OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Dave Baggett (Arcode Corporation) - cleanup handling of constants | 3 # Dave Baggett (Arcode Corporation) - cleanup handling of constants |
4 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 4 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
5 # | 5 # |
6 # See the LICENSE file for legal information regarding use of this file. | 6 # See the LICENSE file for legal information regarding use of this file. |
7 | 7 |
8 """Class for setting handshake parameters.""" | 8 """Class for setting handshake parameters.""" |
9 | 9 |
10 from .constants import CertificateType | 10 from .constants import CertificateType |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
104 | 104 |
105 The allowed values are "alert" (return a fatal handshake_failure alert), | 105 The allowed values are "alert" (return a fatal handshake_failure alert), |
106 "close" (abruptly close the connection), and "reset" (send a TCP reset). | 106 "close" (abruptly close the connection), and "reset" (send a TCP reset). |
107 | 107 |
108 @type useExperimentalTackExtension: bool | 108 @type useExperimentalTackExtension: bool |
109 @ivar useExperimentalTackExtension: Whether to enabled TACK support. | 109 @ivar useExperimentalTackExtension: Whether to enabled TACK support. |
110 | 110 |
111 @type alertAfterHandshake: bool | 111 @type alertAfterHandshake: bool |
112 @ivar alertAfterHandshake: If true, the server will send a fatal | 112 @ivar alertAfterHandshake: If true, the server will send a fatal |
113 alert immediately after the handshake completes. | 113 alert immediately after the handshake completes. |
114 | |
115 @type enableExtendedMasterSecret: bool | |
116 @ivar enableExtendedMasterSecret: If true, the server supports the extended | |
117 master secret TLS extension and will negotiated it with supporting clients. | |
118 | 114 |
119 Note that TACK support is not standardized by IETF and uses a temporary | 115 Note that TACK support is not standardized by IETF and uses a temporary |
120 TLS Extension number, so should NOT be used in production software. | 116 TLS Extension number, so should NOT be used in production software. |
121 """ | 117 """ |
122 def __init__(self): | 118 def __init__(self): |
123 self.minKeySize = 1023 | 119 self.minKeySize = 1023 |
124 self.maxKeySize = 8193 | 120 self.maxKeySize = 8193 |
125 self.cipherNames = CIPHER_NAMES | 121 self.cipherNames = CIPHER_NAMES |
126 self.macNames = MAC_NAMES | 122 self.macNames = MAC_NAMES |
127 self.keyExchangeNames = KEY_EXCHANGE_NAMES | 123 self.keyExchangeNames = KEY_EXCHANGE_NAMES |
128 self.cipherImplementations = CIPHER_IMPLEMENTATIONS | 124 self.cipherImplementations = CIPHER_IMPLEMENTATIONS |
129 self.certificateTypes = CERTIFICATE_TYPES | 125 self.certificateTypes = CERTIFICATE_TYPES |
130 self.minVersion = (3,1) | 126 self.minVersion = (3,1) |
131 self.maxVersion = (3,3) | 127 self.maxVersion = (3,3) |
132 self.tlsIntolerant = None | 128 self.tlsIntolerant = None |
133 self.tlsIntoleranceType = 'alert' | 129 self.tlsIntoleranceType = 'alert' |
134 self.useExperimentalTackExtension = False | 130 self.useExperimentalTackExtension = False |
135 self.alertAfterHandshake = False | 131 self.alertAfterHandshake = False |
136 self.enableExtendedMasterSecret = True | |
137 | 132 |
138 # Validates the min/max fields, and certificateTypes | 133 # Validates the min/max fields, and certificateTypes |
139 # Filters out unsupported cipherNames and cipherImplementations | 134 # Filters out unsupported cipherNames and cipherImplementations |
140 def _filter(self): | 135 def _filter(self): |
141 other = HandshakeSettings() | 136 other = HandshakeSettings() |
142 other.minKeySize = self.minKeySize | 137 other.minKeySize = self.minKeySize |
143 other.maxKeySize = self.maxKeySize | 138 other.maxKeySize = self.maxKeySize |
144 other.cipherNames = self.cipherNames | 139 other.cipherNames = self.cipherNames |
145 other.macNames = self.macNames | 140 other.macNames = self.macNames |
146 other.keyExchangeNames = self.keyExchangeNames | 141 other.keyExchangeNames = self.keyExchangeNames |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
208 return other | 203 return other |
209 | 204 |
210 def _getCertificateTypes(self): | 205 def _getCertificateTypes(self): |
211 l = [] | 206 l = [] |
212 for ct in self.certificateTypes: | 207 for ct in self.certificateTypes: |
213 if ct == "x509": | 208 if ct == "x509": |
214 l.append(CertificateType.x509) | 209 l.append(CertificateType.x509) |
215 else: | 210 else: |
216 raise AssertionError() | 211 raise AssertionError() |
217 return l | 212 return l |
OLD | NEW |