From b2da74ca508745f00bb3d6b35cbe34d5031e27e7 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 25 Oct 2015 22:25:40 -0400 Subject: TLS improvements Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks. --- doc/manual/tls.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'doc/manual') diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 554846c25..331bb56bb 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -517,7 +517,9 @@ policy settings from a file. authentication, sending data in cleartext) are also not supported by the implementation and cannot be negotiated. - Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM", + Values without an explicit mode use old-style CBC with HMAC encryption. + + Default value: "AES-256/GCM", "AES-128/GCM", "ChaCha20Poly1305", "AES-256/CCM", "AES-128/CCM", "AES-256/CCM-8", "AES-128/CCM-8", "AES-256", "AES-128" @@ -570,7 +572,7 @@ policy settings from a file. Default: "ECDSA", "RSA", "DSA" - Also allowed: "" (meaning anonymous) + Also allowed (disabled by default): "" (meaning anonymous) .. cpp:function:: std::vector allowed_ecc_curves() const -- cgit v1.2.3