Botan  2.1.0
Crypto and TLS for C++11
Public Member Functions | List of all members
Botan::TLS::Strict_Policy Class Reference

#include <tls_policy.h>

Inheritance diagram for Botan::TLS::Strict_Policy:
Botan::TLS::Policy

Public Member Functions

virtual bool acceptable_ciphersuite (const Ciphersuite &suite) const
 
virtual bool acceptable_protocol_version (Protocol_Version version) const
 
bool allow_dtls10 () const override
 
bool allow_dtls12 () const override
 
virtual bool allow_insecure_renegotiation () const
 
virtual bool allow_server_initiated_renegotiation () const
 
bool allow_tls10 () const override
 
bool allow_tls11 () const override
 
bool allow_tls12 () const override
 
std::vector< std::string > allowed_ciphers () const override
 
bool allowed_ecc_curve (const std::string &curve) const
 
virtual std::vector< std::string > allowed_ecc_curves () const
 
std::vector< std::string > allowed_key_exchange_methods () const override
 
std::vector< std::string > allowed_macs () const override
 
std::vector< std::string > allowed_signature_hashes () const override
 
bool allowed_signature_method (const std::string &sig_method) const
 
virtual std::vector< std::string > allowed_signature_methods () const
 
virtual void check_peer_key_acceptable (const Public_Key &public_key) const
 
virtual std::string choose_curve (const std::vector< std::string > &curve_names) const
 
virtual std::vector< uint16_t > ciphersuite_list (Protocol_Version version, bool have_srp) const
 
virtual std::vector< uint8_t > compression () const
 
virtual std::string dh_group () const
 
virtual size_t dtls_default_mtu () const
 
virtual size_t dtls_initial_timeout () const
 
virtual size_t dtls_maximum_timeout () const
 
virtual bool hide_unknown_users () const
 
virtual bool include_time_in_hello_random () const
 
virtual Protocol_Version latest_supported_version (bool datagram) const
 
virtual size_t minimum_dh_group_size () const
 
virtual size_t minimum_dsa_group_size () const
 
virtual size_t minimum_ecdh_group_size () const
 
virtual size_t minimum_ecdsa_group_size () const
 
virtual size_t minimum_rsa_bits () const
 
virtual size_t minimum_signature_strength () const
 
virtual bool negotiate_encrypt_then_mac () const
 
virtual void print (std::ostream &o) const
 
virtual bool require_cert_revocation_info () const
 
virtual bool send_fallback_scsv (Protocol_Version version) const
 
virtual bool server_uses_own_ciphersuite_preferences () const
 
virtual uint32_t session_ticket_lifetime () const
 
virtual std::vector< uint16_t > srtp_profiles () const
 
std::string to_string () const
 
virtual bool use_ecc_point_compression () const
 

Detailed Description

Definition at line 414 of file tls_policy.h.

Member Function Documentation

bool Botan::TLS::Policy::acceptable_ciphersuite ( const Ciphersuite suite) const
virtualinherited

Allows policy to reject any ciphersuites which are undesirable for whatever reason without having to reimplement ciphersuite_list

Definition at line 264 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::ciphersuite_list().

265  {
266  return true;
267  }
bool Botan::TLS::Policy::acceptable_protocol_version ( Protocol_Version  version) const
virtualinherited
Returns
true if and only if we are willing to accept this version Default accepts TLS v1.0 and later or DTLS v1.2 or later.

Definition at line 241 of file tls_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_tls10(), Botan::TLS::Policy::allow_tls11(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Protocol_Version::DTLS_V10, Botan::TLS::Protocol_Version::DTLS_V12, Botan::TLS::Protocol_Version::TLS_V10, Botan::TLS::Protocol_Version::TLS_V11, and Botan::TLS::Protocol_Version::TLS_V12.

Referenced by Botan::TLS::Client_Hello::Client_Hello().

242  {
243  // Uses boolean optimization:
244  // First check the current version (left part), then if it is allowed
245  // (right part)
246  // checks are ordered according to their probability
247  return (
248  ( ( version == Protocol_Version::TLS_V12) && allow_tls12() ) ||
249  ( ( version == Protocol_Version::TLS_V10) && allow_tls10() ) ||
250  ( ( version == Protocol_Version::TLS_V11) && allow_tls11() ) ||
251  ( ( version == Protocol_Version::DTLS_V12) && allow_dtls12() ) ||
252  ( ( version == Protocol_Version::DTLS_V10) && allow_dtls10() )
253  );
254  }
virtual bool allow_tls10() const
Definition: tls_policy.cpp:271
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:275
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:274
virtual bool allow_tls11() const
Definition: tls_policy.cpp:272
virtual bool allow_tls12() const
Definition: tls_policy.cpp:273
bool Botan::TLS::Strict_Policy::allow_dtls10 ( ) const
overridevirtual

Allow DTLS v1.0

Reimplemented from Botan::TLS::Policy.

Definition at line 528 of file tls_policy.cpp.

528 { return false; }
bool Botan::TLS::Strict_Policy::allow_dtls12 ( ) const
overridevirtual

Allow DTLS v1.2

Reimplemented from Botan::TLS::Policy.

Definition at line 529 of file tls_policy.cpp.

529 { return true; }
bool Botan::TLS::Policy::allow_insecure_renegotiation ( ) const
virtualinherited

Allow renegotiation even if the counterparty doesn't support the secure renegotiation extension.

Warning
Changing this to true exposes you to injected plaintext attacks. Read RFC 5746 for background.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 270 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_insecure_renegotiation(), and Botan::TLS::Policy::print().

270 { return false; }
bool Botan::TLS::Policy::allow_server_initiated_renegotiation ( ) const
virtualinherited

Allow servers to initiate a new handshake

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 269 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_server_initiated_renegotiation(), and Botan::TLS::Policy::print().

269 { return false; }
bool Botan::TLS::Strict_Policy::allow_tls10 ( ) const
overridevirtual

Allow TLS v1.0

Reimplemented from Botan::TLS::Policy.

Definition at line 525 of file tls_policy.cpp.

525 { return false; }
bool Botan::TLS::Strict_Policy::allow_tls11 ( ) const
overridevirtual

Allow TLS v1.1

Reimplemented from Botan::TLS::Policy.

Definition at line 526 of file tls_policy.cpp.

526 { return false; }
bool Botan::TLS::Strict_Policy::allow_tls12 ( ) const
overridevirtual

Allow TLS v1.2

Reimplemented from Botan::TLS::Policy.

Definition at line 527 of file tls_policy.cpp.

527 { return true; }
std::vector< std::string > Botan::TLS::Strict_Policy::allowed_ciphers ( ) const
overridevirtual

Returns a list of ciphers we are willing to negotiate, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 505 of file tls_policy.cpp.

506  {
507  return { "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM" };
508  }
bool Botan::TLS::Policy::allowed_ecc_curve ( const std::string &  curve) const
inherited

Definition at line 111 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_ecc_curves(), and Botan::value_exists().

Referenced by Botan::TLS::Policy::ciphersuite_list(), and Botan::TLS::Client_Key_Exchange::Client_Key_Exchange().

112  {
113  return value_exists(allowed_ecc_curves(), curve);
114  }
virtual std::vector< std::string > allowed_ecc_curves() const
Definition: tls_policy.cpp:96
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
std::vector< std::string > Botan::TLS::Policy::allowed_ecc_curves ( ) const
virtualinherited

Return list of ECC curves we are willing to use in order of preference

Reimplemented in Botan::TLS::Text_Policy, Botan::TLS::BSI_TR_02102_2, and Botan::TLS::NSA_Suite_B_128.

Definition at line 96 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::allowed_ecc_curve(), Botan::TLS::Text_Policy::allowed_ecc_curves(), Botan::TLS::Policy::choose_curve(), Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Policy::print().

97  {
98  // Default list is ordered by performance
99 
100  return {
101  "x25519",
102  "secp256r1",
103  "secp521r1",
104  "secp384r1",
105  "brainpool256r1",
106  "brainpool384r1",
107  "brainpool512r1",
108  };
109  }
std::vector< std::string > Botan::TLS::Strict_Policy::allowed_key_exchange_methods ( ) const
overridevirtual

Returns a list of key exchange algorithms we are willing to use, in order of preference. Allowed values: DH, empty string (representing RSA using server certificate key)

Reimplemented from Botan::TLS::Policy.

Definition at line 520 of file tls_policy.cpp.

521  {
522  return { "CECPQ1", "ECDH" };
523  }
std::vector< std::string > Botan::TLS::Strict_Policy::allowed_macs ( ) const
overridevirtual

Returns a list of MAC algorithms we are willing to use.

Reimplemented from Botan::TLS::Policy.

Definition at line 515 of file tls_policy.cpp.

516  {
517  return { "AEAD" };
518  }
std::vector< std::string > Botan::TLS::Strict_Policy::allowed_signature_hashes ( ) const
overridevirtual

Returns a list of hash algorithms we are willing to use for signatures, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 510 of file tls_policy.cpp.

511  {
512  return { "SHA-512", "SHA-384"};
513  }
bool Botan::TLS::Policy::allowed_signature_method ( const std::string &  sig_method) const
inherited

Definition at line 91 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_signature_methods(), and Botan::value_exists().

Referenced by Botan::TLS::Handshake_State::parse_sig_format().

92  {
93  return value_exists(allowed_signature_methods(), sig_method);
94  }
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:81
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
std::vector< std::string > Botan::TLS::Policy::allowed_signature_methods ( ) const
virtualinherited

Returns a list of signature algorithms we are willing to use, in order of preference. Allowed values RSA and DSA.

Reimplemented in Botan::TLS::Text_Policy, Botan::TLS::BSI_TR_02102_2, and Botan::TLS::NSA_Suite_B_128.

Definition at line 81 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::allowed_signature_method(), Botan::TLS::Text_Policy::allowed_signature_methods(), Botan::TLS::Policy::ciphersuite_list(), Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Policy::print().

82  {
83  return {
84  "ECDSA",
85  "RSA",
86  //"DSA",
87  //"" (anon)
88  };
89  }
void Botan::TLS::Policy::check_peer_key_acceptable ( const Public_Key public_key) const
virtualinherited

Throw an exception if you don't like the peer's key. Default impl checks the key size against minimum_rsa_bits, minimum_ecdsa_group_size, or minimum_ecdh_group_size depending on the key's type. Override if you'd like to perform some other kind of test on (or logging of) the peer's keys.

Definition at line 186 of file tls_policy.cpp.

References Botan::Public_Key::algo_name(), Botan::TLS::Alert::INSUFFICIENT_SECURITY, Botan::Public_Key::key_length(), Botan::TLS::Policy::minimum_dh_group_size(), Botan::TLS::Policy::minimum_dsa_group_size(), Botan::TLS::Policy::minimum_ecdh_group_size(), Botan::TLS::Policy::minimum_ecdsa_group_size(), Botan::TLS::Policy::minimum_rsa_bits(), and Botan::ASN1::to_string().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Certificate_Verify::verify(), and Botan::TLS::Server_Key_Exchange::verify().

187  {
188  const std::string algo_name = public_key.algo_name();
189 
190  const size_t keylength = public_key.key_length();
191  size_t expected_keylength = 0;
192 
193  if(algo_name == "RSA")
194  {
195  expected_keylength = minimum_rsa_bits();
196  }
197  else if(algo_name == "DH")
198  {
199  expected_keylength = minimum_dh_group_size();
200  }
201  else if(algo_name == "DSA")
202  {
203  expected_keylength = minimum_dsa_group_size();
204  }
205  else if(algo_name == "ECDH" || algo_name == "Curve25519")
206  {
207  expected_keylength = minimum_ecdh_group_size();
208  }
209  else if(algo_name == "ECDSA")
210  {
211  expected_keylength = minimum_ecdsa_group_size();
212  }
213  // else some other algo, so leave expected_keylength as zero and the check is a no-op
214 
215  if(keylength < expected_keylength)
216  throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
217  "Peer sent " +
218  std::to_string(keylength) + " bit " + algo_name + " key"
219  ", policy requires at least " +
220  std::to_string(expected_keylength));
221  }
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:141
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:152
virtual size_t minimum_dsa_group_size() const
Definition: tls_policy.cpp:180
virtual size_t minimum_ecdsa_group_size() const
Definition: tls_policy.cpp:146
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:168
std::string Botan::TLS::Policy::choose_curve ( const std::vector< std::string > &  curve_names) const
virtualinherited

Choose an elliptic curve to use

Definition at line 124 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_ecc_curves(), and Botan::value_exists().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

125  {
126  const std::vector<std::string> our_curves = allowed_ecc_curves();
127 
128  for(size_t i = 0; i != our_curves.size(); ++i)
129  if(value_exists(curve_names, our_curves[i]))
130  return our_curves[i];
131 
132  return ""; // no shared curve
133  }
virtual std::vector< std::string > allowed_ecc_curves() const
Definition: tls_policy.cpp:96
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
std::vector< uint16_t > Botan::TLS::Policy::ciphersuite_list ( Protocol_Version  version,
bool  have_srp 
) const
virtualinherited

Return allowed ciphersuites, in order of preference

Definition at line 369 of file tls_policy.cpp.

References Botan::TLS::Policy::acceptable_ciphersuite(), Botan::TLS::Ciphersuite::all_known_ciphersuites(), Botan::TLS::Policy::allowed_ciphers(), Botan::TLS::Policy::allowed_ecc_curve(), Botan::TLS::Policy::allowed_key_exchange_methods(), Botan::TLS::Policy::allowed_macs(), Botan::TLS::Policy::allowed_signature_methods(), Botan::TLS::Protocol_Version::supports_aead_modes(), and Botan::value_exists().

371  {
372  const std::vector<std::string> ciphers = allowed_ciphers();
373  const std::vector<std::string> macs = allowed_macs();
374  const std::vector<std::string> kex = allowed_key_exchange_methods();
375  const std::vector<std::string> sigs = allowed_signature_methods();
376 
377  std::vector<Ciphersuite> ciphersuites;
378 
379  for(auto&& suite : Ciphersuite::all_known_ciphersuites())
380  {
381  // Can we use it?
382  if(suite.valid() == false)
383  continue;
384 
385  // Is it acceptable to the policy?
386  if(!this->acceptable_ciphersuite(suite))
387  continue;
388 
389  // Are we doing SRP?
390  if(!have_srp && suite.kex_algo() == "SRP_SHA")
391  continue;
392 
393  if(!version.supports_aead_modes())
394  {
395  // Are we doing AEAD in a non-AEAD version?
396  if(suite.mac_algo() == "AEAD")
397  continue;
398 
399  // Older (v1.0/v1.1) versions also do not support any hash but SHA-1
400  if(suite.mac_algo() != "SHA-1")
401  continue;
402  }
403 
404  if(!value_exists(kex, suite.kex_algo()))
405  continue; // unsupported key exchange
406 
407  if(!value_exists(ciphers, suite.cipher_algo()))
408  continue; // unsupported cipher
409 
410  if(!value_exists(macs, suite.mac_algo()))
411  continue; // unsupported MAC algo
412 
413  if(!value_exists(sigs, suite.sig_algo()))
414  {
415  // allow if it's an empty sig algo and we want to use PSK
416  if(suite.sig_algo() != "" || !suite.psk_ciphersuite())
417  continue;
418  }
419 
420  /*
421  CECPQ1 always uses x25519 for ECDH, so treat the applications
422  removal of x25519 from the ECC curve list as equivalent to
423  saying they do not trust CECPQ1
424  */
425  if(suite.kex_algo() == "CECPQ1" && allowed_ecc_curve("x25519") == false)
426  continue;
427 
428  // OK, consider it
429  ciphersuites.push_back(suite);
430  }
431 
432  if(ciphersuites.empty())
433  {
434  throw Exception("Policy does not allow any available cipher suite");
435  }
436 
437  Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs);
438  std::sort(ciphersuites.begin(), ciphersuites.end(), order);
439 
440  std::vector<uint16_t> ciphersuite_codes;
441  for(auto i : ciphersuites)
442  ciphersuite_codes.push_back(i.ciphersuite_code());
443  return ciphersuite_codes;
444  }
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:19
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:81
bool allowed_ecc_curve(const std::string &curve) const
Definition: tls_policy.cpp:111
bool value_exists(const std::vector< T > &vec, const T &val)
Definition: stl_util.h:86
virtual bool acceptable_ciphersuite(const Ciphersuite &suite) const
Definition: tls_policy.cpp:264
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:67
static const std::vector< Ciphersuite > & all_known_ciphersuites()
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:52
std::vector< uint8_t > Botan::TLS::Policy::compression ( ) const
virtualinherited

Returns a list of compression algorithms we are willing to use, in order of preference. Allowed values any value of Compression_Method.

Note
Compression is not currently supported

Definition at line 226 of file tls_policy.cpp.

References Botan::TLS::NO_COMPRESSION.

227  {
228  return std::vector<uint8_t>{ NO_COMPRESSION };
229  }
std::string Botan::TLS::Policy::dh_group ( ) const
virtualinherited

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 135 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::dh_group(), Botan::TLS::Policy::print(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

136  {
137  // We offer 2048 bit DH because we can
138  return "modp/ietf/2048";
139  }
size_t Botan::TLS::Policy::dtls_default_mtu ( ) const
virtualinherited
Returns
the default MTU for DTLS

Definition at line 285 of file tls_policy.cpp.

286  {
287  // default MTU is IPv6 min MTU minus UDP/IP headers
288  return 1280 - 40 - 8;
289  }
size_t Botan::TLS::Policy::dtls_initial_timeout ( ) const
virtualinherited
Returns
the initial timeout for DTLS

Definition at line 282 of file tls_policy.cpp.

282 { return 1*1000; }
size_t Botan::TLS::Policy::dtls_maximum_timeout ( ) const
virtualinherited
Returns
the maximum timeout for DTLS

Definition at line 283 of file tls_policy.cpp.

283 { return 60*1000; }
bool Botan::TLS::Policy::hide_unknown_users ( ) const
virtualinherited

If this function returns false, unknown SRP/PSK identifiers will be rejected with an unknown_psk_identifier alert as soon as the non-existence is identified. Otherwise, a false identifier value will be used and the protocol allowed to proceed, causing the handshake to eventually fail without revealing that the username does not exist on this system.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 277 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Text_Policy::hide_unknown_users(), Botan::TLS::Policy::print(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

277 { return false; }
bool Botan::TLS::Policy::include_time_in_hello_random ( ) const
virtualinherited

The protocol dictates that the first 32 bits of the random field are the current time in seconds. However this allows client fingerprinting attacks. Set to false to disable, in which case random bytes will be used instead.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 276 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::include_time_in_hello_random(), Botan::TLS::make_hello_random(), and Botan::TLS::Policy::print().

276 { return true; }
Protocol_Version Botan::TLS::Policy::latest_supported_version ( bool  datagram) const
virtualinherited

Returns the more recent protocol version we are willing to use, for either TLS or DTLS depending on datagram param. Shouldn't ever need to override this unless you want to allow a user to disable use of TLS v1.2 (which is not recommended)

Definition at line 256 of file tls_policy.cpp.

References Botan::TLS::Protocol_Version::latest_dtls_version(), and Botan::TLS::Protocol_Version::latest_tls_version().

Referenced by Botan::TLS::Policy::send_fallback_scsv().

257  {
258  if(datagram)
260  else
262  }
static Protocol_Version latest_dtls_version()
Definition: tls_version.h:44
static Protocol_Version latest_tls_version()
Definition: tls_version.h:36
size_t Botan::TLS::Policy::minimum_dh_group_size ( ) const
virtualinherited

Return the minimum DH group size we're willing to use Default is currently 1024 (insecure), should be 2048

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 141 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_dh_group_size(), and Botan::TLS::Policy::print().

142  {
143  return 2048;
144  }
size_t Botan::TLS::Policy::minimum_dsa_group_size ( ) const
virtualinherited

Minimum DSA group size, default 2048 bits

Reimplemented in Botan::TLS::BSI_TR_02102_2.

Definition at line 180 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable().

181  {
182  // FIPS 186-3
183  return 2048;
184  }
size_t Botan::TLS::Policy::minimum_ecdh_group_size ( ) const
virtualinherited

Return the minimum ECDH group size we're willing to use for key exchange

Default 255, allowing x25519 and larger x25519 is the smallest curve we will negotiate P-521 is the largest

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 152 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_ecdh_group_size(), and Botan::TLS::Policy::print().

153  {
154  // x25519 is smallest curve currently supported for TLS key exchange
155  return 255;
156  }
size_t Botan::TLS::Policy::minimum_ecdsa_group_size ( ) const
virtualinherited

For ECDSA authenticated ciphersuites, the smallest key size the client will accept. This policy is currently only enforced on the server by the client.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 146 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), and Botan::TLS::Text_Policy::minimum_ecdsa_group_size().

147  {
148  // Here we are at the mercy of whatever the CA signed, but most certs should be 256 bit by now
149  return 256;
150  }
size_t Botan::TLS::Policy::minimum_rsa_bits ( ) const
virtualinherited

Return the minimum bit size we're willing to accept for RSA key exchange or server signatures.

It does not place any requirements on the size of any RSA signature(s) which were used to check the server certificate. This is only concerned with the server's public key.

Default is 2048 which is smallest RSA key size still secure for medium term security.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 168 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_rsa_bits(), and Botan::TLS::Policy::print().

169  {
170  /* Default assumption is all end-entity certificates should
171  be at least 2048 bits these days.
172 
173  If you are connecting to arbitrary servers on the Internet
174  (ie as a web browser or SMTP client) you'll probably have to reduce this
175  to 1024 bits, or perhaps even lower.
176  */
177  return 2048;
178  }
size_t Botan::TLS::Policy::minimum_signature_strength ( ) const
virtualinherited

The minimum signature strength we will accept Returning 80 allows RSA 1024 and SHA-1. Values larger than 80 disable SHA-1 support. Returning 110 allows RSA 2048. Return 128 to force ECC (P-256) or large (~3000 bit) RSA keys. Default is 110

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::NSA_Suite_B_128.

Definition at line 158 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::minimum_signature_strength(), Botan::TLS::Policy::print(), and Botan::TLS::Callbacks::tls_verify_cert_chain().

159  {
160  return 110;
161  }
bool Botan::TLS::Policy::negotiate_encrypt_then_mac ( ) const
virtualinherited

Indicates whether the encrypt-then-MAC extension should be negotiated (RFC 7366)

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 279 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Text_Policy::negotiate_encrypt_then_mac(), Botan::TLS::Policy::print(), and Botan::TLS::Server_Hello::Server_Hello().

279 { return true; }
void Botan::TLS::Policy::print ( std::ostream &  o) const
virtualinherited

Convert this policy to a printable format.

Parameters
ostream to be printed to

Definition at line 470 of file tls_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_insecure_renegotiation(), Botan::TLS::Policy::allow_server_initiated_renegotiation(), Botan::TLS::Policy::allow_tls10(), Botan::TLS::Policy::allow_tls11(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Policy::allowed_ciphers(), Botan::TLS::Policy::allowed_ecc_curves(), Botan::TLS::Policy::allowed_key_exchange_methods(), Botan::TLS::Policy::allowed_macs(), Botan::TLS::Policy::allowed_signature_hashes(), Botan::TLS::Policy::allowed_signature_methods(), Botan::TLS::Policy::dh_group(), Botan::TLS::Policy::hide_unknown_users(), Botan::TLS::Policy::include_time_in_hello_random(), Botan::TLS::Policy::minimum_dh_group_size(), Botan::TLS::Policy::minimum_ecdh_group_size(), Botan::TLS::Policy::minimum_rsa_bits(), Botan::TLS::Policy::minimum_signature_strength(), Botan::TLS::Policy::negotiate_encrypt_then_mac(), Botan::TLS::Policy::server_uses_own_ciphersuite_preferences(), and Botan::TLS::Policy::session_ticket_lifetime().

Referenced by Botan::TLS::Policy::to_string().

471  {
472  print_bool(o, "allow_tls10", allow_tls10());
473  print_bool(o, "allow_tls11", allow_tls11());
474  print_bool(o, "allow_tls12", allow_tls12());
475  print_bool(o, "allow_dtls10", allow_dtls10());
476  print_bool(o, "allow_dtls12", allow_dtls12());
477  print_vec(o, "ciphers", allowed_ciphers());
478  print_vec(o, "macs", allowed_macs());
479  print_vec(o, "signature_hashes", allowed_signature_hashes());
480  print_vec(o, "signature_methods", allowed_signature_methods());
481  print_vec(o, "key_exchange_methods", allowed_key_exchange_methods());
482  print_vec(o, "ecc_curves", allowed_ecc_curves());
483 
484  print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation());
485  print_bool(o, "include_time_in_hello_random", include_time_in_hello_random());
486  print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation());
487  print_bool(o, "hide_unknown_users", hide_unknown_users());
488  print_bool(o, "server_uses_own_ciphersuite_preferences", server_uses_own_ciphersuite_preferences());
489  print_bool(o, "negotiate_encrypt_then_mac", negotiate_encrypt_then_mac());
490  o << "session_ticket_lifetime = " << session_ticket_lifetime() << '\n';
491  o << "dh_group = " << dh_group() << '\n';
492  o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
493  o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n';
494  o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n';
495  o << "minimum_signature_strength = " << minimum_signature_strength() << '\n';
496  }
virtual std::vector< std::string > allowed_ciphers() const
Definition: tls_policy.cpp:19
virtual size_t minimum_dh_group_size() const
Definition: tls_policy.cpp:141
virtual bool allow_insecure_renegotiation() const
Definition: tls_policy.cpp:270
virtual std::vector< std::string > allowed_ecc_curves() const
Definition: tls_policy.cpp:96
virtual std::vector< std::string > allowed_signature_methods() const
Definition: tls_policy.cpp:81
virtual bool server_uses_own_ciphersuite_preferences() const
Definition: tls_policy.cpp:278
virtual size_t minimum_ecdh_group_size() const
Definition: tls_policy.cpp:152
virtual bool hide_unknown_users() const
Definition: tls_policy.cpp:277
virtual std::string dh_group() const
Definition: tls_policy.cpp:135
virtual bool allow_server_initiated_renegotiation() const
Definition: tls_policy.cpp:269
virtual std::vector< std::string > allowed_signature_hashes() const
Definition: tls_policy.cpp:42
virtual size_t minimum_rsa_bits() const
Definition: tls_policy.cpp:168
virtual uint32_t session_ticket_lifetime() const
Definition: tls_policy.cpp:231
virtual bool allow_tls10() const
Definition: tls_policy.cpp:271
virtual size_t minimum_signature_strength() const
Definition: tls_policy.cpp:158
virtual bool allow_dtls12() const
Definition: tls_policy.cpp:275
virtual bool allow_dtls10() const
Definition: tls_policy.cpp:274
virtual bool include_time_in_hello_random() const
Definition: tls_policy.cpp:276
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition: tls_policy.cpp:67
virtual bool allow_tls11() const
Definition: tls_policy.cpp:272
virtual std::vector< std::string > allowed_macs() const
Definition: tls_policy.cpp:52
virtual bool negotiate_encrypt_then_mac() const
Definition: tls_policy.cpp:279
virtual bool allow_tls12() const
Definition: tls_policy.cpp:273
bool Botan::TLS::Policy::require_cert_revocation_info ( ) const
virtualinherited

Return if cert revocation info (CRL/OCSP) is required If true, validation will fail unless a valid CRL or OCSP response was examined.

Definition at line 163 of file tls_policy.cpp.

Referenced by Botan::TLS::Callbacks::tls_verify_cert_chain().

164  {
165  return true;
166  }
bool Botan::TLS::Policy::send_fallback_scsv ( Protocol_Version  version) const
virtualinherited

When offering this version, should we send a fallback SCSV? Default returns true iff version is not the latest version the policy allows, exists to allow override in case of interop problems.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 236 of file tls_policy.cpp.

References Botan::TLS::Protocol_Version::is_datagram_protocol(), and Botan::TLS::Policy::latest_supported_version().

Referenced by Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Text_Policy::send_fallback_scsv().

237  {
238  return version != latest_supported_version(version.is_datagram_protocol());
239  }
virtual Protocol_Version latest_supported_version(bool datagram) const
Definition: tls_policy.cpp:256
bool Botan::TLS::Policy::server_uses_own_ciphersuite_preferences ( ) const
virtualinherited
Returns
true if servers should choose the ciphersuite matching their highest preference, rather than the clients. Has no effect on client side.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 278 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::print(), and Botan::TLS::Text_Policy::server_uses_own_ciphersuite_preferences().

278 { return true; }
uint32_t Botan::TLS::Policy::session_ticket_lifetime ( ) const
virtualinherited

Return the allowed lifetime of a session ticket. If 0, session tickets do not expire until the session ticket key rolls over. Expired session tickets cannot be used to resume a session.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 231 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::print(), and Botan::TLS::Text_Policy::session_ticket_lifetime().

232  {
233  return 86400; // ~1 day
234  }
std::vector< uint16_t > Botan::TLS::Policy::srtp_profiles ( ) const
virtualinherited

If this returns a non-empty vector, and DTLS is negotiated, then we will also attempt to negotiate the SRTP extension from RFC 5764 using the returned values as the profile ids.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 291 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Server_Hello::Server_Hello().

292  {
293  return std::vector<uint16_t>();
294  }
std::string Botan::TLS::Policy::to_string ( ) const
inherited

Convert this policy to a printable format. Same as calling print on a ostringstream and reading o.str()

Definition at line 498 of file tls_policy.cpp.

References Botan::TLS::Policy::print().

499  {
500  std::ostringstream oss;
501  this->print(oss);
502  return oss.str();
503  }
virtual void print(std::ostream &o) const
Definition: tls_policy.cpp:470
bool Botan::TLS::Policy::use_ecc_point_compression ( ) const
virtualinherited

Request that ECC curve points are sent compressed

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 116 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Server_Hello::Server_Hello(), and Botan::TLS::Text_Policy::use_ecc_point_compression().

117  {
118  return false;
119  }

The documentation for this class was generated from the following files: