known_ciphersuites())
       {
+      if(!acceptable_ciphersuite(suite))
+         continue;
+
       if(!have_srp && suite.kex_algo() == "SRP_SHA")
          continue;
 
diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h
index 6a51f2bbf..5b205dfeb 100644
--- a/src/tls/tls_policy.h
+++ b/src/tls/tls_policy.h
@@ -9,6 +9,7 @@
 #define BOTAN_TLS_POLICY_H__
 
 #include <botan/tls_version.h>
+#include <botan/tls_ciphersuite.h>
 #include <botan/x509cert.h>
 #include <botan/dl_group.h>
 #include <vector>
@@ -127,6 +128,8 @@ class BOTAN_DLL Policy
       */
       virtual bool acceptable_protocol_version(Protocol_Version version) const;
 
+      virtual bool acceptable_ciphersuite(const Ciphersuite& suite) const;
+
       /**
       * @return true if servers should choose the ciphersuite matching
       *         their highest preference, rather than the clients.
-- 
cgit v1.2.3