9 #ifndef BOTAN_TLS_POLICY_H_ 10 #define BOTAN_TLS_POLICY_H_ 12 #include <botan/tls_version.h> 13 #include <botan/tls_algos.h> 14 #include <botan/tls_ciphersuite.h> 36 virtual std::vector<std::string> allowed_ciphers()
const;
42 virtual std::vector<std::string> allowed_signature_hashes()
const;
47 virtual std::vector<std::string> allowed_macs()
const;
54 virtual std::vector<std::string> allowed_key_exchange_methods()
const;
60 virtual std::vector<std::string> allowed_signature_methods()
const;
62 virtual std::vector<Signature_Scheme> allowed_signature_schemes()
const;
71 virtual size_t minimum_signature_strength()
const;
78 virtual bool require_cert_revocation_info()
const;
80 bool allowed_signature_method(
const std::string& sig_method)
const;
81 bool allowed_signature_hash(
const std::string&
hash)
const;
87 virtual std::vector<Group_Params> key_exchange_groups()
const;
92 virtual bool use_ecc_point_compression()
const;
98 virtual Group_Params choose_key_exchange_group(
const std::vector<Group_Params>& peer_groups)
const;
107 virtual bool allow_insecure_renegotiation()
const;
115 virtual bool include_time_in_hello_random()
const;
120 virtual bool allow_client_initiated_renegotiation()
const;
125 virtual bool allow_server_initiated_renegotiation()
const;
130 virtual bool allow_tls10()
const;
135 virtual bool allow_tls11()
const;
140 virtual bool allow_tls12()
const;
145 virtual bool allow_dtls10()
const;
150 virtual bool allow_dtls12()
const;
158 virtual size_t minimum_dh_group_size()
const;
165 virtual size_t minimum_ecdsa_group_size()
const;
175 virtual size_t minimum_ecdh_group_size()
const;
188 virtual size_t minimum_rsa_bits()
const;
193 virtual size_t minimum_dsa_group_size()
const;
202 virtual void check_peer_key_acceptable(
const Public_Key& public_key)
const;
212 virtual bool hide_unknown_users()
const;
219 virtual uint32_t session_ticket_lifetime()
const;
226 virtual std::vector<uint16_t> srtp_profiles()
const;
253 virtual bool acceptable_ciphersuite(
const Ciphersuite& suite)
const;
260 virtual bool server_uses_own_ciphersuite_preferences()
const;
266 virtual bool negotiate_encrypt_then_mac()
const;
271 virtual bool support_cert_status_message()
const;
277 bool have_srp)
const;
282 virtual size_t dtls_default_mtu()
const;
287 virtual size_t dtls_initial_timeout()
const;
292 virtual size_t dtls_maximum_timeout()
const;
298 virtual void print(std::ostream& o)
const;
306 virtual ~
Policy() =
default;
318 {
return std::vector<std::string>({
"AES-128/GCM"}); }
321 {
return std::vector<std::string>({
"SHA-256"}); }
324 {
return std::vector<std::string>({
"AEAD"}); }
327 {
return std::vector<std::string>({
"ECDH"}); }
330 {
return std::vector<std::string>({
"ECDSA"}); }
352 return std::vector<std::string>({
"AES-256/GCM",
"AES-128/GCM",
"AES-256",
"AES-128" });
357 return std::vector<std::string>({
"SHA-384",
"SHA-256"});
362 return std::vector<std::string>({
"AEAD",
"SHA-384",
"SHA-256"});
367 return std::vector<std::string>({
"ECDH",
"DH",
"PSK",
"ECDHE_PSK",
"DHE_PSK"});
372 return std::vector<std::string>({
"ECDSA",
"RSA",
"DSA"});
377 return std::vector<Group_Params>({
417 {
return std::vector<std::string>({
"AEAD"}); }
436 std::vector<std::string> allowed_ciphers()
const override;
438 std::vector<std::string> allowed_signature_hashes()
const override;
440 std::vector<std::string> allowed_macs()
const override;
442 std::vector<std::string> allowed_key_exchange_methods()
const override;
444 bool allow_tls10()
const override;
445 bool allow_tls11()
const override;
446 bool allow_tls12()
const override;
447 bool allow_dtls10()
const override;
448 bool allow_dtls12()
const override;
455 std::vector<std::string> allowed_ciphers()
const override;
457 std::vector<std::string> allowed_signature_hashes()
const override;
459 std::vector<std::string> allowed_macs()
const override;
461 std::vector<std::string> allowed_key_exchange_methods()
const override;
463 std::vector<std::string> allowed_signature_methods()
const override;
465 std::vector<Group_Params> key_exchange_groups()
const override;
467 bool use_ecc_point_compression()
const override;
469 bool allow_tls10()
const override;
471 bool allow_tls11()
const override;
473 bool allow_tls12()
const override;
475 bool allow_dtls10()
const override;
477 bool allow_dtls12()
const override;
479 bool allow_insecure_renegotiation()
const override;
481 bool include_time_in_hello_random()
const override;
483 bool allow_client_initiated_renegotiation()
const override;
484 bool allow_server_initiated_renegotiation()
const override;
486 bool server_uses_own_ciphersuite_preferences()
const override;
488 bool negotiate_encrypt_then_mac()
const override;
490 bool support_cert_status_message()
const override;
492 size_t minimum_ecdh_group_size()
const override;
494 size_t minimum_ecdsa_group_size()
const override;
496 size_t minimum_dh_group_size()
const override;
498 size_t minimum_rsa_bits()
const override;
500 size_t minimum_signature_strength()
const override;
502 size_t dtls_default_mtu()
const override;
504 size_t dtls_initial_timeout()
const override;
506 size_t dtls_maximum_timeout()
const override;
508 bool require_cert_revocation_info()
const override;
510 bool hide_unknown_users()
const override;
512 uint32_t session_ticket_lifetime()
const override;
516 std::vector<uint16_t> srtp_profiles()
const override;
518 void set(
const std::string& k,
const std::string& v);
526 std::vector<std::string> get_list(
const std::string& key,
527 const std::vector<std::string>& def)
const;
529 size_t get_len(
const std::string& key,
size_t def)
const;
531 bool get_bool(
const std::string& key,
bool def)
const;
533 std::string get_str(
const std::string& key,
const std::string& def =
"")
const;
535 bool set_value(
const std::string& key,
const std::string& val,
bool overwrite);
538 std::map<std::string, std::string> m_kv;
std::vector< Group_Params > key_exchange_groups() const override
bool allow_tls10() const override
bool allow_tls12() const override
bool allow_dtls10() const override
std::vector< std::string > allowed_signature_hashes() const override
#define BOTAN_PUBLIC_API(maj, min)
bool allow_tls11() const override
std::vector< std::string > allowed_macs() const override
bool allow_tls12() const override
size_t minimum_dsa_group_size() const override
size_t minimum_signature_strength() const override
bool allow_dtls10() const override
std::vector< std::string > allowed_macs() const override
std::vector< Group_Params > key_exchange_groups() const override
bool allow_tls11() const override
std::vector< std::string > allowed_signature_methods() const override
bool allow_tls10() const override
bool allow_dtls12() const override
bool allow_server_initiated_renegotiation() const override
size_t minimum_ecdh_group_size() const override
size_t minimum_dh_group_size() const override
bool allow_dtls10() const override
bool allow_tls10() const override
std::vector< std::string > allowed_macs() const override
std::vector< std::string > allowed_ciphers() const override
std::vector< std::string > allowed_key_exchange_methods() const override
std::string to_string(const secure_vector< uint8_t > &bytes)
size_t minimum_rsa_bits() const override
bool allow_tls12() const override
bool server_uses_own_ciphersuite_preferences() const override
std::vector< std::string > allowed_signature_hashes() const override
bool allow_dtls12() const override
bool allow_insecure_renegotiation() const override
std::vector< std::string > allowed_signature_methods() const override
bool allow_tls11() const override
bool negotiate_encrypt_then_mac() const override
std::vector< std::string > allowed_ciphers() const override
size_t minimum_ecdsa_group_size() const override
std::vector< std::string > allowed_key_exchange_methods() const override
bool allow_dtls12() const override