#include <tls_policy.h>

Inheritance diagram for Botan::TLS::NSA_Suite_B_128:

Public Member Functions
virtual bool	abort_connection_on_undesired_renegotiation () const

virtual bool	acceptable_ciphersuite (const Ciphersuite &suite) const

virtual bool	acceptable_protocol_version (Protocol_Version version) const

virtual bool	allow_client_initiated_renegotiation () const

bool	allow_dtls10 () const override

bool	allow_dtls12 () const override

virtual bool	allow_dtls_epoch0_restart () const

virtual bool	allow_insecure_renegotiation () const

virtual bool	allow_resumption_for_renegotiation () const

virtual bool	allow_server_initiated_renegotiation () const

bool	allow_tls10 () const override

bool	allow_tls11 () const override

bool	allow_tls12 () const override

std::vector< std::string >	allowed_ciphers () const override

std::vector< std::string >	allowed_key_exchange_methods () const override

std::vector< std::string >	allowed_macs () const override

bool	allowed_signature_hash (const std::string &hash) const

std::vector< std::string >	allowed_signature_hashes () const override

bool	allowed_signature_method (const std::string &sig_method) const

std::vector< std::string >	allowed_signature_methods () const override

virtual std::vector< Signature_Scheme >	allowed_signature_schemes () const

virtual void	check_peer_key_acceptable (const Public_Key &public_key) const

virtual Group_Params	choose_key_exchange_group (const std::vector< Group_Params > &peer_groups) const

virtual std::vector< uint16_t >	ciphersuite_list (Protocol_Version version, bool have_srp) const

virtual Group_Params	default_dh_group () const

virtual size_t	dtls_default_mtu () const

virtual size_t	dtls_initial_timeout () const

virtual size_t	dtls_maximum_timeout () const

virtual bool	hide_unknown_users () const

virtual bool	include_time_in_hello_random () const

std::vector< Group_Params >	key_exchange_groups () const override

virtual Protocol_Version	latest_supported_version (bool datagram) const

virtual size_t	maximum_certificate_chain_size () const

virtual size_t	minimum_dh_group_size () const

virtual size_t	minimum_dsa_group_size () const

virtual size_t	minimum_ecdh_group_size () const

virtual size_t	minimum_ecdsa_group_size () const

virtual size_t	minimum_rsa_bits () const

size_t	minimum_signature_strength () const override

virtual bool	negotiate_encrypt_then_mac () const

virtual bool	only_resume_with_exact_version () const

virtual void	print (std::ostream &o) const

virtual bool	request_client_certificate_authentication () const

virtual bool	require_cert_revocation_info () const

virtual bool	require_client_certificate_authentication () const

virtual bool	send_fallback_scsv (Protocol_Version version) const

virtual bool	server_uses_own_ciphersuite_preferences () const

virtual uint32_t	session_ticket_lifetime () const

virtual std::vector< uint16_t >	srtp_profiles () const

virtual bool	support_cert_status_message () const

std::string	to_string () const

virtual bool	use_ecc_point_compression () const

Detailed Description

NSA Suite B 128-bit security level (RFC 6460)

Warning: As of August 2015 NSA indicated only the 192-bit Suite B should be used for all classification levels.

Definition at line 352 of file tls_policy.h.

Member Function Documentation

◆ abort_connection_on_undesired_renegotiation()

bool Botan::TLS::Policy::abort_connection_on_undesired_renegotiation ( ) const

virtualinherited

If true, a request to renegotiate will close the connection with a fatal alert. Otherwise, a warning alert is sent.

Definition at line 349 of file tls_policy.cpp.

349 { return false; }

◆ acceptable_ciphersuite()

bool Botan::TLS::Policy::acceptable_ciphersuite ( const Ciphersuite & suite ) const

virtualinherited

Allows policy to reject any ciphersuites which are undesirable for whatever reason without having to reimplement ciphersuite_list

Definition at line 326 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_ciphers(), Botan::TLS::Policy::allowed_macs(), Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::mac_algo(), and Botan::value_exists().

Referenced by Botan::TLS::Policy::ciphersuite_list().

    {
    return value_exists(allowed_ciphers(), ciphersuite.cipher_algo()) &&
           value_exists(allowed_macs(), ciphersuite.mac_algo());
    }

◆ acceptable_protocol_version()

bool Botan::TLS::Policy::acceptable_protocol_version ( Protocol_Version version ) const

virtualinherited

Returns: true if and only if we are willing to accept this version Default accepts TLS v1.0 and later or DTLS v1.2 or later.

Definition at line 278 of file tls_policy.cpp.

References Botan::TLS::Policy::allow_dtls10(), Botan::TLS::Policy::allow_dtls12(), Botan::TLS::Policy::allow_tls10(), Botan::TLS::Policy::allow_tls11(), Botan::TLS::Policy::allow_tls12(), Botan::TLS::Protocol_Version::DTLS_V10, Botan::TLS::Protocol_Version::DTLS_V12, Botan::TLS::Protocol_Version::TLS_V10, Botan::TLS::Protocol_Version::TLS_V11, and Botan::TLS::Protocol_Version::TLS_V12.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Policy::latest_supported_version().

    {
    if(version == Protocol_Version::TLS_V12 && allow_tls12())
       return true;
 
    if(version == Protocol_Version::DTLS_V12 && allow_dtls12())
       return true;
 
 #if defined(BOTAN_HAS_TLS_V10)
 
    if(version == Protocol_Version::TLS_V11 && allow_tls11())
       return true;
    if(version == Protocol_Version::TLS_V10 && allow_tls10())
       return true;
    if(version == Protocol_Version::DTLS_V10 && allow_dtls10())
       return true;
 
 #endif
 
    return false;
    }

◆ allow_client_initiated_renegotiation()

bool Botan::TLS::Policy::allow_client_initiated_renegotiation ( ) const

virtualinherited

Consulted by server side. If true, allows clients to initiate a new handshake

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 332 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_client_initiated_renegotiation().

332 { return false; }

◆ allow_dtls10()

bool Botan::TLS::NSA_Suite_B_128::allow_dtls10 ( ) const

inlineoverridevirtual

Allow DTLS v1.0

Reimplemented from Botan::TLS::Policy.

Definition at line 378 of file tls_policy.h.

378 { return false; }

◆ allow_dtls12()

bool Botan::TLS::NSA_Suite_B_128::allow_dtls12 ( ) const

inlineoverridevirtual

Allow DTLS v1.2

Reimplemented from Botan::TLS::Policy.

Definition at line 379 of file tls_policy.h.

379 { return false; }

◆ allow_dtls_epoch0_restart()

bool Botan::TLS::Policy::allow_dtls_epoch0_restart ( ) const

virtualinherited

If true, then allow a DTLS client to restart a connection to the same server association as described in section 4.2.8 of the DTLS RFC

Definition at line 350 of file tls_policy.cpp.

Referenced by Botan::TLS::Channel::received_data().

350 { return false; }

◆ allow_insecure_renegotiation()

bool Botan::TLS::Policy::allow_insecure_renegotiation ( ) const

virtualinherited

Allow renegotiation even if the counterparty doesn't support the secure renegotiation extension.

Warning: Changing this to true exposes you to injected plaintext attacks. Read RFC 5746 for background.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 334 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_insecure_renegotiation(), and Botan::TLS::Policy::print().

334 { return false; }

◆ allow_resumption_for_renegotiation()

bool Botan::TLS::Policy::allow_resumption_for_renegotiation ( ) const

virtualinherited

Definition at line 345 of file tls_policy.cpp.

Referenced by Botan::TLS::Channel::renegotiate().

345 { return true; }

◆ allow_server_initiated_renegotiation()

bool Botan::TLS::Policy::allow_server_initiated_renegotiation ( ) const

virtualinherited

Consulted by client side. If true, allows servers to initiate a new handshake

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 333 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::allow_server_initiated_renegotiation(), and Botan::TLS::Policy::print().

333 { return false; }

◆ allow_tls10()

bool Botan::TLS::NSA_Suite_B_128::allow_tls10 ( ) const

inlineoverridevirtual

Allow TLS v1.0

Reimplemented from Botan::TLS::Policy.

Definition at line 375 of file tls_policy.h.

375 { return false; }

◆ allow_tls11()

bool Botan::TLS::NSA_Suite_B_128::allow_tls11 ( ) const

inlineoverridevirtual

Allow TLS v1.1

Reimplemented from Botan::TLS::Policy.

Definition at line 376 of file tls_policy.h.

376 { return false; }

◆ allow_tls12()

bool Botan::TLS::NSA_Suite_B_128::allow_tls12 ( ) const

inlineoverridevirtual

Allow TLS v1.2

Reimplemented from Botan::TLS::Policy.

Definition at line 377 of file tls_policy.h.

377 { return true; }

◆ allowed_ciphers()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_ciphers ( ) const

inlineoverridevirtual

Returns a list of ciphers we are willing to negotiate, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 355 of file tls_policy.h.

356 { return std::vector<std::string>({"AES-128/GCM"}); }

◆ allowed_key_exchange_methods()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_key_exchange_methods ( ) const

inlineoverridevirtual

Returns a list of key exchange algorithms we are willing to use, in order of preference. Allowed values: DH, empty string (representing RSA using server certificate key)

Reimplemented from Botan::TLS::Policy.

Definition at line 364 of file tls_policy.h.

365 { return std::vector<std::string>({"ECDH"}); }

◆ allowed_macs()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_macs ( ) const

inlineoverridevirtual

Returns a list of MAC algorithms we are willing to use.

Reimplemented from Botan::TLS::Policy.

Definition at line 361 of file tls_policy.h.

362 { return std::vector<std::string>({"AEAD"}); }

◆ allowed_signature_hash()

bool Botan::TLS::Policy::allowed_signature_hash ( const std::string & hash ) const

inherited

Definition at line 122 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_signature_hashes(), and Botan::value_exists().

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), and Botan::TLS::Handshake_State::choose_sig_format().

    {
    return value_exists(allowed_signature_hashes(), sig_hash);
    }

◆ allowed_signature_hashes()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_signature_hashes ( ) const

inlineoverridevirtual

Returns a list of hash algorithms we are willing to use for signatures, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 358 of file tls_policy.h.

359 { return std::vector<std::string>({"SHA-256"}); }

◆ allowed_signature_method()

bool Botan::TLS::Policy::allowed_signature_method ( const std::string & sig_method ) const

inherited

Definition at line 117 of file tls_policy.cpp.

References Botan::TLS::Policy::allowed_signature_methods(), and Botan::value_exists().

Referenced by Botan::TLS::Policy::allowed_signature_schemes(), and Botan::TLS::Handshake_State::parse_sig_format().

    {
    return value_exists(allowed_signature_methods(), sig_method);
    }

◆ allowed_signature_methods()

std::vector<std::string> Botan::TLS::NSA_Suite_B_128::allowed_signature_methods ( ) const

inlineoverridevirtual

Returns a list of signature algorithms we are willing to use, in order of preference. Allowed values RSA and DSA.

Reimplemented from Botan::TLS::Policy.

Definition at line 367 of file tls_policy.h.

368 { return std::vector<std::string>({"ECDSA"}); }

◆ allowed_signature_schemes()

std::vector< Signature_Scheme > Botan::TLS::Policy::allowed_signature_schemes ( ) const

virtualinherited

Definition at line 22 of file tls_policy.cpp.

References Botan::TLS::all_signature_schemes(), Botan::TLS::Policy::allowed_signature_hash(), Botan::TLS::Policy::allowed_signature_method(), Botan::TLS::hash_function_of_scheme(), Botan::TLS::signature_algorithm_of_scheme(), and Botan::TLS::signature_scheme_is_known().

Referenced by Botan::TLS::Handshake_State::choose_sig_format(), and Botan::TLS::Client_Hello::Client_Hello().

    {
    std::vector<Signature_Scheme> schemes;
 
    for(Signature_Scheme scheme : all_signature_schemes())
       {
       if(signature_scheme_is_known(scheme) == false)
          continue;
       const bool sig_allowed = allowed_signature_method(signature_algorithm_of_scheme(scheme));
       const bool hash_allowed = allowed_signature_hash(hash_function_of_scheme(scheme));
 
       if(sig_allowed && hash_allowed)
          {
          schemes.push_back(scheme);
          }
       }
 
    return schemes;
    }

◆ check_peer_key_acceptable()

void Botan::TLS::Policy::check_peer_key_acceptable ( const Public_Key & public_key ) const

virtualinherited

Throw an exception if you don't like the peer's key. Default impl checks the key size against minimum_rsa_bits, minimum_ecdsa_group_size, or minimum_ecdh_group_size depending on the key's type. Override if you'd like to perform some other kind of test on (or logging of) the peer's keys.

Definition at line 231 of file tls_policy.cpp.

References Botan::Public_Key::algo_name(), Botan::TLS::Alert::INSUFFICIENT_SECURITY, Botan::Public_Key::key_length(), Botan::TLS::Policy::minimum_dh_group_size(), Botan::TLS::Policy::minimum_dsa_group_size(), Botan::TLS::Policy::minimum_ecdh_group_size(), Botan::TLS::Policy::minimum_ecdsa_group_size(), Botan::TLS::Policy::minimum_rsa_bits(), and Botan::ASN1::to_string().

Referenced by Botan::TLS::Callbacks::tls_dh_agree(), Botan::TLS::Callbacks::tls_ecdh_agree(), Botan::TLS::Certificate_Verify::verify(), and Botan::TLS::Server_Key_Exchange::verify().

    {
    const std::string algo_name = public_key.algo_name();
 
    const size_t keylength = public_key.key_length();
    size_t expected_keylength = 0;
 
    if(algo_name == "RSA")
       {
       expected_keylength = minimum_rsa_bits();
       }
    else if(algo_name == "DH")
       {
       expected_keylength = minimum_dh_group_size();
       }
    else if(algo_name == "DSA")
       {
       expected_keylength = minimum_dsa_group_size();
       }
    else if(algo_name == "ECDH" || algo_name == "Curve25519")
       {
       expected_keylength = minimum_ecdh_group_size();
       }
    else if(algo_name == "ECDSA")
       {
       expected_keylength = minimum_ecdsa_group_size();
       }
    // else some other algo, so leave expected_keylength as zero and the check is a no-op
 
    if(keylength < expected_keylength)
       throw TLS_Exception(Alert::INSUFFICIENT_SECURITY,
                           "Peer sent " +
                            std::to_string(keylength) + " bit " + algo_name + " key"
                            ", policy requires at least " +
                            std::to_string(expected_keylength));
    }

◆ choose_key_exchange_group()

Group_Params Botan::TLS::Policy::choose_key_exchange_group ( const std::vector< Group_Params > & peer_groups ) const

virtualinherited

Select a key exchange group to use, from the list of groups sent by the peer. If none are acceptable, return Group_Params::NONE

Definition at line 132 of file tls_policy.cpp.

References Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::NONE, and Botan::value_exists().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

    {
    if(peer_groups.empty())
       return Group_Params::NONE;
 
    const std::vector<Group_Params> our_groups = key_exchange_groups();
 
    for(auto g : our_groups)
       {
       if(value_exists(peer_groups, g))
          return g;
       }
 
    return Group_Params::NONE;
    }

◆ ciphersuite_list()

std::vector< uint16_t > Botan::TLS::Policy::ciphersuite_list	(	Protocol_Version	version,
		bool	have_srp
	)		const

virtualinherited

Return allowed ciphersuites, in order of preference

Definition at line 442 of file tls_policy.cpp.

References Botan::TLS::Policy::acceptable_ciphersuite(), Botan::TLS::Ciphersuite::all_known_ciphersuites(), Botan::TLS::Policy::allowed_ciphers(), Botan::TLS::Policy::allowed_key_exchange_methods(), Botan::TLS::Policy::allowed_macs(), Botan::TLS::Policy::allowed_signature_methods(), Botan::TLS::CECPQ1, Botan::TLS::IMPLICIT, Botan::TLS::Policy::key_exchange_groups(), Botan::TLS::SRP_SHA, Botan::value_exists(), and Botan::TLS::X25519.

    {
    const std::vector<std::string> ciphers = allowed_ciphers();
    const std::vector<std::string> macs = allowed_macs();
    const std::vector<std::string> kex = allowed_key_exchange_methods();
    const std::vector<std::string> sigs = allowed_signature_methods();
 
    std::vector<Ciphersuite> ciphersuites;
 
    for(auto&& suite : Ciphersuite::all_known_ciphersuites())
       {
       // Can we use it?
       if(!suite.valid())
          continue;
 
       // Can we use it in this version?
       if(!suite.usable_in_version(version))
          continue;
 
       // Is it acceptable to the policy?
       if(!this->acceptable_ciphersuite(suite))
          continue;
 
       // Are we doing SRP?
       if(!have_srp && suite.kex_method() == Kex_Algo::SRP_SHA)
          continue;
 
       if(!value_exists(kex, suite.kex_algo()))
          continue; // unsupported key exchange
 
       if(!value_exists(ciphers, suite.cipher_algo()))
          continue; // unsupported cipher
 
       if(!value_exists(macs, suite.mac_algo()))
          continue; // unsupported MAC algo
 
       if(!value_exists(sigs, suite.sig_algo()))
          {
          // allow if it's an empty sig algo and we want to use PSK
          if(suite.auth_method() != Auth_Method::IMPLICIT || !suite.psk_ciphersuite())
             continue;
          }
 
       /*
       CECPQ1 always uses x25519 for ECDH, so treat the applications
       removal of x25519 from the ECC curve list as equivalent to
       saying they do not trust CECPQ1
       */
       if(suite.kex_method() == Kex_Algo::CECPQ1)
          {
          if(value_exists(key_exchange_groups(), Group_Params::X25519) == false)
             continue;
          }
 
       // OK, consider it
       ciphersuites.push_back(suite);
       }
 
    if(ciphersuites.empty())
       {
       throw Invalid_State("Policy does not allow any available cipher suite");
       }
 
    Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs);
    std::sort(ciphersuites.begin(), ciphersuites.end(), order);
 
    std::vector<uint16_t> ciphersuite_codes;
    for(auto i : ciphersuites)
       ciphersuite_codes.push_back(i.ciphersuite_code());
    return ciphersuite_codes;
    }

◆ default_dh_group()

Group_Params Botan::TLS::Policy::default_dh_group ( ) const

virtualinherited

Definition at line 148 of file tls_policy.cpp.

References Botan::TLS::FFDHE_2048, Botan::TLS::group_param_is_dh(), and Botan::TLS::Policy::key_exchange_groups().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

    {
    /*
    * Return the first listed or just default to 2048
    */
    for(auto g : key_exchange_groups())
       {
       if(group_param_is_dh(g))
          return g;
       }
 
    return Group_Params::FFDHE_2048;
    }

◆ dtls_default_mtu()

size_t Botan::TLS::Policy::dtls_default_mtu ( ) const

virtualinherited

Returns: the default MTU for DTLS

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 358 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::dtls_default_mtu().

    {
    // default MTU is IPv6 min MTU minus UDP/IP headers
    return 1280 - 40 - 8;
    }

◆ dtls_initial_timeout()

size_t Botan::TLS::Policy::dtls_initial_timeout ( ) const

virtualinherited

Returns: the initial timeout for DTLS

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 355 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::dtls_initial_timeout().

355 { return 1*1000; }

◆ dtls_maximum_timeout()

size_t Botan::TLS::Policy::dtls_maximum_timeout ( ) const

virtualinherited

Returns: the maximum timeout for DTLS

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 356 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::dtls_maximum_timeout().

356 { return 60*1000; }

◆ hide_unknown_users()

bool Botan::TLS::Policy::hide_unknown_users ( ) const

virtualinherited

If this function returns false, unknown SRP/PSK identifiers will be rejected with an unknown_psk_identifier alert as soon as the non-existence is identified. Otherwise, a false identifier value will be used and the protocol allowed to proceed, causing the handshake to eventually fail without revealing that the username does not exist on this system.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 341 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Text_Policy::hide_unknown_users(), Botan::TLS::Policy::print(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

341 { return false; }

◆ include_time_in_hello_random()

bool Botan::TLS::Policy::include_time_in_hello_random ( ) const

virtualinherited

The protocol dictates that the first 32 bits of the random field are the current time in seconds. However this allows client fingerprinting attacks. Set to false to disable, in which case random bytes will be used instead.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 340 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::include_time_in_hello_random(), Botan::TLS::make_hello_random(), and Botan::TLS::Policy::print().

340 { return true; }

◆ key_exchange_groups()

std::vector<Group_Params> Botan::TLS::NSA_Suite_B_128::key_exchange_groups ( ) const

inlineoverridevirtual

Return list of ECC curves and FFDHE groups we are willing to use in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 370 of file tls_policy.h.

References Botan::TLS::SECP256R1.

371 { return {Group_Params::SECP256R1}; }

Botan::TLS::Group_Params::SECP256R1

◆ latest_supported_version()

Protocol_Version Botan::TLS::Policy::latest_supported_version ( bool datagram ) const

virtualinherited

Returns the more recent protocol version we are willing to use, for either TLS or DTLS depending on datagram param. Shouldn't ever need to override this unless you want to allow a user to disable use of TLS v1.2 (which is not recommended)

Definition at line 300 of file tls_policy.cpp.

References Botan::TLS::Policy::acceptable_protocol_version(), Botan::TLS::Protocol_Version::DTLS_V10, Botan::TLS::Protocol_Version::DTLS_V12, Botan::TLS::Protocol_Version::TLS_V10, Botan::TLS::Protocol_Version::TLS_V11, and Botan::TLS::Protocol_Version::TLS_V12.

Referenced by Botan::TLS::Policy::send_fallback_scsv().

    {
    if(datagram)
       {
       if(acceptable_protocol_version(Protocol_Version::DTLS_V12))
          return Protocol_Version::DTLS_V12;
 #if defined(BOTAN_HAS_TLS_V10)
       if(acceptable_protocol_version(Protocol_Version::DTLS_V10))
          return Protocol_Version::DTLS_V10;
 #endif
       throw Invalid_State("Policy forbids all available DTLS version");
       }
    else
       {
       if(acceptable_protocol_version(Protocol_Version::TLS_V12))
          return Protocol_Version::TLS_V12;
 #if defined(BOTAN_HAS_TLS_V10)
       if(acceptable_protocol_version(Protocol_Version::TLS_V11))
          return Protocol_Version::TLS_V11;
       if(acceptable_protocol_version(Protocol_Version::TLS_V10))
          return Protocol_Version::TLS_V10;
 #endif
       throw Invalid_State("Policy forbids all available TLS version");
       }
    }

◆ maximum_certificate_chain_size()

size_t Botan::TLS::Policy::maximum_certificate_chain_size ( ) const

virtualinherited

Returns: the maximum size of the certificate chain, in bytes. Return 0 to disable this and accept any size.

Definition at line 352 of file tls_policy.cpp.

Referenced by Botan::TLS::Certificate::Certificate().

352 { return 0; }

◆ minimum_dh_group_size()

size_t Botan::TLS::Policy::minimum_dh_group_size ( ) const

virtualinherited

Return the minimum DH group size we're willing to use Default is currently 1024 (insecure), should be 2048

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 186 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_dh_group_size(), and Botan::TLS::Policy::print().

    {
    return 2048;
    }

◆ minimum_dsa_group_size()

size_t Botan::TLS::Policy::minimum_dsa_group_size ( ) const

virtualinherited

Minimum DSA group size, default 2048 bits

Reimplemented in Botan::TLS::BSI_TR_02102_2.

Definition at line 225 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable().

    {
    // FIPS 186-3
    return 2048;
    }

◆ minimum_ecdh_group_size()

size_t Botan::TLS::Policy::minimum_ecdh_group_size ( ) const

virtualinherited

Return the minimum ECDH group size we're willing to use for key exchange

Default 255, allowing x25519 and larger x25519 is the smallest curve we will negotiate P-521 is the largest

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 197 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_ecdh_group_size(), and Botan::TLS::Policy::print().

    {
    // x25519 is smallest curve currently supported for TLS key exchange
    return 255;
    }

◆ minimum_ecdsa_group_size()

size_t Botan::TLS::Policy::minimum_ecdsa_group_size ( ) const

virtualinherited

For ECDSA authenticated ciphersuites, the smallest key size the client will accept. This policy is currently only enforced on the server by the client.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 191 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), and Botan::TLS::Text_Policy::minimum_ecdsa_group_size().

    {
    // Here we are at the mercy of whatever the CA signed, but most certs should be 256 bit by now
    return 256;
    }

◆ minimum_rsa_bits()

size_t Botan::TLS::Policy::minimum_rsa_bits ( ) const

virtualinherited

Return the minimum bit size we're willing to accept for RSA key exchange or server signatures.

It does not place any requirements on the size of any RSA signature(s) which were used to check the server certificate. This is only concerned with the server's public key.

Default is 2048 which is smallest RSA key size still secure for medium term security.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 213 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_rsa_bits(), and Botan::TLS::Policy::print().

    {
    /* Default assumption is all end-entity certificates should
       be at least 2048 bits these days.
 
       If you are connecting to arbitrary servers on the Internet
       (ie as a web browser or SMTP client) you'll probably have to reduce this
       to 1024 bits, or perhaps even lower.
    */
    return 2048;
    }

◆ minimum_signature_strength()

size_t Botan::TLS::NSA_Suite_B_128::minimum_signature_strength ( ) const

inlineoverridevirtual

The minimum signature strength we will accept Returning 80 allows RSA 1024 and SHA-1. Values larger than 80 disable SHA-1 support. Returning 110 allows RSA 2048. Return 128 to force ECC (P-256) or large (~3000 bit) RSA keys. Default is 110

Reimplemented from Botan::TLS::Policy.

Definition at line 373 of file tls_policy.h.

373 { return 128; }

◆ negotiate_encrypt_then_mac()

bool Botan::TLS::Policy::negotiate_encrypt_then_mac ( ) const

virtualinherited

Indicates whether the encrypt-then-MAC extension should be negotiated (RFC 7366)

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 343 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Text_Policy::negotiate_encrypt_then_mac(), Botan::TLS::Policy::print(), and Botan::TLS::Server_Hello::Server_Hello().

343 { return true; }

◆ only_resume_with_exact_version()

bool Botan::TLS::Policy::only_resume_with_exact_version ( ) const

virtualinherited

Definition at line 346 of file tls_policy.cpp.

346 { return true; }

◆ print()

void Botan::TLS::Policy::print ( std::ostream & o ) const

virtualinherited

Convert this policy to a printable format.

Parameters

o	stream to be printed to

Definition at line 553 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::to_string().

    {
    print_bool(o, "allow_tls10", allow_tls10());
    print_bool(o, "allow_tls11", allow_tls11());
    print_bool(o, "allow_tls12", allow_tls12());
    print_bool(o, "allow_dtls10", allow_dtls10());
    print_bool(o, "allow_dtls12", allow_dtls12());
    print_vec(o, "ciphers", allowed_ciphers());
    print_vec(o, "macs", allowed_macs());
    print_vec(o, "signature_hashes", allowed_signature_hashes());
    print_vec(o, "signature_methods", allowed_signature_methods());
    print_vec(o, "key_exchange_methods", allowed_key_exchange_methods());
    print_vec(o, "key_exchange_groups", key_exchange_groups());
 
    print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation());
    print_bool(o, "include_time_in_hello_random", include_time_in_hello_random());
    print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation());
    print_bool(o, "hide_unknown_users", hide_unknown_users());
    print_bool(o, "server_uses_own_ciphersuite_preferences", server_uses_own_ciphersuite_preferences());
    print_bool(o, "negotiate_encrypt_then_mac", negotiate_encrypt_then_mac());
    print_bool(o, "support_cert_status_message", support_cert_status_message());
    o << "session_ticket_lifetime = " << session_ticket_lifetime() << '\n';
    o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
    o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n';
    o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n';
    o << "minimum_signature_strength = " << minimum_signature_strength() << '\n';
    }

◆ request_client_certificate_authentication()

bool Botan::TLS::Policy::request_client_certificate_authentication ( ) const

virtualinherited

Indicate if client certificate authentication is requested. If true, then a cert will be requested.

Definition at line 348 of file tls_policy.cpp.

References Botan::TLS::Policy::require_client_certificate_authentication().

348 { return require_client_certificate_authentication(); }

Botan::TLS::Policy::require_client_certificate_authentication

virtual bool require_client_certificate_authentication() const

Definition: tls_policy.cpp:347

◆ require_cert_revocation_info()

bool Botan::TLS::Policy::require_cert_revocation_info ( ) const

virtualinherited

Return if cert revocation info (CRL/OCSP) is required If true, validation will fail unless a valid CRL or OCSP response was examined.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 208 of file tls_policy.cpp.

Referenced by Botan::TLS::Text_Policy::require_cert_revocation_info(), and Botan::TLS::Callbacks::tls_verify_cert_chain().

    {
    return true;
    }

◆ require_client_certificate_authentication()

bool Botan::TLS::Policy::require_client_certificate_authentication ( ) const

virtualinherited

Indicate if client certificate authentication is required. If true, then a cert will be requested and if the client does not send a certificate the connection will be closed.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 347 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::request_client_certificate_authentication(), and Botan::TLS::Text_Policy::require_client_certificate_authentication().

347 { return false; }

◆ send_fallback_scsv()

bool Botan::TLS::Policy::send_fallback_scsv ( Protocol_Version version ) const

virtualinherited

When offering this version, should we send a fallback SCSV? Default returns true iff version is not the latest version the policy allows, exists to allow override in case of interop problems.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 273 of file tls_policy.cpp.

References Botan::TLS::Protocol_Version::is_datagram_protocol(), and Botan::TLS::Policy::latest_supported_version().

Referenced by Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Text_Policy::send_fallback_scsv().

    {
    return version != latest_supported_version(version.is_datagram_protocol());
    }

◆ server_uses_own_ciphersuite_preferences()

bool Botan::TLS::Policy::server_uses_own_ciphersuite_preferences ( ) const

virtualinherited

Returns: true if servers should choose the ciphersuite matching their highest preference, rather than the clients. Has no effect on client side.

Reimplemented in Botan::TLS::Text_Policy, and Botan::TLS::BSI_TR_02102_2.

Definition at line 342 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::print(), and Botan::TLS::Text_Policy::server_uses_own_ciphersuite_preferences().

342 { return true; }

◆ session_ticket_lifetime()

uint32_t Botan::TLS::Policy::session_ticket_lifetime ( ) const

virtualinherited

Return the allowed lifetime of a session ticket. If 0, session tickets do not expire until the session ticket key rolls over. Expired session tickets cannot be used to resume a session.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 268 of file tls_policy.cpp.

Referenced by Botan::TLS::Policy::print(), and Botan::TLS::Text_Policy::session_ticket_lifetime().

    {
    return 86400; // ~1 day
    }

◆ srtp_profiles()

std::vector< uint16_t > Botan::TLS::Policy::srtp_profiles ( ) const

virtualinherited

If this returns a non-empty vector, and DTLS is negotiated, then we will also attempt to negotiate the SRTP extension from RFC 5764 using the returned values as the profile ids.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 364 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), and Botan::TLS::Server_Hello::Server_Hello().

    {
    return std::vector<uint16_t>();
    }

◆ support_cert_status_message()

bool Botan::TLS::Policy::support_cert_status_message ( ) const

virtualinherited

Indicates whether certificate status messages should be supported

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 344 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Policy::print(), Botan::TLS::Server_Hello::Server_Hello(), and Botan::TLS::Text_Policy::support_cert_status_message().

344 { return true; }

◆ to_string()

std::string Botan::TLS::Policy::to_string ( ) const

inherited

Convert this policy to a printable format. Same as calling print on a ostringstream and reading o.str()

Definition at line 581 of file tls_policy.cpp.

References Botan::TLS::Policy::print().

    {
    std::ostringstream oss;
    this->print(oss);
    return oss.str();
    }

◆ use_ecc_point_compression()

bool Botan::TLS::Policy::use_ecc_point_compression ( ) const

virtualinherited

Request that ECC curve points are sent compressed

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 127 of file tls_policy.cpp.

Referenced by Botan::TLS::Client_Hello::Client_Hello(), Botan::TLS::Server_Hello::Server_Hello(), and Botan::TLS::Text_Policy::use_ecc_point_compression().

    {
    return false;
    }

The documentation for this class was generated from the following file:

src/lib/tls/tls_policy.h

Public Member Functions

Detailed Description

Member Function Documentation

◆ abort_connection_on_undesired_renegotiation()

◆ acceptable_ciphersuite()

◆ acceptable_protocol_version()

◆ allow_client_initiated_renegotiation()

◆ allow_dtls10()

◆ allow_dtls12()

◆ allow_dtls_epoch0_restart()

◆ allow_insecure_renegotiation()

◆ allow_resumption_for_renegotiation()

◆ allow_server_initiated_renegotiation()

◆ allow_tls10()

◆ allow_tls11()

◆ allow_tls12()

◆ allowed_ciphers()

◆ allowed_key_exchange_methods()

◆ allowed_macs()

◆ allowed_signature_hash()

◆ allowed_signature_hashes()

◆ allowed_signature_method()

◆ allowed_signature_methods()

◆ allowed_signature_schemes()

◆ check_peer_key_acceptable()

◆ choose_key_exchange_group()

◆ ciphersuite_list()

◆ default_dh_group()

◆ dtls_default_mtu()

◆ dtls_initial_timeout()

◆ dtls_maximum_timeout()

◆ hide_unknown_users()

◆ include_time_in_hello_random()

◆ key_exchange_groups()

◆ latest_supported_version()

◆ maximum_certificate_chain_size()

◆ minimum_dh_group_size()

◆ minimum_dsa_group_size()

◆ minimum_ecdh_group_size()

◆ minimum_ecdsa_group_size()

◆ minimum_rsa_bits()

◆ minimum_signature_strength()

◆ negotiate_encrypt_then_mac()

◆ only_resume_with_exact_version()

◆ print()

◆ request_client_certificate_authentication()

◆ require_cert_revocation_info()

◆ require_client_certificate_authentication()

◆ send_fallback_scsv()

◆ server_uses_own_ciphersuite_preferences()

◆ session_ticket_lifetime()

◆ srtp_profiles()

◆ support_cert_status_message()

◆ to_string()

◆ use_ecc_point_compression()