| OLD | NEW |
|---|
| 1 # Authors: | 1 # Authors: |
| 2 # Trevor Perrin | 2 # Trevor Perrin |
| 3 # Dave Baggett (Arcode Corporation) - cleanup handling of constants | 3 # Dave Baggett (Arcode Corporation) - cleanup handling of constants |
| 4 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 | 4 # Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2 |
| 5 # | 5 # |
| 6 # See the LICENSE file for legal information regarding use of this file. | 6 # See the LICENSE file for legal information regarding use of this file. |
| 7 | 7 |
| 8 """Class for setting handshake parameters.""" | 8 """Class for setting handshake parameters.""" |
| 9 | 9 |
| 10 from .constants import CertificateType | 10 from .constants import CertificateType |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 105 The allowed values are "alert" (return a fatal handshake_failure alert), | 105 The allowed values are "alert" (return a fatal handshake_failure alert), |
| 106 "close" (abruptly close the connection), and "reset" (send a TCP reset). | 106 "close" (abruptly close the connection), and "reset" (send a TCP reset). |
| 107 | 107 |
| 108 @type useExperimentalTackExtension: bool | 108 @type useExperimentalTackExtension: bool |
| 109 @ivar useExperimentalTackExtension: Whether to enabled TACK support. | 109 @ivar useExperimentalTackExtension: Whether to enabled TACK support. |
| 110 | 110 |
| 111 @type alertAfterHandshake: bool | 111 @type alertAfterHandshake: bool |
| 112 @ivar alertAfterHandshake: If true, the server will send a fatal | 112 @ivar alertAfterHandshake: If true, the server will send a fatal |
| 113 alert immediately after the handshake completes. | 113 alert immediately after the handshake completes. |
| 114 | 114 |
| 115 @type enableChannelID: bool |
| 116 @ivar enableChannelID: If true, the server supports channel ID. |
| 117 |
| 115 @type enableExtendedMasterSecret: bool | 118 @type enableExtendedMasterSecret: bool |
| 116 @ivar enableExtendedMasterSecret: If true, the server supports the extended | 119 @ivar enableExtendedMasterSecret: If true, the server supports the extended |
| 117 master secret TLS extension and will negotiated it with supporting clients. | 120 master secret TLS extension and will negotiated it with supporting clients. |
| 118 | 121 |
| 119 @type supportedTokenBindingParams: list | 122 @type supportedTokenBindingParams: list |
| 120 @ivar supportedTokenBindingParams: A list of token binding parameters that | 123 @ivar supportedTokenBindingParams: A list of token binding parameters that |
| 121 the server supports when negotiating token binding. List values are integers | 124 the server supports when negotiating token binding. List values are integers |
| 122 corresponding to the TokenBindingKeyParameters enum in the Token Binding | 125 corresponding to the TokenBindingKeyParameters enum in the Token Binding |
| 123 Negotiation spec (draft-ietf-tokbind-negotiation-00). Values are in server's | 126 Negotiation spec (draft-ietf-tokbind-negotiation-00). Values are in server's |
| 124 preference order, with most preferred params first. | 127 preference order, with most preferred params first. |
| 125 | 128 |
| 126 Note that TACK support is not standardized by IETF and uses a temporary | 129 Note that TACK support is not standardized by IETF and uses a temporary |
| 127 TLS Extension number, so should NOT be used in production software. | 130 TLS Extension number, so should NOT be used in production software. |
| 128 """ | 131 """ |
| 129 def __init__(self): | 132 def __init__(self): |
| 130 self.minKeySize = 1023 | 133 self.minKeySize = 1023 |
| 131 self.maxKeySize = 8193 | 134 self.maxKeySize = 8193 |
| 132 self.cipherNames = CIPHER_NAMES | 135 self.cipherNames = CIPHER_NAMES |
| 133 self.macNames = MAC_NAMES | 136 self.macNames = MAC_NAMES |
| 134 self.keyExchangeNames = KEY_EXCHANGE_NAMES | 137 self.keyExchangeNames = KEY_EXCHANGE_NAMES |
| 135 self.cipherImplementations = CIPHER_IMPLEMENTATIONS | 138 self.cipherImplementations = CIPHER_IMPLEMENTATIONS |
| 136 self.certificateTypes = CERTIFICATE_TYPES | 139 self.certificateTypes = CERTIFICATE_TYPES |
| 137 self.minVersion = (3,1) | 140 self.minVersion = (3,1) |
| 138 self.maxVersion = (3,3) | 141 self.maxVersion = (3,3) |
| 139 self.tlsIntolerant = None | 142 self.tlsIntolerant = None |
| 140 self.tlsIntoleranceType = 'alert' | 143 self.tlsIntoleranceType = 'alert' |
| 141 self.useExperimentalTackExtension = False | 144 self.useExperimentalTackExtension = False |
| 142 self.alertAfterHandshake = False | 145 self.alertAfterHandshake = False |
| 146 self.enableChannelID = True |
| 143 self.enableExtendedMasterSecret = True | 147 self.enableExtendedMasterSecret = True |
| 144 self.supportedTokenBindingParams = [] | 148 self.supportedTokenBindingParams = [] |
| 145 | 149 |
| 146 # Validates the min/max fields, and certificateTypes | 150 # Validates the min/max fields, and certificateTypes |
| 147 # Filters out unsupported cipherNames and cipherImplementations | 151 # Filters out unsupported cipherNames and cipherImplementations |
| 148 def _filter(self): | 152 def _filter(self): |
| 149 other = HandshakeSettings() | 153 other = HandshakeSettings() |
| 150 other.minKeySize = self.minKeySize | 154 other.minKeySize = self.minKeySize |
| 151 other.maxKeySize = self.maxKeySize | 155 other.maxKeySize = self.maxKeySize |
| 152 other.cipherNames = self.cipherNames | 156 other.cipherNames = self.cipherNames |
| 153 other.macNames = self.macNames | 157 other.macNames = self.macNames |
| 154 other.keyExchangeNames = self.keyExchangeNames | 158 other.keyExchangeNames = self.keyExchangeNames |
| 155 other.cipherImplementations = self.cipherImplementations | 159 other.cipherImplementations = self.cipherImplementations |
| 156 other.certificateTypes = self.certificateTypes | 160 other.certificateTypes = self.certificateTypes |
| 157 other.minVersion = self.minVersion | 161 other.minVersion = self.minVersion |
| 158 other.maxVersion = self.maxVersion | 162 other.maxVersion = self.maxVersion |
| 159 other.tlsIntolerant = self.tlsIntolerant | 163 other.tlsIntolerant = self.tlsIntolerant |
| 160 other.tlsIntoleranceType = self.tlsIntoleranceType | 164 other.tlsIntoleranceType = self.tlsIntoleranceType |
| 161 other.alertAfterHandshake = self.alertAfterHandshake | 165 other.alertAfterHandshake = self.alertAfterHandshake |
| 166 other.enableChannelID = self.enableChannelID |
| 162 other.enableExtendedMasterSecret = self.enableExtendedMasterSecret | 167 other.enableExtendedMasterSecret = self.enableExtendedMasterSecret |
| 163 other.supportedTokenBindingParams = self.supportedTokenBindingParams | 168 other.supportedTokenBindingParams = self.supportedTokenBindingParams |
| 164 | 169 |
| 165 if not cipherfactory.tripleDESPresent: | 170 if not cipherfactory.tripleDESPresent: |
| 166 other.cipherNames = [e for e in self.cipherNames if e != "3des"] | 171 other.cipherNames = [e for e in self.cipherNames if e != "3des"] |
| 167 if len(other.cipherNames)==0: | 172 if len(other.cipherNames)==0: |
| 168 raise ValueError("No supported ciphers") | 173 raise ValueError("No supported ciphers") |
| 169 if len(other.certificateTypes)==0: | 174 if len(other.certificateTypes)==0: |
| 170 raise ValueError("No supported certificate types") | 175 raise ValueError("No supported certificate types") |
| 171 | 176 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 218 return other | 223 return other |
| 219 | 224 |
| 220 def _getCertificateTypes(self): | 225 def _getCertificateTypes(self): |
| 221 l = [] | 226 l = [] |
| 222 for ct in self.certificateTypes: | 227 for ct in self.certificateTypes: |
| 223 if ct == "x509": | 228 if ct == "x509": |
| 224 l.append(CertificateType.x509) | 229 l.append(CertificateType.x509) |
| 225 else: | 230 else: |
| 226 raise AssertionError() | 231 raise AssertionError() |
| 227 return l | 232 return l |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1339193002:
Add flag to tlslite's HandshakeSettings to disable channel ID on the test server (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master