Botan 3.11.0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::TLS::Strict_Policy Class Reference

#include <tls_policy.h>

Inheritance diagram for Botan::TLS::Strict_Policy:
Botan::TLS::Policy

Public Member Functions

virtual bool abort_connection_on_undesired_renegotiation () const
virtual std::optional< std::vector< Signature_Scheme > > acceptable_certificate_signature_schemes () const
virtual bool acceptable_ciphersuite (const Ciphersuite &suite) const
virtual bool acceptable_protocol_version (Protocol_Version version) const
virtual std::vector< Signature_Schemeacceptable_signature_schemes () const
virtual std::vector< Certificate_Typeaccepted_client_certificate_types () const
virtual std::vector< Certificate_Typeaccepted_server_certificate_types () const
virtual bool allow_client_initiated_renegotiation () const
virtual bool allow_dtls12 () const
virtual bool allow_dtls_epoch0_restart () const
virtual bool allow_insecure_renegotiation () const
virtual bool allow_resumption_for_renegotiation () const
virtual bool allow_server_initiated_renegotiation () const
virtual bool allow_ssl_key_log_file () const
virtual bool allow_tls12 () const
virtual bool allow_tls13 () const
std::vector< std::string > allowed_ciphers () const override
std::vector< std::string > allowed_key_exchange_methods () const override
std::vector< std::string > allowed_macs () const override
bool allowed_signature_hash (std::string_view hash) const
std::vector< std::string > allowed_signature_hashes () const override
bool allowed_signature_method (std::string_view sig_method) const
virtual std::vector< std::string > allowed_signature_methods () const
virtual std::vector< Signature_Schemeallowed_signature_schemes () const
virtual void check_peer_key_acceptable (const Public_Key &public_key) const
virtual Group_Params choose_key_exchange_group (const std::vector< Group_Params > &supported_by_peer, const std::vector< Group_Params > &offered_by_peer) const
virtual std::vector< uint16_t > ciphersuite_list (Protocol_Version version) const
virtual Group_Params default_dh_group () const
virtual size_t dtls_default_mtu () const
virtual size_t dtls_initial_timeout () const
virtual size_t dtls_maximum_timeout () const
virtual bool hash_hello_random () const
virtual bool hide_unknown_users () const
virtual bool include_time_in_hello_random () const
virtual std::vector< Group_Paramskey_exchange_groups () const
virtual std::vector< Group_Paramskey_exchange_groups_to_offer () const
virtual Protocol_Version latest_supported_version (bool datagram) const
virtual size_t maximum_certificate_chain_size () const
virtual size_t maximum_session_tickets_per_client_hello () const
virtual size_t minimum_dh_group_size () const
virtual size_t minimum_ecdh_group_size () const
virtual size_t minimum_ecdsa_group_size () const
virtual size_t minimum_rsa_bits () const
virtual size_t minimum_signature_strength () const
virtual bool negotiate_encrypt_then_mac () const
virtual size_t new_session_tickets_upon_handshake_success () const
virtual bool only_resume_with_exact_version () const
virtual void print (std::ostream &o) const
virtual std::optional< uint16_t > record_size_limit () const
virtual bool request_client_certificate_authentication () const
virtual bool require_cert_revocation_info () const
virtual bool require_client_certificate_authentication () const
virtual bool reuse_session_tickets () const
virtual bool server_uses_own_ciphersuite_preferences () const
virtual std::chrono::seconds session_ticket_lifetime () const
virtual std::vector< uint16_t > srtp_profiles () const
virtual bool support_cert_status_message () const
virtual bool tls_13_middlebox_compatibility_mode () const
std::string to_string () const
virtual bool use_ecc_point_compression () const

Detailed Description

Definition at line 722 of file tls_policy.h.

Member Function Documentation

◆ abort_connection_on_undesired_renegotiation()

bool Botan::TLS::Policy::abort_connection_on_undesired_renegotiation ( ) const
virtualinherited

If true, a request to renegotiate will close the connection with a fatal alert. Otherwise, a warning alert is sent.

See also
allow_client_initiated_renegotiation
allow_server_initiated_renegotiation

Default: false

Note
Has no effect for TLS 1.3 connections.

Definition at line 446 of file tls_policy.cpp.

446 {
447 return false;
448}

◆ acceptable_certificate_signature_schemes()

std::optional< std::vector< Signature_Scheme > > Botan::TLS::Policy::acceptable_certificate_signature_schemes ( ) const
virtualinherited

Return a list of schemes we are willing to accept for signatures in certificates.

By default, the same restrictions as in acceptable_signature_schemes() apply.

Returns
std::nullopt if the same restrictions as defined in acceptable_signature_schemes() should apply

Definition at line 48 of file tls_policy.cpp.

48 {
49 // the restrictions of ::acceptable_signature_schemes() shall apply
50 return std::nullopt;
51}

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), and Botan::TLS::Client_Hello_13::Client_Hello_13().

◆ acceptable_ciphersuite()

bool Botan::TLS::Policy::acceptable_ciphersuite ( const Ciphersuite & suite) const
virtualinherited

Allows policy to reject any ciphersuites which are undesirable for whatever reason without having to reimplement ciphersuite_list

Definition at line 357 of file tls_policy.cpp.

357 {
358 return value_exists(allowed_ciphers(), ciphersuite.cipher_algo()) &&
359 value_exists(allowed_macs(), ciphersuite.mac_algo());
360}
Botan::TLS::Policy::allowed_macs
virtual std::vector< std::string > allowed_macs() const
Definition tls_policy.cpp:81
Botan::TLS::Policy::allowed_ciphers
virtual std::vector< std::string > allowed_ciphers() const
Definition tls_policy.cpp:53
Botan::value_exists
bool value_exists(const std::vector< T > &vec, const V &val)
Definition stl_util.h:43

References allowed_ciphers(), allowed_macs(), Botan::TLS::Ciphersuite::cipher_algo(), Botan::TLS::Ciphersuite::mac_algo(), and Botan::value_exists().

Referenced by ciphersuite_list().

◆ acceptable_protocol_version()

bool Botan::TLS::Policy::acceptable_protocol_version ( Protocol_Version version) const
virtualinherited
Returns
true if and only if we are willing to accept this version Default accepts TLS v1.2 and later or DTLS v1.2 or later.

Definition at line 319 of file tls_policy.cpp.

319 {
320#if defined(BOTAN_HAS_TLS_13)
321 if(version == Protocol_Version::TLS_V13 && allow_tls13()) {
322 return true;
323 }
324#endif
325
326#if defined(BOTAN_HAS_TLS_12)
327 if(version == Protocol_Version::TLS_V12 && allow_tls12()) {
328 return true;
329 }
330
331 if(version == Protocol_Version::DTLS_V12 && allow_dtls12()) {
332 return true;
333 }
334#endif
335
336 BOTAN_UNUSED(version);
337 return false;
338}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:144
Botan::TLS::Policy::allow_tls12
virtual bool allow_tls12() const
Definition tls_policy.cpp:374
Botan::TLS::Policy::allow_tls13
virtual bool allow_tls13() const
Definition tls_policy.cpp:382
Botan::TLS::Policy::allow_dtls12
virtual bool allow_dtls12() const
Definition tls_policy.cpp:390

References allow_dtls12(), allow_tls12(), allow_tls13(), and BOTAN_UNUSED.

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_13::highest_supported_version(), and latest_supported_version().

◆ acceptable_signature_schemes()

std::vector< Signature_Scheme > Botan::TLS::Policy::acceptable_signature_schemes ( ) const
virtualinherited

Return a list of schemes we are willing to accept

Definition at line 44 of file tls_policy.cpp.

44 {
45 return this->allowed_signature_schemes();
46}
Botan::TLS::Policy::allowed_signature_schemes
virtual std::vector< Signature_Scheme > allowed_signature_schemes() const
Definition tls_policy.cpp:29

References allowed_signature_schemes().

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), and Botan::TLS::Client_Hello_13::Client_Hello_13().

◆ accepted_client_certificate_types()

std::vector< Certificate_Type > Botan::TLS::Policy::accepted_client_certificate_types ( ) const
virtualinherited

Returns a list of accepted certificate types for client authentication in order of preference. See RFC 7250 and RFC 8446 4.4.2 for details. Defaults to X509 only.

Note that it is the application's responsibility to provide public keys and/or certificates according to the specification in this list via the Credentials_Manager.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 450 of file tls_policy.cpp.

450 {
451 return {Certificate_Type::X509};
452}

References Botan::TLS::X509.

Referenced by Botan::TLS::Text_Policy::accepted_client_certificate_types(), Botan::TLS::Client_Hello_13::Client_Hello_13(), and print().

◆ accepted_server_certificate_types()

std::vector< Certificate_Type > Botan::TLS::Policy::accepted_server_certificate_types ( ) const
virtualinherited

Returns a list of accepted certificate types for server authentication in order of preference. See RFC 7250 and RFC 8446 4.4.2 for details. Defaults to X509 only.

Note that it is the application's responsibility to provide public keys and/or certificates according to the specification in this list via the Credentials_Manager.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 454 of file tls_policy.cpp.

454 {
455 return {Certificate_Type::X509};
456}

References Botan::TLS::X509.

Referenced by Botan::TLS::Text_Policy::accepted_server_certificate_types(), Botan::TLS::Client_Hello_13::Client_Hello_13(), and print().

◆ allow_client_initiated_renegotiation()

bool Botan::TLS::Policy::allow_client_initiated_renegotiation ( ) const
virtualinherited

Consulted by server side. If true, allows clients to initiate a new handshake

If this function returns true, a server will accept a client-initiated renegotiation attempt. Otherwise it will send the client a non-fatal TLS::AlertType::NoRenegotiation alert.

Default: false

Note
Has no effect for TLS 1.3 connections.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 362 of file tls_policy.cpp.

362 {
363 return false;
364}

Referenced by Botan::TLS::Text_Policy::allow_client_initiated_renegotiation().

◆ allow_dtls12()

bool Botan::TLS::Policy::allow_dtls12 ( ) const
virtualinherited

Allow DTLS v1.2

Reimplemented in Botan::TLS::BSI_TR_02102_2, Botan::TLS::Datagram_Policy, Botan::TLS::NSA_Suite_B_128, Botan::TLS::NSA_Suite_B_192, and Botan::TLS::Text_Policy.

Definition at line 390 of file tls_policy.cpp.

390 {
391#if defined(BOTAN_HAS_TLS_12)
392 return true;
393#else
394 return false;
395#endif
396}

Referenced by acceptable_protocol_version(), Botan::TLS::Text_Policy::allow_dtls12(), Botan::TLS::make_hello_random(), print(), and Botan::TLS::Supported_Versions::Supported_Versions().

◆ allow_dtls_epoch0_restart()

bool Botan::TLS::Policy::allow_dtls_epoch0_restart ( ) const
virtualinherited

If true, then allow a DTLS client to restart a connection to the same server association as described in section 4.2.8 of the DTLS RFC

Definition at line 458 of file tls_policy.cpp.

458 {
459 return false;
460}

Referenced by Botan::TLS::Channel_Impl_12::from_peer().

◆ allow_insecure_renegotiation()

bool Botan::TLS::Policy::allow_insecure_renegotiation ( ) const
virtualinherited

Allow renegotiation even if the counterparty doesn't support the secure renegotiation extension.

Default: false

Warning
Changing this to true exposes you to injected plaintext attacks. Read RFC 5746 for background.
Note
Has no effect for TLS 1.3 connections.

Reimplemented in Botan::TLS::BSI_TR_02102_2, and Botan::TLS::Text_Policy.

Definition at line 370 of file tls_policy.cpp.

370 {
371 return false;
372}

Referenced by Botan::TLS::Text_Policy::allow_insecure_renegotiation(), and print().

◆ allow_resumption_for_renegotiation()

bool Botan::TLS::Policy::allow_resumption_for_renegotiation ( ) const
virtualinherited
Note
Has no effect for TLS 1.3 connections.

Definition at line 422 of file tls_policy.cpp.

422 {
423 return true;
424}

Referenced by Botan::TLS::Channel_Impl_12::renegotiate().

◆ allow_server_initiated_renegotiation()

bool Botan::TLS::Policy::allow_server_initiated_renegotiation ( ) const
virtualinherited

Consulted by client side. If true, allows servers to initiate a new handshake

If this function returns true, a client will accept a server-initiated renegotiation attempt. Otherwise it will send the server a non-fatal TLS::AlertType::NoRenegotiation alert.

Default: false

Note
Has no effect for TLS 1.3 connections.

Reimplemented in Botan::TLS::BSI_TR_02102_2, and Botan::TLS::Text_Policy.

Definition at line 366 of file tls_policy.cpp.

366 {
367 return false;
368}

Referenced by Botan::TLS::Text_Policy::allow_server_initiated_renegotiation(), and print().

◆ allow_ssl_key_log_file()

bool Botan::TLS::Policy::allow_ssl_key_log_file ( ) const
virtualinherited

Allow ssl key log file

Note
If function returns true, then Callbacks::tls_ssl_key_log_data will be invoked containing secret information for logging purposes

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 25 of file tls_policy.cpp.

25 {
26 return false;
27}

Referenced by Botan::TLS::Text_Policy::allow_ssl_key_log_file(), and print().

◆ allow_tls12()

bool Botan::TLS::Policy::allow_tls12 ( ) const
virtualinherited

Allow TLS v1.2

Reimplemented in Botan::TLS::BSI_TR_02102_2, Botan::TLS::Datagram_Policy, Botan::TLS::NSA_Suite_B_128, Botan::TLS::NSA_Suite_B_192, and Botan::TLS::Text_Policy.

Definition at line 374 of file tls_policy.cpp.

374 {
375#if defined(BOTAN_HAS_TLS_12)
376 return true;
377#else
378 return false;
379#endif
380}

Referenced by acceptable_protocol_version(), Botan::TLS::Text_Policy::allow_tls12(), Botan::TLS::Client_Hello_13::Client_Hello_13(), Botan::TLS::make_hello_random(), print(), and Botan::TLS::Supported_Versions::Supported_Versions().

◆ allow_tls13()

bool Botan::TLS::Policy::allow_tls13 ( ) const
virtualinherited

Allow TLS v1.3

Reimplemented in Botan::TLS::BSI_TR_02102_2, Botan::TLS::Datagram_Policy, Botan::TLS::NSA_Suite_B_128, Botan::TLS::NSA_Suite_B_192, and Botan::TLS::Text_Policy.

Definition at line 382 of file tls_policy.cpp.

382 {
383#if defined(BOTAN_HAS_TLS_13)
384 return true;
385#else
386 return false;
387#endif
388}

Referenced by acceptable_protocol_version(), Botan::TLS::Text_Policy::allow_tls13(), Botan::TLS::make_server_hello_random(), print(), and Botan::TLS::Supported_Versions::Supported_Versions().

◆ allowed_ciphers()

std::vector< std::string > Botan::TLS::Strict_Policy::allowed_ciphers ( ) const
overridevirtual

Returns a list of ciphers we are willing to negotiate, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 720 of file tls_policy.cpp.

720 {
721 return {"AES-256/GCM", "AES-128/GCM", "ChaCha20Poly1305"};
722}

◆ allowed_key_exchange_methods()

std::vector< std::string > Botan::TLS::Strict_Policy::allowed_key_exchange_methods ( ) const
overridevirtual

Returns a list of key exchange algorithms we are willing to use, in order of preference. Allowed values: DH, empty string (representing RSA using server certificate key)

Reimplemented from Botan::TLS::Policy.

Definition at line 732 of file tls_policy.cpp.

732 {
733 return {"ECDH"};
734}

◆ allowed_macs()

std::vector< std::string > Botan::TLS::Strict_Policy::allowed_macs ( ) const
overridevirtual

Returns a list of MAC algorithms we are willing to use.

Reimplemented from Botan::TLS::Policy.

Definition at line 728 of file tls_policy.cpp.

728 {
729 return {"AEAD"};
730}

◆ allowed_signature_hash()

bool Botan::TLS::Policy::allowed_signature_hash ( std::string_view hash) const
inherited

Definition at line 116 of file tls_policy.cpp.

116 {
117 return value_exists(allowed_signature_hashes(), sig_hash);
118}
Botan::TLS::Policy::allowed_signature_hashes
virtual std::vector< std::string > allowed_signature_hashes() const
Definition tls_policy.cpp:73

References allowed_signature_hashes(), and Botan::value_exists().

Referenced by allowed_signature_schemes(), and Botan::TLS::Handshake_State::choose_sig_format().

◆ allowed_signature_hashes()

std::vector< std::string > Botan::TLS::Strict_Policy::allowed_signature_hashes ( ) const
overridevirtual

Returns a list of hash algorithms we are willing to use for signatures, in order of preference.

Reimplemented from Botan::TLS::Policy.

Definition at line 724 of file tls_policy.cpp.

724 {
725 return {"SHA-512", "SHA-384"};
726}

◆ allowed_signature_method()

bool Botan::TLS::Policy::allowed_signature_method ( std::string_view sig_method) const
inherited

Definition at line 112 of file tls_policy.cpp.

112 {
113 return value_exists(allowed_signature_methods(), sig_method);
114}
Botan::TLS::Policy::allowed_signature_methods
virtual std::vector< std::string > allowed_signature_methods() const
Definition tls_policy.cpp:105

References allowed_signature_methods(), and Botan::value_exists().

Referenced by allowed_signature_schemes(), Botan::TLS::Certificate_13::Certificate_13(), and Botan::TLS::Handshake_State::parse_sig_format().

◆ allowed_signature_methods()

std::vector< std::string > Botan::TLS::Policy::allowed_signature_methods ( ) const
virtualinherited

Returns a list of signature algorithms we are willing to use, in order of preference.

Reimplemented in Botan::TLS::BSI_TR_02102_2, Botan::TLS::NSA_Suite_B_128, Botan::TLS::NSA_Suite_B_192, and Botan::TLS::Text_Policy.

Definition at line 105 of file tls_policy.cpp.

105 {
106 return {
107 "ECDSA", "RSA",
108 //"IMPLICIT",
109 };
110}

Referenced by allowed_signature_method(), Botan::TLS::Text_Policy::allowed_signature_methods(), ciphersuite_list(), and print().

◆ allowed_signature_schemes()

std::vector< Signature_Scheme > Botan::TLS::Policy::allowed_signature_schemes ( ) const
virtualinherited

Definition at line 29 of file tls_policy.cpp.

29 {
30 std::vector<Signature_Scheme> schemes;
31
32 for(const Signature_Scheme scheme : Signature_Scheme::all_available_schemes()) {
33 const bool sig_allowed = allowed_signature_method(scheme.algorithm_name());
34 const bool hash_allowed = allowed_signature_hash(scheme.hash_function_name());
35
36 if(sig_allowed && hash_allowed) {
37 schemes.push_back(scheme);
38 }
39 }
40
41 return schemes;
42}
Botan::TLS::Policy::allowed_signature_method
bool allowed_signature_method(std::string_view sig_method) const
Definition tls_policy.cpp:112
Botan::TLS::Policy::allowed_signature_hash
bool allowed_signature_hash(std::string_view hash) const
Definition tls_policy.cpp:116
Botan::TLS::Signature_Scheme::all_available_schemes
static const std::vector< Signature_Scheme > & all_available_schemes()
Definition tls_signature_scheme.cpp:17

References Botan::TLS::Signature_Scheme::all_available_schemes(), allowed_signature_hash(), and allowed_signature_method().

Referenced by acceptable_signature_schemes(), Botan::TLS::Certificate_Verify_13::Certificate_Verify_13(), and Botan::TLS::Handshake_State::choose_sig_format().

◆ check_peer_key_acceptable()

void Botan::TLS::Policy::check_peer_key_acceptable ( const Public_Key & public_key) const
virtualinherited

Allows the policy to examine peer public keys. Throw an exception if the key should be rejected. Default implementation checks against policy values minimum_dh_group_size(), minimum_rsa_bits(), minimum_ecdsa_group_size(), and minimum_ecdh_group_size().

Override if you'd like to perform some other kind of test on (or logging of) the peer's keys.

Definition at line 277 of file tls_policy.cpp.

277 {
278 const std::string algo_name = public_key.algo_name();
279
280 const size_t keylength = public_key.key_length();
281 size_t expected_keylength = 0;
282
283 if(algo_name == "RSA") {
284 expected_keylength = minimum_rsa_bits();
285 } else if(algo_name == "DH") {
286 expected_keylength = minimum_dh_group_size();
287 } else if(algo_name == "ECDH" || algo_name == "X25519" || algo_name == "X448") {
288 expected_keylength = minimum_ecdh_group_size();
289 } else if(algo_name == "ECDSA") {
290 expected_keylength = minimum_ecdsa_group_size();
291 }
292 // else some other algo, so leave expected_keylength as zero and the check is a no-op
293
294 if(keylength < expected_keylength) {
295 throw TLS_Exception(Alert::InsufficientSecurity,
296 "Peer sent " + std::to_string(keylength) + " bit " + algo_name +
297 " key"
298 ", policy requires at least " +
299 std::to_string(expected_keylength));
300 }
301}
Botan::TLS::Policy::minimum_ecdh_group_size
virtual size_t minimum_ecdh_group_size() const
Definition tls_policy.cpp:253
Botan::TLS::Policy::minimum_rsa_bits
virtual size_t minimum_rsa_bits() const
Definition tls_policy.cpp:266
Botan::TLS::Policy::minimum_dh_group_size
virtual size_t minimum_dh_group_size() const
Definition tls_policy.cpp:244
Botan::TLS::Policy::minimum_ecdsa_group_size
virtual size_t minimum_ecdsa_group_size() const
Definition tls_policy.cpp:248

References Botan::Asymmetric_Key::algo_name(), Botan::Public_Key::key_length(), minimum_dh_group_size(), minimum_ecdh_group_size(), minimum_ecdsa_group_size(), and minimum_rsa_bits().

Referenced by Botan::TLS::Certificate_13::Certificate_13(), Botan::TLS::Callbacks::tls_ephemeral_key_agreement(), Botan::TLS::Callbacks::tls_kem_encapsulate(), Botan::TLS::Certificate_Verify_12::verify(), and Botan::TLS::Server_Key_Exchange::verify().

◆ choose_key_exchange_group()

Group_Params Botan::TLS::Policy::choose_key_exchange_group ( const std::vector< Group_Params > & supported_by_peer,
const std::vector< Group_Params > & offered_by_peer ) const
virtualinherited

Select a key exchange group to use, from the list of groups sent by the peer. In TLS 1.3 handshakes the peer might have provided cryptographic material for a subset of its available groups. Choosing a group for which no share was provided will result in an additional round trip. If none are acceptable, return Group_Params::NONE.

By default this will try to optimize for less round trips even if this results in the usage of a less preferred group.

Definition at line 124 of file tls_policy.cpp.

125 {
126 if(supported_by_peer.empty()) {
127 return Group_Params::NONE;
128 }
129
130 const auto our_groups = key_exchange_groups();
131
132 // First check if the peer sent a PQ share of a group we also support
133 for(auto share : offered_by_peer) {
134 if(share.is_post_quantum() && value_exists(our_groups, share)) {
135 return share;
136 }
137 }
138
139 // Then check if the peer offered a PQ algo we also support
140 for(auto share : supported_by_peer) {
141 if(share.is_post_quantum() && value_exists(our_groups, share)) {
142 return share;
143 }
144 }
145
146 // Prefer groups that were offered by the peer for the sake of saving
147 // an additional round trip. For TLS 1.2, this won't be used.
148 for(auto g : offered_by_peer) {
149 if(value_exists(our_groups, g)) {
150 return g;
151 }
152 }
153
154 // If no pre-offered groups fit our supported set, we prioritize our
155 // own preference.
156 for(auto g : our_groups) {
157 if(value_exists(supported_by_peer, g)) {
158 return g;
159 }
160 }
161
162 return Group_Params::NONE;
163}
Botan::TLS::Policy::key_exchange_groups
virtual std::vector< Group_Params > key_exchange_groups() const
Definition tls_policy.cpp:178

References key_exchange_groups(), and Botan::value_exists().

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Server_Hello_13::create(), and Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ ciphersuite_list()

std::vector< uint16_t > Botan::TLS::Policy::ciphersuite_list ( Protocol_Version version) const
virtualinherited

Return allowed ciphersuites, in order of preference for the provided protocol version.

Parameters
versionthe exact protocol version to select supported and allowed ciphersuites for

Definition at line 557 of file tls_policy.cpp.

557 {
558 const std::vector<std::string> ciphers = allowed_ciphers();
559 const std::vector<std::string> macs = allowed_macs();
560 const std::vector<std::string> kex = allowed_key_exchange_methods();
561 const std::vector<std::string> sigs = allowed_signature_methods();
562
563 std::vector<Ciphersuite> ciphersuites;
564
565 for(auto&& suite : Ciphersuite::all_known_ciphersuites()) {
566 // Can we use it?
567 if(!suite.valid()) {
568 continue;
569 }
570
571 // Can we use it in this version?
572 if(!suite.usable_in_version(version)) {
573 continue;
574 }
575
576 // Is it acceptable to the policy?
577 if(!this->acceptable_ciphersuite(suite)) {
578 continue;
579 }
580
581 if(!value_exists(ciphers, suite.cipher_algo())) {
582 continue; // unsupported cipher
583 }
584
585 // these checks are irrelevant for TLS 1.3
586 // TODO: consider making a method for this logic
587 if(version.is_pre_tls_13()) {
588 if(!value_exists(kex, suite.kex_algo())) {
589 continue; // unsupported key exchange
590 }
591
592 if(!value_exists(macs, suite.mac_algo())) {
593 continue; // unsupported MAC algo
594 }
595
596 if(!value_exists(sigs, suite.sig_algo())) {
597 // allow if it's an empty sig algo and we want to use PSK
598 if(suite.auth_method() != Auth_Method::IMPLICIT || !suite.psk_ciphersuite()) {
599 continue;
600 }
601 }
602 }
603
604 // OK, consider it
605 ciphersuites.push_back(suite);
606 }
607
608 if(ciphersuites.empty()) {
609 throw Invalid_State("Policy does not allow any available cipher suite");
610 }
611
612 const Ciphersuite_Preference_Ordering order(ciphers, macs, kex, sigs);
613 std::sort(ciphersuites.begin(), ciphersuites.end(), order);
614
615 std::vector<uint16_t> ciphersuite_codes;
616 ciphersuite_codes.reserve(ciphersuites.size());
617 for(const auto& i : ciphersuites) {
618 ciphersuite_codes.push_back(i.ciphersuite_code());
619 }
620 return ciphersuite_codes;
621}
Botan::TLS::Ciphersuite::all_known_ciphersuites
static const std::vector< Ciphersuite > & all_known_ciphersuites()
Definition tls_suite_info.cpp:15
Botan::TLS::Policy::acceptable_ciphersuite
virtual bool acceptable_ciphersuite(const Ciphersuite &suite) const
Definition tls_policy.cpp:357
Botan::TLS::Policy::allowed_key_exchange_methods
virtual std::vector< std::string > allowed_key_exchange_methods() const
Definition tls_policy.cpp:95

References acceptable_ciphersuite(), Botan::TLS::Ciphersuite::all_known_ciphersuites(), allowed_ciphers(), allowed_key_exchange_methods(), allowed_macs(), allowed_signature_methods(), Botan::TLS::IMPLICIT, Botan::TLS::Protocol_Version::is_pre_tls_13(), and Botan::value_exists().

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), and Botan::TLS::Client_Hello_13::Client_Hello_13().

◆ default_dh_group()

Group_Params Botan::TLS::Policy::default_dh_group ( ) const
virtualinherited

For ephemeral Diffie-Hellman key exchange, the server sends a group parameter. Return the 2 Byte TLS group identifier specifying the group parameter a server should use.

Default: 2048 bit IETF IPsec group ("modp/ietf/2048")

Note
Has no effect for TLS 1.3 connections.

Definition at line 165 of file tls_policy.cpp.

165 {
166 /*
167 * Return the first listed or just default to 2048
168 */
169 for(auto g : key_exchange_groups()) {
170 if(g.is_dh_named_group()) {
171 return g;
172 }
173 }
174
175 return Group_Params::FFDHE_2048;
176}

References key_exchange_groups().

Referenced by Botan::TLS::Server_Key_Exchange::Server_Key_Exchange().

◆ dtls_default_mtu()

size_t Botan::TLS::Policy::dtls_default_mtu ( ) const
virtualinherited
Returns
the default MTU for DTLS

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 475 of file tls_policy.cpp.

475 {
476 // default MTU is IPv6 min MTU minus UDP/IP headers
477 return 1280 - 40 - 8;
478}

Referenced by Botan::TLS::Channel_Impl_12::create_handshake_state(), and Botan::TLS::Text_Policy::dtls_default_mtu().

◆ dtls_initial_timeout()

size_t Botan::TLS::Policy::dtls_initial_timeout ( ) const
virtualinherited
Returns
the initial timeout for DTLS

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 467 of file tls_policy.cpp.

467 {
468 return 1 * 1000;
469}

Referenced by Botan::TLS::Channel_Impl_12::create_handshake_state(), and Botan::TLS::Text_Policy::dtls_initial_timeout().

◆ dtls_maximum_timeout()

size_t Botan::TLS::Policy::dtls_maximum_timeout ( ) const
virtualinherited
Returns
the maximum timeout for DTLS

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 471 of file tls_policy.cpp.

471 {
472 return 60 * 1000;
473}

Referenced by Botan::TLS::Channel_Impl_12::create_handshake_state(), and Botan::TLS::Text_Policy::dtls_maximum_timeout().

◆ hash_hello_random()

bool Botan::TLS::Policy::hash_hello_random ( ) const
virtualinherited

Hash the RNG output for the client/server hello random. This is a pre-caution to avoid writing "raw" RNG output to the wire.

There's not normally a reason to disable this, except when deterministic output is required for testing.

Default: true

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 430 of file tls_policy.cpp.

430 {
431 return true;
432}

Referenced by Botan::TLS::Text_Policy::hash_hello_random(), Botan::TLS::make_hello_random(), and print().

◆ hide_unknown_users()

bool Botan::TLS::Policy::hide_unknown_users ( ) const
virtualinherited

The PSK suites work using an identifier along with a shared secret. If this function returns true, when an identifier that the server does not recognize is provided by a client, a random shared secret will be generated in such a way that a client should not be able to tell the difference between the identifier not being known and the secret being wrong. This can help protect against some username probing attacks. If it returns false, the server will instead send an TLS::AlertType::UnknownPSKIdentity alert when an unknown identifier is used.

Default: false

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 402 of file tls_policy.cpp.

402 {
403 return false;
404}

Referenced by Botan::TLS::Client_Key_Exchange::Client_Key_Exchange(), Botan::TLS::Text_Policy::hide_unknown_users(), and print().

◆ include_time_in_hello_random()

bool Botan::TLS::Policy::include_time_in_hello_random ( ) const
virtualinherited

The protocol dictates that the first 32 bits of the random field are the current time in seconds. However this allows client fingerprinting attacks. Set to false to disable, in which case random bytes will be used instead.

Default: true

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 398 of file tls_policy.cpp.

398 {
399 return true;
400}

Referenced by Botan::TLS::Text_Policy::include_time_in_hello_random(), Botan::TLS::make_hello_random(), and print().

◆ key_exchange_groups()

std::vector< Group_Params > Botan::TLS::Policy::key_exchange_groups ( ) const
virtualinherited

Return a list of ECC curve and DH group TLS identifiers we are willing to use, in order of preference. The default ordering puts the best performing ECC first.

Default: Group_Params::X25519, Group_Params::SECP256R1, Group_Params::BRAINPOOL256R1, Group_Params::SECP384R1, Group_Params::BRAINPOOL384R1, Group_Params::SECP521R1, Group_Params::BRAINPOOL512R1, Group_Params::FFDHE_2048, Group_Params::FFDHE_3072, Group_Params::FFDHE_4096, Group_Params::FFDHE_6144, Group_Params::FFDHE_8192

No other values are currently defined.

Reimplemented in Botan::TLS::BSI_TR_02102_2, Botan::TLS::NSA_Suite_B_128, Botan::TLS::NSA_Suite_B_192, and Botan::TLS::Text_Policy.

Definition at line 178 of file tls_policy.cpp.

178 {
179 return {
180 // clang-format off
181#if defined(BOTAN_HAS_X25519)
182 Group_Params::X25519,
183#endif
184
185 Group_Params::SECP256R1,
186
187#if defined(BOTAN_HAS_ML_KEM) && defined(BOTAN_HAS_TLS_13_PQC)
188
189#if defined(BOTAN_HAS_X25519)
190 Group_Params_Code::HYBRID_X25519_ML_KEM_768,
191#endif
192
193 Group_Params_Code::HYBRID_SECP256R1_ML_KEM_768,
194 Group_Params_Code::HYBRID_SECP384R1_ML_KEM_1024,
195#endif
196
197#if defined(BOTAN_HAS_X448)
198 Group_Params::X448,
199#endif
200
201 Group_Params::SECP384R1,
202 Group_Params::SECP521R1,
203
204 Group_Params::BRAINPOOL256R1,
205 Group_Params::BRAINPOOL384R1,
206 Group_Params::BRAINPOOL512R1,
207
208 Group_Params::FFDHE_2048,
209 Group_Params::FFDHE_3072,
210
211 // clang-format on
212 };
213}

References Botan::TLS::HYBRID_SECP256R1_ML_KEM_768, Botan::TLS::HYBRID_SECP384R1_ML_KEM_1024, and Botan::TLS::HYBRID_X25519_ML_KEM_768.

Referenced by choose_key_exchange_group(), Botan::TLS::Client_Hello_13::Client_Hello_13(), default_dh_group(), Botan::TLS::Encrypted_Extensions::Encrypted_Extensions(), Botan::TLS::Text_Policy::key_exchange_groups(), key_exchange_groups_to_offer(), and print().

◆ key_exchange_groups_to_offer()

std::vector< Group_Params > Botan::TLS::Policy::key_exchange_groups_to_offer ( ) const
virtualinherited

Return a list of groups to provide prepared key share offers in the initial client hello for. Groups in this list must be reflected in key_exchange_groups() and in the same order. If an empty list is returned, no prepared key share offers are sent and the decision of the group to use is left to the server.

Default: the most preferred group from key_exchange_groups().

Note
Has an effect on TLS 1.3 clients, only.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 215 of file tls_policy.cpp.

215 {
216 std::vector<Group_Params> groups_to_offer;
217
218 const auto supported_groups = key_exchange_groups();
219 BOTAN_ASSERT(!supported_groups.empty(), "Policy allows at least one key exchange group");
220
221 /*
222 * Initially prefer sending a key share only of the first pure-ECC
223 * group, since these shares are small and PQ support is still not
224 * that widespread.
225 */
226 for(auto group : key_exchange_groups()) {
227 if(group.is_pure_ecc_group()) {
228 groups_to_offer.push_back(group);
229 break;
230 }
231 }
232
233 /*
234 * If for some reason no pure ECC groups are enabled then simply
235 * send a share of whatever the policy's top preference is.
236 */
237 if(groups_to_offer.empty()) {
238 groups_to_offer.push_back(supported_groups.front());
239 }
240
241 return groups_to_offer;
242}
BOTAN_ASSERT
#define BOTAN_ASSERT(expr, assertion_made)
Definition assert.h:62

References BOTAN_ASSERT, and key_exchange_groups().

Referenced by Botan::TLS::Text_Policy::key_exchange_groups_to_offer(), and print().

◆ latest_supported_version()

Protocol_Version Botan::TLS::Policy::latest_supported_version ( bool datagram) const
virtualinherited

Returns the most recent protocol version we are willing to use, for either TLS or DTLS depending on datagram param. Shouldn't ever need to override this unless you want to allow a user to disable specific TLS versions.

Definition at line 340 of file tls_policy.cpp.

340 {
341 if(datagram) {
342 if(acceptable_protocol_version(Protocol_Version::DTLS_V12)) {
343 return Protocol_Version::DTLS_V12;
344 }
345 } else {
346 if(acceptable_protocol_version(Protocol_Version::TLS_V13)) {
347 return Protocol_Version::TLS_V13;
348 }
349 if(acceptable_protocol_version(Protocol_Version::TLS_V12)) {
350 return Protocol_Version::TLS_V12;
351 }
352 }
353
354 throw Invalid_State("Policy forbids all available TLS version");
355}
Botan::TLS::Policy::acceptable_protocol_version
virtual bool acceptable_protocol_version(Protocol_Version version) const
Definition tls_policy.cpp:319

References acceptable_protocol_version().

◆ maximum_certificate_chain_size()

size_t Botan::TLS::Policy::maximum_certificate_chain_size ( ) const
virtualinherited
Returns
the maximum size of the certificate chain, in bytes. Return 0 to disable this and accept any size.

Definition at line 462 of file tls_policy.cpp.

462 {
463 return 0;
464}

Referenced by Botan::TLS::Certificate_12::Certificate_12(), and Botan::TLS::Certificate_13::Certificate_13().

◆ maximum_session_tickets_per_client_hello()

size_t Botan::TLS::Policy::maximum_session_tickets_per_client_hello ( ) const
virtualinherited

Defines the maximum number of session tickets a client might offer in a single resumption attempt. Must be greater than 0.

TODO: Currently, the TLS 1.3 client implementation supports exactly one ticket per handshake. RFC 8446 allows for an arbitrary amount, though.

Default: 1

Note
Has an effect on TLS 1.3 connections, only.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 303 of file tls_policy.cpp.

303 {
304 return 1;
305}

Referenced by Botan::TLS::Session_Manager::find(), Botan::TLS::Text_Policy::maximum_session_tickets_per_client_hello(), and print().

◆ minimum_dh_group_size()

size_t Botan::TLS::Policy::minimum_dh_group_size ( ) const
virtualinherited

Return the minimum DH group size we're willing to use

Return the minimum size in bits for a Diffie-Hellman group that a client will accept. Due to the design of the protocol the client has only two options - accept the group, or reject it with a fatal alert then attempt to reconnect after disabling ephemeral Diffie-Hellman.

Default: 2048 bits

Reimplemented in Botan::TLS::BSI_TR_02102_2, and Botan::TLS::Text_Policy.

Definition at line 244 of file tls_policy.cpp.

244 {
245 return 2048;
246}

Referenced by check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_dh_group_size(), and print().

◆ minimum_ecdh_group_size()

size_t Botan::TLS::Policy::minimum_ecdh_group_size ( ) const
virtualinherited

Return the minimum ECDH group size we're willing to use for key exchange

Default 255, allowing x25519 and larger x25519 is the smallest curve we will negotiate P-521 is the largest

Reimplemented in Botan::TLS::BSI_TR_02102_2, and Botan::TLS::Text_Policy.

Definition at line 253 of file tls_policy.cpp.

253 {
254 // x25519 is smallest curve currently supported for TLS key exchange
255 return 255;
256}

Referenced by check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_ecdh_group_size(), and print().

◆ minimum_ecdsa_group_size()

size_t Botan::TLS::Policy::minimum_ecdsa_group_size ( ) const
virtualinherited

For ECDSA authenticated ciphersuites, the smallest key size the client will accept. This policy is currently only enforced on the server by the client.

Default: 256

Reimplemented in Botan::TLS::BSI_TR_02102_2, and Botan::TLS::Text_Policy.

Definition at line 248 of file tls_policy.cpp.

248 {
249 // Here we are at the mercy of whatever the CA signed, but most certs should be 256 bit by now
250 return 256;
251}

Referenced by check_peer_key_acceptable(), and Botan::TLS::Text_Policy::minimum_ecdsa_group_size().

◆ minimum_rsa_bits()

size_t Botan::TLS::Policy::minimum_rsa_bits ( ) const
virtualinherited

Return the minimum bit size we're willing to accept for RSA key exchange or server signatures.

It does not place any requirements on the size of any RSA signature(s) which were used to check the server certificate. This is only concerned with the server's public key.

Default is 2048 which is smallest RSA key size still secure for medium term security.

Reimplemented in Botan::TLS::BSI_TR_02102_2, and Botan::TLS::Text_Policy.

Definition at line 266 of file tls_policy.cpp.

266 {
267 /* Default assumption is all end-entity certificates should
268 be at least 2048 bits these days.
269
270 If you are connecting to arbitrary servers on the Internet
271 (ie as a web browser or SMTP client) you'll probably have to reduce this
272 to 1024 bits, or perhaps even lower.
273 */
274 return 2048;
275}

Referenced by check_peer_key_acceptable(), Botan::TLS::Text_Policy::minimum_rsa_bits(), and print().

◆ minimum_signature_strength()

size_t Botan::TLS::Policy::minimum_signature_strength ( ) const
virtualinherited

The minimum signature strength we will accept

Returning 80 allows RSA 1024 and SHA-1. Values larger than 80 disable SHA-1 support. Returning 110 allows RSA 2048. Return 128 to force ECC (P-256) or large (~3000 bit) RSA keys.

Default is 110

Reimplemented in Botan::TLS::BSI_TR_02102_2, Botan::TLS::NSA_Suite_B_128, Botan::TLS::NSA_Suite_B_192, and Botan::TLS::Text_Policy.

Definition at line 258 of file tls_policy.cpp.

258 {
259 return 110;
260}

Referenced by Botan::TLS::Text_Policy::minimum_signature_strength(), print(), and Botan::TLS::Callbacks::tls_verify_cert_chain().

◆ negotiate_encrypt_then_mac()

bool Botan::TLS::Policy::negotiate_encrypt_then_mac ( ) const
virtualinherited

Indicates whether the encrypt-then-MAC extension should be negotiated (RFC 7366)

Note
Has no effect for TLS 1.3 connections.

Reimplemented in Botan::TLS::BSI_TR_02102_2, and Botan::TLS::Text_Policy.

Definition at line 410 of file tls_policy.cpp.

410 {
411 return true;
412}

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_13::Client_Hello_13(), Botan::TLS::Text_Policy::negotiate_encrypt_then_mac(), print(), Botan::TLS::Server_Hello_12::Server_Hello_12(), and Botan::TLS::Server_Hello_12::Server_Hello_12().

◆ new_session_tickets_upon_handshake_success()

size_t Botan::TLS::Policy::new_session_tickets_upon_handshake_success ( ) const
virtualinherited

Return the number of new session tickets a TLS 1.3 server should issue automatically upon a successful handshake. Note that applications can use TLS::Server::send_new_session_tickets() regardless of this policy.

For convenience (and compatibility with the TLS 1.2 behaviour), this returns '1' by default.

Note
Has an effect on TLS 1.3 connections, only.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 315 of file tls_policy.cpp.

315 {
316 return 1;
317}

Referenced by Botan::TLS::Text_Policy::new_session_tickets_upon_handshake_success(), and print().

◆ only_resume_with_exact_version()

bool Botan::TLS::Policy::only_resume_with_exact_version ( ) const
virtualinherited

Only resume sessions when their original protocol version matches the current version exactly.

Default: true

Definition at line 434 of file tls_policy.cpp.

434 {
435 return true;
436}

◆ print()

void Botan::TLS::Policy::print ( std::ostream & o) const
virtualinherited

Convert this policy to a printable format.

Parameters
ostream to be printed to

Definition at line 673 of file tls_policy.cpp.

673 {
674 print_bool(o, "allow_tls12", allow_tls12());
675 print_bool(o, "allow_tls13", allow_tls13());
676 print_bool(o, "allow_dtls12", allow_dtls12());
677 print_bool(o, "allow_ssl_key_log_file", allow_ssl_key_log_file());
678 print_vec(o, "ciphers", allowed_ciphers());
679 print_vec(o, "macs", allowed_macs());
680 print_vec(o, "signature_hashes", allowed_signature_hashes());
681 print_vec(o, "signature_methods", allowed_signature_methods());
682 print_vec(o, "key_exchange_methods", allowed_key_exchange_methods());
683 print_vec(o, "key_exchange_groups", key_exchange_groups());
684 const auto groups_to_offer = key_exchange_groups_to_offer();
685 if(groups_to_offer.empty()) {
686 print_vec(o, "key_exchange_groups_to_offer", {std::string("none")});
687 } else {
688 print_vec(o, "key_exchange_groups_to_offer", groups_to_offer);
689 }
690 print_bool(o, "allow_insecure_renegotiation", allow_insecure_renegotiation());
691 print_bool(o, "include_time_in_hello_random", include_time_in_hello_random());
692 print_bool(o, "allow_server_initiated_renegotiation", allow_server_initiated_renegotiation());
693 print_bool(o, "hide_unknown_users", hide_unknown_users());
694 print_bool(o, "server_uses_own_ciphersuite_preferences", server_uses_own_ciphersuite_preferences());
695 print_bool(o, "negotiate_encrypt_then_mac", negotiate_encrypt_then_mac());
696 print_bool(o, "support_cert_status_message", support_cert_status_message());
697 print_bool(o, "tls_13_middlebox_compatibility_mode", tls_13_middlebox_compatibility_mode());
698 print_vec(o, "accepted_client_certificate_types", accepted_client_certificate_types());
699 print_vec(o, "accepted_server_certificate_types", accepted_server_certificate_types());
700 print_bool(o, "hash_hello_random", hash_hello_random());
701 if(record_size_limit().has_value()) {
702 o << "record_size_limit = " << record_size_limit().value() << '\n';
703 }
704 o << "maximum_session_tickets_per_client_hello = " << maximum_session_tickets_per_client_hello() << '\n';
705 o << "session_ticket_lifetime = " << session_ticket_lifetime().count() << '\n';
706 print_bool(o, "reuse_session_tickets", reuse_session_tickets());
707 o << "new_session_tickets_upon_handshake_success = " << new_session_tickets_upon_handshake_success() << '\n';
708 o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
709 o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n';
710 o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n';
711 o << "minimum_signature_strength = " << minimum_signature_strength() << '\n';
712}
Botan::TLS::Policy::include_time_in_hello_random
virtual bool include_time_in_hello_random() const
Definition tls_policy.cpp:398
Botan::TLS::Policy::reuse_session_tickets
virtual bool reuse_session_tickets() const
Definition tls_policy.cpp:311
Botan::TLS::Policy::accepted_server_certificate_types
virtual std::vector< Certificate_Type > accepted_server_certificate_types() const
Definition tls_policy.cpp:454
Botan::TLS::Policy::accepted_client_certificate_types
virtual std::vector< Certificate_Type > accepted_client_certificate_types() const
Definition tls_policy.cpp:450
Botan::TLS::Policy::new_session_tickets_upon_handshake_success
virtual size_t new_session_tickets_upon_handshake_success() const
Definition tls_policy.cpp:315
Botan::TLS::Policy::key_exchange_groups_to_offer
virtual std::vector< Group_Params > key_exchange_groups_to_offer() const
Definition tls_policy.cpp:215
Botan::TLS::Policy::tls_13_middlebox_compatibility_mode
virtual bool tls_13_middlebox_compatibility_mode() const
Definition tls_policy.cpp:426
Botan::TLS::Policy::allow_ssl_key_log_file
virtual bool allow_ssl_key_log_file() const
Definition tls_policy.cpp:25
Botan::TLS::Policy::negotiate_encrypt_then_mac
virtual bool negotiate_encrypt_then_mac() const
Definition tls_policy.cpp:410
Botan::TLS::Policy::server_uses_own_ciphersuite_preferences
virtual bool server_uses_own_ciphersuite_preferences() const
Definition tls_policy.cpp:406
Botan::TLS::Policy::support_cert_status_message
virtual bool support_cert_status_message() const
Definition tls_policy.cpp:418
Botan::TLS::Policy::hide_unknown_users
virtual bool hide_unknown_users() const
Definition tls_policy.cpp:402
Botan::TLS::Policy::hash_hello_random
virtual bool hash_hello_random() const
Definition tls_policy.cpp:430
Botan::TLS::Policy::maximum_session_tickets_per_client_hello
virtual size_t maximum_session_tickets_per_client_hello() const
Definition tls_policy.cpp:303
Botan::TLS::Policy::allow_insecure_renegotiation
virtual bool allow_insecure_renegotiation() const
Definition tls_policy.cpp:370
Botan::TLS::Policy::record_size_limit
virtual std::optional< uint16_t > record_size_limit() const
Definition tls_policy.cpp:414
Botan::TLS::Policy::session_ticket_lifetime
virtual std::chrono::seconds session_ticket_lifetime() const
Definition tls_policy.cpp:307
Botan::TLS::Policy::minimum_signature_strength
virtual size_t minimum_signature_strength() const
Definition tls_policy.cpp:258
Botan::TLS::Policy::allow_server_initiated_renegotiation
virtual bool allow_server_initiated_renegotiation() const
Definition tls_policy.cpp:366

References accepted_client_certificate_types(), accepted_server_certificate_types(), allow_dtls12(), allow_insecure_renegotiation(), allow_server_initiated_renegotiation(), allow_ssl_key_log_file(), allow_tls12(), allow_tls13(), allowed_ciphers(), allowed_key_exchange_methods(), allowed_macs(), allowed_signature_hashes(), allowed_signature_methods(), hash_hello_random(), hide_unknown_users(), include_time_in_hello_random(), key_exchange_groups(), key_exchange_groups_to_offer(), maximum_session_tickets_per_client_hello(), minimum_dh_group_size(), minimum_ecdh_group_size(), minimum_rsa_bits(), minimum_signature_strength(), negotiate_encrypt_then_mac(), new_session_tickets_upon_handshake_success(), record_size_limit(), reuse_session_tickets(), server_uses_own_ciphersuite_preferences(), session_ticket_lifetime(), support_cert_status_message(), and tls_13_middlebox_compatibility_mode().

Referenced by to_string().

◆ record_size_limit()

std::optional< uint16_t > Botan::TLS::Policy::record_size_limit ( ) const
virtualinherited

Defines the maximum TLS record length for TLS connections. This is based on the Record Size Limit extension described in RFC 8449. By default (i.e. if std::nullopt is returned), TLS clients will omit this extension altogether.

This value may be between 64 and 16385 (TLS 1.3) or 16384 (TLS 1.2).

Note
This is currently not implemented for TLS 1.2, hence the limit won't be negotiated by TLS 1.3 clients that support downgrading to TLS 1.2 (i.e. allow_tls12() returning true).

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 414 of file tls_policy.cpp.

414 {
415 return std::nullopt;
416}

Referenced by Botan::TLS::Client_Hello_13::Client_Hello_13(), Botan::TLS::Encrypted_Extensions::Encrypted_Extensions(), and print().

◆ request_client_certificate_authentication()

bool Botan::TLS::Policy::request_client_certificate_authentication ( ) const
virtualinherited

Indicate if client certificate authentication is requested. If true, then a cert will be requested.

Definition at line 442 of file tls_policy.cpp.

442 {
443 return require_client_certificate_authentication();
444}
Botan::TLS::Policy::require_client_certificate_authentication
virtual bool require_client_certificate_authentication() const
Definition tls_policy.cpp:438

References require_client_certificate_authentication().

Referenced by Botan::TLS::Encrypted_Extensions::Encrypted_Extensions(), and Botan::TLS::Certificate_Request_13::maybe_create().

◆ require_cert_revocation_info()

bool Botan::TLS::Policy::require_cert_revocation_info ( ) const
virtualinherited

Return if certificate revocation info (CRL/OCSP) is required

If true, certificates won't be trusted unless a valid CRL or OCSP response was examined.

Default: true

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 262 of file tls_policy.cpp.

262 {
263 return true;
264}

Referenced by Botan::TLS::Text_Policy::require_cert_revocation_info(), and Botan::TLS::Callbacks::tls_verify_cert_chain().

◆ require_client_certificate_authentication()

bool Botan::TLS::Policy::require_client_certificate_authentication ( ) const
virtualinherited

Indicate if client certificate authentication is required. If true, then a cert will be requested and if the client does not send a certificate the connection will be closed.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 438 of file tls_policy.cpp.

438 {
439 return false;
440}

Referenced by request_client_certificate_authentication(), and Botan::TLS::Text_Policy::require_client_certificate_authentication().

◆ reuse_session_tickets()

bool Botan::TLS::Policy::reuse_session_tickets ( ) const
virtualinherited

Decides whether stored session tickets should be used multiple times (until their lifetime runs out). This might allow passive observers to correlate connections (RFC 8446 Appendix C.4). This has no effect on TLS 1.2 resumptions based on session IDs as those are negotiated in the clear anyway.

Default: false

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 311 of file tls_policy.cpp.

311 {
312 return false;
313}

Referenced by Botan::TLS::Session_Manager::find(), print(), and Botan::TLS::Text_Policy::reuse_session_tickets().

◆ server_uses_own_ciphersuite_preferences()

bool Botan::TLS::Policy::server_uses_own_ciphersuite_preferences ( ) const
virtualinherited

Default: true

Returns
true if servers should choose the ciphersuite matching their highest preference, rather than the clients. Has no effect on client side.

Reimplemented in Botan::TLS::BSI_TR_02102_2, and Botan::TLS::Text_Policy.

Definition at line 406 of file tls_policy.cpp.

406 {
407 return true;
408}

Referenced by print(), and Botan::TLS::Text_Policy::server_uses_own_ciphersuite_preferences().

◆ session_ticket_lifetime()

std::chrono::seconds Botan::TLS::Policy::session_ticket_lifetime ( ) const
virtualinherited

Return the allowed lifetime of a session ticket. If 0, session tickets do not expire until the session ticket key rolls over. For TLS 1.3 session tickets the lifetime must not be longer than seven days. Expired session tickets cannot be used to resume a session.

Default: 1 day

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 307 of file tls_policy.cpp.

307 {
308 return std::chrono::days(1);
309}

Referenced by print(), Botan::TLS::Session_Manager::retrieve(), and Botan::TLS::Text_Policy::session_ticket_lifetime().

◆ srtp_profiles()

std::vector< uint16_t > Botan::TLS::Policy::srtp_profiles ( ) const
virtualinherited

If this returns a non-empty vector, and DTLS is negotiated, then we will also attempt to negotiate the SRTP extension from RFC 5764 using the returned values as the profile ids.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 480 of file tls_policy.cpp.

480 {
481 return std::vector<uint16_t>();
482}

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12().

◆ support_cert_status_message()

bool Botan::TLS::Policy::support_cert_status_message ( ) const
virtualinherited

Indicates whether certificate status messages should be supported

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 418 of file tls_policy.cpp.

418 {
419 return true;
420}

Referenced by Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_12::Client_Hello_12(), Botan::TLS::Client_Hello_13::Client_Hello_13(), print(), Botan::TLS::Server_Hello_12::Server_Hello_12(), and Botan::TLS::Text_Policy::support_cert_status_message().

◆ tls_13_middlebox_compatibility_mode()

bool Botan::TLS::Policy::tls_13_middlebox_compatibility_mode ( ) const
virtualinherited

Defines whether or not the middlebox compatibility mode should be used. Enabled by default.

RFC 8446 Appendix D.4 [This makes] the TLS 1.3 handshake resemble TLS 1.2 session resumption, which improves the chance of successfully connecting through middleboxes.

Default: true

Note
Has an effect on TLS 1.3 connections, only.

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 426 of file tls_policy.cpp.

426 {
427 return true;
428}

Referenced by Botan::TLS::Client_Hello_13::Client_Hello_13(), print(), and Botan::TLS::Text_Policy::tls_13_middlebox_compatibility_mode().

◆ to_string()

std::string Botan::TLS::Policy::to_string ( ) const
inherited

Convert this policy to a printable format. Same as calling print on a ostringstream and reading o.str()

Definition at line 714 of file tls_policy.cpp.

714 {
715 std::ostringstream oss;
716 this->print(oss);
717 return oss.str();
718}
Botan::TLS::Policy::print
virtual void print(std::ostream &o) const
Definition tls_policy.cpp:673

References print().

◆ use_ecc_point_compression()

bool Botan::TLS::Policy::use_ecc_point_compression ( ) const
virtualinherited

Request that ECC curve points are sent compressed

Signals that we prefer ECC points to be compressed when transmitted to us. The other party may not support ECC point compression and therefore may still send points uncompressed.

Note that the certificate used during authentication must also follow the other party's preference.

Note
Support for EC point compression is deprecated and will be removed in a future major release. TLS 1.3 does not support point compression at all (see RFC 8446 4.2.8.2)

Reimplemented in Botan::TLS::Text_Policy.

Definition at line 120 of file tls_policy.cpp.

120 {
121 return false;
122}

Referenced by Botan::TLS::Client_Hello_13::Client_Hello_13(), and Botan::TLS::Text_Policy::use_ecc_point_compression().

The documentation for this class was generated from the following files:
Generated by doxygen 1.15.0