OLD | NEW |
1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py | 1 diff --git a/third_party/tlslite/tlslite/constants.py b/third_party/tlslite/tlsl
ite/constants.py |
2 index 6d78a20..f9c8676 100644 | 2 index 6d78a20..f9c8676 100644 |
3 --- a/third_party/tlslite/tlslite/constants.py | 3 --- a/third_party/tlslite/tlslite/constants.py |
4 +++ b/third_party/tlslite/tlslite/constants.py | 4 +++ b/third_party/tlslite/tlslite/constants.py |
5 @@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366 | 5 @@ -55,6 +55,7 @@ class ExtensionType: # RFC 6066 / 4366 |
6 srp = 12 # RFC 5054 | 6 srp = 12 # RFC 5054 |
7 cert_type = 9 # RFC 6091 | 7 cert_type = 9 # RFC 6091 |
8 signed_cert_timestamps = 18 # RFC 6962 | 8 signed_cert_timestamps = 18 # RFC 6962 |
9 + extended_master_secret = 23 # draft-ietf-tls-session-hash-06 | 9 + extended_master_secret = 23 # draft-ietf-tls-session-hash-06 |
10 tack = 0xF300 | 10 tack = 0xF300 |
11 supports_npn = 13172 | 11 supports_npn = 13172 |
12 channel_id = 30032 | 12 channel_id = 30032 |
13 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlsl
ite/tlslite/handshakesettings.py | 13 diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlsl
ite/tlslite/handshakesettings.py |
14 index 605ed42..7679823 100644 | 14 index 605ed42..a7b6ab9 100644 |
15 --- a/third_party/tlslite/tlslite/handshakesettings.py | 15 --- a/third_party/tlslite/tlslite/handshakesettings.py |
16 +++ b/third_party/tlslite/tlslite/handshakesettings.py | 16 +++ b/third_party/tlslite/tlslite/handshakesettings.py |
17 @@ -111,6 +111,10 @@ class HandshakeSettings(object): | 17 @@ -111,6 +111,10 @@ class HandshakeSettings(object): |
18 @type alertAfterHandshake: bool | 18 @type alertAfterHandshake: bool |
19 @ivar alertAfterHandshake: If true, the server will send a fatal | 19 @ivar alertAfterHandshake: If true, the server will send a fatal |
20 alert immediately after the handshake completes. | 20 alert immediately after the handshake completes. |
21 + | 21 + |
22 + @type enableExtendedMasterSecret: bool | 22 + @type enableExtendedMasterSecret: bool |
23 + @ivar enableExtendedMasterSecret: If true, the server supports the extended | 23 + @ivar enableExtendedMasterSecret: If true, the server supports the extended |
24 + master secret TLS extension and will negotiated it with supporting clients. | 24 + master secret TLS extension and will negotiated it with supporting clients. |
25 | 25 |
26 Note that TACK support is not standardized by IETF and uses a temporary | 26 Note that TACK support is not standardized by IETF and uses a temporary |
27 TLS Extension number, so should NOT be used in production software. | 27 TLS Extension number, so should NOT be used in production software. |
28 @@ -129,6 +133,7 @@ class HandshakeSettings(object): | 28 @@ -129,6 +133,7 @@ class HandshakeSettings(object): |
29 self.tlsIntoleranceType = 'alert' | 29 self.tlsIntoleranceType = 'alert' |
30 self.useExperimentalTackExtension = False | 30 self.useExperimentalTackExtension = False |
31 self.alertAfterHandshake = False | 31 self.alertAfterHandshake = False |
32 + self.enableExtendedMasterSecret = True | 32 + self.enableExtendedMasterSecret = True |
33 | 33 |
34 # Validates the min/max fields, and certificateTypes | 34 # Validates the min/max fields, and certificateTypes |
35 # Filters out unsupported cipherNames and cipherImplementations | 35 # Filters out unsupported cipherNames and cipherImplementations |
| 36 @@ -146,6 +151,7 @@ class HandshakeSettings(object): |
| 37 other.tlsIntolerant = self.tlsIntolerant |
| 38 other.tlsIntoleranceType = self.tlsIntoleranceType |
| 39 other.alertAfterHandshake = self.alertAfterHandshake |
| 40 + other.enableExtendedMasterSecret = self.enableExtendedMasterSecret |
| 41 |
| 42 if not cipherfactory.tripleDESPresent: |
| 43 other.cipherNames = [e for e in self.cipherNames if e != "3des"] |
36 diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslit
e/mathtls.py | 44 diff --git a/third_party/tlslite/tlslite/mathtls.py b/third_party/tlslite/tlslit
e/mathtls.py |
37 index 60a331a..0a23fe1 100644 | 45 index 60a331a..0a23fe1 100644 |
38 --- a/third_party/tlslite/tlslite/mathtls.py | 46 --- a/third_party/tlslite/tlslite/mathtls.py |
39 +++ b/third_party/tlslite/tlslite/mathtls.py | 47 +++ b/third_party/tlslite/tlslite/mathtls.py |
40 @@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length): | 48 @@ -67,16 +67,20 @@ def PRF_SSL(secret, seed, length): |
41 index += 1 | 49 index += 1 |
42 return bytes | 50 return bytes |
43 | 51 |
44 -def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom): | 52 -def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom): |
45 +def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom, | 53 +def calcMasterSecret(version, premasterSecret, clientRandom, serverRandom, |
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
213 @@ -1256,3 +1260,9 @@ class TLSRecordLayer(object): | 221 @@ -1256,3 +1260,9 @@ class TLSRecordLayer(object): |
214 | 222 |
215 return md5Bytes + shaBytes | 223 return md5Bytes + shaBytes |
216 | 224 |
217 + def _getHandshakeHash(self): | 225 + def _getHandshakeHash(self): |
218 + if self.version in ((3,1), (3,2)): | 226 + if self.version in ((3,1), (3,2)): |
219 + return self._handshake_md5.digest() + \ | 227 + return self._handshake_md5.digest() + \ |
220 + self._handshake_sha.digest() | 228 + self._handshake_sha.digest() |
221 + elif self.version == (3,3): | 229 + elif self.version == (3,3): |
222 + return self._handshake_sha256.digest() | 230 + return self._handshake_sha256.digest() |
OLD | NEW |