OLD | NEW |
1 # Authors: | 1 # Authors: |
2 # Trevor Perrin | 2 # Trevor Perrin |
3 # Dave Baggett (Arcode Corporation) - cleanup handling of constants | 3 # Dave Baggett (Arcode Corporation) - cleanup handling of constants |
4 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 4 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
5 # | 5 # |
6 # See the LICENSE file for legal information regarding use of this file. | 6 # See the LICENSE file for legal information regarding use of this file. |
7 | 7 |
8 """Class for setting handshake parameters.""" | 8 """Class for setting handshake parameters.""" |
9 | 9 |
10 from .constants import CertificateType | 10 from .constants import CertificateType |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
104 | 104 |
105 The allowed values are "alert" (return a fatal handshake_failure alert), | 105 The allowed values are "alert" (return a fatal handshake_failure alert), |
106 "close" (abruptly close the connection), and "reset" (send a TCP reset). | 106 "close" (abruptly close the connection), and "reset" (send a TCP reset). |
107 | 107 |
108 @type useExperimentalTackExtension: bool | 108 @type useExperimentalTackExtension: bool |
109 @ivar useExperimentalTackExtension: Whether to enabled TACK support. | 109 @ivar useExperimentalTackExtension: Whether to enabled TACK support. |
110 | 110 |
111 @type alertAfterHandshake: bool | 111 @type alertAfterHandshake: bool |
112 @ivar alertAfterHandshake: If true, the server will send a fatal | 112 @ivar alertAfterHandshake: If true, the server will send a fatal |
113 alert immediately after the handshake completes. | 113 alert immediately after the handshake completes. |
| 114 |
| 115 @type enableExtendedMasterSecret: bool |
| 116 @ivar enableExtendedMasterSecret: If true, the server supports the extended |
| 117 master secret TLS extension and will negotiated it with supporting clients. |
114 | 118 |
115 Note that TACK support is not standardized by IETF and uses a temporary | 119 Note that TACK support is not standardized by IETF and uses a temporary |
116 TLS Extension number, so should NOT be used in production software. | 120 TLS Extension number, so should NOT be used in production software. |
117 """ | 121 """ |
118 def __init__(self): | 122 def __init__(self): |
119 self.minKeySize = 1023 | 123 self.minKeySize = 1023 |
120 self.maxKeySize = 8193 | 124 self.maxKeySize = 8193 |
121 self.cipherNames = CIPHER_NAMES | 125 self.cipherNames = CIPHER_NAMES |
122 self.macNames = MAC_NAMES | 126 self.macNames = MAC_NAMES |
123 self.keyExchangeNames = KEY_EXCHANGE_NAMES | 127 self.keyExchangeNames = KEY_EXCHANGE_NAMES |
124 self.cipherImplementations = CIPHER_IMPLEMENTATIONS | 128 self.cipherImplementations = CIPHER_IMPLEMENTATIONS |
125 self.certificateTypes = CERTIFICATE_TYPES | 129 self.certificateTypes = CERTIFICATE_TYPES |
126 self.minVersion = (3,1) | 130 self.minVersion = (3,1) |
127 self.maxVersion = (3,3) | 131 self.maxVersion = (3,3) |
128 self.tlsIntolerant = None | 132 self.tlsIntolerant = None |
129 self.tlsIntoleranceType = 'alert' | 133 self.tlsIntoleranceType = 'alert' |
130 self.useExperimentalTackExtension = False | 134 self.useExperimentalTackExtension = False |
131 self.alertAfterHandshake = False | 135 self.alertAfterHandshake = False |
| 136 self.enableExtendedMasterSecret = True |
132 | 137 |
133 # Validates the min/max fields, and certificateTypes | 138 # Validates the min/max fields, and certificateTypes |
134 # Filters out unsupported cipherNames and cipherImplementations | 139 # Filters out unsupported cipherNames and cipherImplementations |
135 def _filter(self): | 140 def _filter(self): |
136 other = HandshakeSettings() | 141 other = HandshakeSettings() |
137 other.minKeySize = self.minKeySize | 142 other.minKeySize = self.minKeySize |
138 other.maxKeySize = self.maxKeySize | 143 other.maxKeySize = self.maxKeySize |
139 other.cipherNames = self.cipherNames | 144 other.cipherNames = self.cipherNames |
140 other.macNames = self.macNames | 145 other.macNames = self.macNames |
141 other.keyExchangeNames = self.keyExchangeNames | 146 other.keyExchangeNames = self.keyExchangeNames |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
203 return other | 208 return other |
204 | 209 |
205 def _getCertificateTypes(self): | 210 def _getCertificateTypes(self): |
206 l = [] | 211 l = [] |
207 for ct in self.certificateTypes: | 212 for ct in self.certificateTypes: |
208 if ct == "x509": | 213 if ct == "x509": |
209 l.append(CertificateType.x509) | 214 l.append(CertificateType.x509) |
210 else: | 215 else: |
211 raise AssertionError() | 216 raise AssertionError() |
212 return l | 217 return l |
OLD | NEW |