10#ifndef BOTAN_TLS_POLICY_H_
11#define BOTAN_TLS_POLICY_H_
13#include <botan/tls_ciphersuite.h>
14#include <botan/tls_extensions.h>
15#include <botan/tls_signature_scheme.h>
16#include <botan/tls_version.h>
170 const std::vector<Group_Params>& offered_by_peer)
const;
556 virtual void print(std::ostream& o)
const;
579 std::vector<std::
string>
allowed_ciphers()
const override {
return std::vector<std::string>({
"AES-128/GCM"}); }
582 return std::vector<std::string>({
"SHA-256"});
585 std::vector<std::string>
allowed_macs()
const override {
return std::vector<std::string>({
"AEAD"}); }
588 return std::vector<std::string>({
"ECDH"});
592 return std::vector<std::string>({
"ECDSA"});
611 std::vector<std::string>
allowed_ciphers()
const override {
return std::vector<std::string>({
"AES-256/GCM"}); }
614 return std::vector<std::string>({
"SHA-384"});
617 std::vector<std::string>
allowed_macs()
const override {
return std::vector<std::string>({
"AEAD"}); }
620 return std::vector<std::string>({
"ECDH"});
624 return std::vector<std::string>({
"ECDSA"});
644 return std::vector<std::string>(
645 {
"AES-256/GCM",
"AES-128/GCM",
"AES-256/CCM",
"AES-128/CCM",
"AES-256",
"AES-128"});
649 return std::vector<std::string>({
"SHA-512",
"SHA-384",
"SHA-256"});
653 return std::vector<std::string>({
"AEAD",
"SHA-384",
"SHA-256"});
657 return std::vector<std::string>({
"ECDH",
"DH",
"ECDHE_PSK"});
661 return std::vector<std::string>({
"ECDSA",
"RSA",
"DSA"});
665 return std::vector<Group_Params>({Group_Params::BRAINPOOL512R1,
666 Group_Params::BRAINPOOL384R1,
667 Group_Params::BRAINPOOL256R1,
668 Group_Params::SECP521R1,
669 Group_Params::SECP384R1,
670 Group_Params::SECP256R1,
671 Group_Params::FFDHE_4096,
672 Group_Params::FFDHE_3072});
705 std::vector<std::string>
allowed_macs()
const override {
return std::vector<std::string>({
"AEAD"}); }
812 void set(
const std::string& key,
const std::string& value);
819 std::vector<std::string>
get_list(
const std::string& key,
const std::vector<std::string>& def)
const;
821 std::vector<Group_Params>
read_group_list(std::string_view group_str)
const;
824 size_t get_len(
const std::string& key,
size_t def)
const;
826 std::chrono::seconds
get_duration(
const std::string& key, std::chrono::seconds def)
const;
828 bool get_bool(
const std::string& key,
bool def)
const;
830 std::string
get_str(
const std::string& key,
const std::string& def =
"")
const;
832 bool set_value(
const std::string& key, std::string_view val,
bool overwrite);
835 std::map<std::string, std::string> m_kv;
#define BOTAN_PUBLIC_API(maj, min)
#define BOTAN_DEPRECATED(msg)
bool allow_dtls12() const override
size_t minimum_ecdh_group_size() const override
std::vector< std::string > allowed_signature_hashes() const override
bool negotiate_encrypt_then_mac() const override
std::vector< std::string > allowed_ciphers() const override
std::vector< std::string > allowed_signature_methods() const override
bool allow_server_initiated_renegotiation() const override
bool server_uses_own_ciphersuite_preferences() const override
bool allow_tls12() const override
std::vector< std::string > allowed_macs() const override
size_t minimum_rsa_bits() const override
bool allow_tls13() const override
std::vector< Group_Params > key_exchange_groups() const override
size_t minimum_dh_group_size() const override
bool allow_insecure_renegotiation() const override
size_t minimum_ecdsa_group_size() const override
std::vector< std::string > allowed_key_exchange_methods() const override
size_t minimum_signature_strength() const override
bool allow_dtls12() const override
bool allow_tls13() const override
bool allow_tls12() const override
std::vector< std::string > allowed_macs() const override
std::vector< std::string > allowed_macs() const override
bool allow_dtls12() const override
std::vector< Group_Params > key_exchange_groups() const override
size_t minimum_signature_strength() const override
std::vector< std::string > allowed_signature_methods() const override
NSA_Suite_B_128()=default
std::vector< std::string > allowed_key_exchange_methods() const override
std::vector< std::string > allowed_signature_hashes() const override
std::vector< std::string > allowed_ciphers() const override
bool allow_tls12() const override
bool allow_tls13() const override
std::vector< Group_Params > key_exchange_groups() const override
bool allow_tls12() const override
bool allow_tls13() const override
std::vector< std::string > allowed_macs() const override
bool allow_dtls12() const override
std::vector< std::string > allowed_ciphers() const override
std::vector< std::string > allowed_key_exchange_methods() const override
size_t minimum_signature_strength() const override
std::vector< std::string > allowed_signature_methods() const override
std::vector< std::string > allowed_signature_hashes() const override
virtual bool include_time_in_hello_random() const
virtual void check_peer_key_acceptable(const Public_Key &public_key) const
virtual bool abort_connection_on_undesired_renegotiation() const
virtual size_t dtls_maximum_timeout() const
virtual size_t minimum_ecdh_group_size() const
virtual size_t dtls_default_mtu() const
virtual bool allow_tls12() const
virtual std::vector< Signature_Scheme > allowed_signature_schemes() const
std::string to_string() const
virtual bool reuse_session_tickets() const
virtual std::vector< uint16_t > ciphersuite_list(Protocol_Version version) const
virtual std::vector< Certificate_Type > accepted_server_certificate_types() const
virtual std::vector< Certificate_Type > accepted_client_certificate_types() const
bool allowed_signature_method(std::string_view sig_method) const
virtual bool require_client_certificate_authentication() const
virtual std::vector< Group_Params > key_exchange_groups() const
virtual size_t new_session_tickets_upon_handshake_success() const
virtual std::vector< Group_Params > key_exchange_groups_to_offer() const
bool allowed_signature_hash(std::string_view hash) const
virtual size_t minimum_rsa_bits() const
virtual bool tls_13_middlebox_compatibility_mode() const
virtual bool only_resume_with_exact_version() const
virtual bool allow_client_initiated_renegotiation() const
virtual bool allow_ssl_key_log_file() const
virtual ~Policy()=default
virtual bool allow_dtls_epoch0_restart() const
virtual bool request_client_certificate_authentication() const
virtual bool require_cert_revocation_info() const
virtual bool negotiate_encrypt_then_mac() const
virtual bool server_uses_own_ciphersuite_preferences() const
virtual Protocol_Version latest_supported_version(bool datagram) const
virtual bool acceptable_protocol_version(Protocol_Version version) const
virtual std::vector< uint16_t > srtp_profiles() const
virtual bool support_cert_status_message() const
virtual bool acceptable_ciphersuite(const Ciphersuite &suite) const
virtual std::vector< std::string > allowed_macs() const
virtual bool hide_unknown_users() const
virtual std::optional< std::vector< Signature_Scheme > > acceptable_certificate_signature_schemes() const
virtual bool hash_hello_random() const
virtual bool allow_tls13() const
virtual std::vector< std::string > allowed_key_exchange_methods() const
virtual size_t dtls_initial_timeout() const
virtual size_t maximum_session_tickets_per_client_hello() const
virtual std::vector< Signature_Scheme > acceptable_signature_schemes() const
virtual bool use_ecc_point_compression() const
virtual bool allow_dtls12() const
virtual size_t minimum_dh_group_size() const
virtual bool allow_insecure_renegotiation() const
virtual std::optional< uint16_t > record_size_limit() const
virtual std::vector< std::string > allowed_ciphers() const
virtual std::chrono::seconds session_ticket_lifetime() const
virtual size_t minimum_signature_strength() const
virtual Group_Params default_dh_group() const
virtual size_t maximum_certificate_chain_size() const
virtual std::vector< std::string > allowed_signature_methods() const
virtual size_t minimum_ecdsa_group_size() const
virtual Group_Params choose_key_exchange_group(const std::vector< Group_Params > &supported_by_peer, const std::vector< Group_Params > &offered_by_peer) const
virtual bool allow_resumption_for_renegotiation() const
virtual std::vector< std::string > allowed_signature_hashes() const
virtual bool allow_server_initiated_renegotiation() const
virtual void print(std::ostream &o) const
std::vector< std::string > allowed_macs() const override
std::vector< std::string > allowed_ciphers() const override
std::vector< std::string > allowed_key_exchange_methods() const override
std::vector< std::string > allowed_signature_hashes() const override
size_t dtls_initial_timeout() const override
bool allow_dtls12() const override
bool server_uses_own_ciphersuite_preferences() const override
bool hash_hello_random() const override
std::chrono::seconds session_ticket_lifetime() const override
std::optional< uint16_t > record_size_limit() const override
bool allow_ssl_key_log_file() const override
bool include_time_in_hello_random() const override
bool allow_client_initiated_renegotiation() const override
std::string get_str(const std::string &key, const std::string &def="") const
bool support_cert_status_message() const override
std::vector< std::string > allowed_signature_methods() const override
std::vector< Group_Params > key_exchange_groups() const override
bool require_cert_revocation_info() const override
std::vector< std::string > allowed_key_exchange_methods() const override
size_t minimum_ecdsa_group_size() const override
bool set_value(const std::string &key, std::string_view val, bool overwrite)
bool allow_tls13() const override
size_t maximum_session_tickets_per_client_hello() const override
std::vector< Certificate_Type > accepted_server_certificate_types() const override
std::vector< Group_Params > key_exchange_groups_to_offer() const override
std::chrono::seconds get_duration(const std::string &key, std::chrono::seconds def) const
size_t new_session_tickets_upon_handshake_success() const override
std::vector< std::string > allowed_signature_hashes() const override
std::vector< uint16_t > srtp_profiles() const override
bool hide_unknown_users() const override
std::vector< std::string > allowed_ciphers() const override
Text_Policy(std::string_view s)
size_t minimum_ecdh_group_size() const override
void set(const std::string &key, const std::string &value)
bool allow_server_initiated_renegotiation() const override
bool get_bool(const std::string &key, bool def) const
size_t minimum_signature_strength() const override
std::vector< Certificate_Type > accepted_client_certificate_types() const override
bool negotiate_encrypt_then_mac() const override
bool require_client_certificate_authentication() const override
bool tls_13_middlebox_compatibility_mode() const override
size_t dtls_maximum_timeout() const override
bool reuse_session_tickets() const override
size_t get_len(const std::string &key, size_t def) const
bool allow_insecure_renegotiation() const override
bool allow_tls12() const override
bool use_ecc_point_compression() const override
std::vector< Certificate_Type > read_cert_type_list(const std::string &cert_type_str) const
size_t dtls_default_mtu() const override
std::vector< Group_Params > read_group_list(std::string_view group_str) const
size_t minimum_rsa_bits() const override
std::vector< std::string > allowed_macs() const override
size_t minimum_dh_group_size() const override
std::vector< std::string > get_list(const std::string &key, const std::vector< std::string > &def) const