OLD | NEW |
| 1 # Authors: |
| 2 # Trevor Perrin |
| 3 # Google - defining ClientCertificateType |
| 4 # Google (adapted by Sam Rushing) - NPN support |
| 5 # Dimitris Moraitis - Anon ciphersuites |
| 6 # Dave Baggett (Arcode Corporation) - canonicalCipherName |
| 7 # |
| 8 # See the LICENSE file for legal information regarding use of this file. |
| 9 |
1 """Constants used in various places.""" | 10 """Constants used in various places.""" |
2 | 11 |
3 class CertificateType: | 12 class CertificateType: |
4 x509 = 0 | 13 x509 = 0 |
5 openpgp = 1 | 14 openpgp = 1 |
6 cryptoID = 2 | |
7 | 15 |
8 class ClientCertificateType: | 16 class ClientCertificateType: |
9 rsa_sign = 1 | 17 rsa_sign = 1 |
10 dss_sign = 2 | 18 dss_sign = 2 |
11 rsa_fixed_dh = 3 | 19 rsa_fixed_dh = 3 |
12 dss_fixed_dh = 4 | 20 dss_fixed_dh = 4 |
13 | 21 |
14 class HandshakeType: | 22 class HandshakeType: |
15 hello_request = 0 | 23 hello_request = 0 |
16 client_hello = 1 | 24 client_hello = 1 |
17 server_hello = 2 | 25 server_hello = 2 |
18 certificate = 11 | 26 certificate = 11 |
19 server_key_exchange = 12 | 27 server_key_exchange = 12 |
20 certificate_request = 13 | 28 certificate_request = 13 |
21 server_hello_done = 14 | 29 server_hello_done = 14 |
22 certificate_verify = 15 | 30 certificate_verify = 15 |
23 client_key_exchange = 16 | 31 client_key_exchange = 16 |
24 finished = 20 | 32 finished = 20 |
25 certificate_status = 22 | 33 certificate_status = 22 |
| 34 next_protocol = 67 |
26 encrypted_extensions = 203 | 35 encrypted_extensions = 203 |
27 | 36 |
28 class ContentType: | 37 class ContentType: |
29 change_cipher_spec = 20 | 38 change_cipher_spec = 20 |
30 alert = 21 | 39 alert = 21 |
31 handshake = 22 | 40 handshake = 22 |
32 application_data = 23 | 41 application_data = 23 |
33 all = (20,21,22,23) | 42 all = (20,21,22,23) |
34 | 43 |
35 class CertificateStatusType: | 44 class CertificateStatusType: |
36 ocsp = 1 | 45 ocsp = 1 |
37 | 46 |
38 class ExtensionType: | 47 class ExtensionType: # RFC 6066 / 4366 |
39 status_request = 5 # OCSP stapling | 48 server_name = 0 # RFC 6066 / 4366 |
40 signed_cert_timestamps = 18 # signed_certificate_timestamp in RFC 6962 | 49 status_request = 5 # RFC 6066 / 4366 |
| 50 srp = 12 # RFC 5054 |
| 51 cert_type = 9 # RFC 6091 |
| 52 signed_cert_timestamps = 18 # RFC 6962 |
| 53 tack = 0xF300 |
| 54 supports_npn = 13172 |
41 channel_id = 30031 | 55 channel_id = 30031 |
| 56 |
| 57 class NameType: |
| 58 host_name = 0 |
42 | 59 |
43 class AlertLevel: | 60 class AlertLevel: |
44 warning = 1 | 61 warning = 1 |
45 fatal = 2 | 62 fatal = 2 |
46 | 63 |
47 class AlertDescription: | 64 class AlertDescription: |
48 """ | 65 """ |
49 @cvar bad_record_mac: A TLS record failed to decrypt properly. | 66 @cvar bad_record_mac: A TLS record failed to decrypt properly. |
50 | 67 |
51 If this occurs during a shared-key or SRP handshake it most likely | 68 If this occurs during a SRP handshake it most likely |
52 indicates a bad password. It may also indicate an implementation | 69 indicates a bad password. It may also indicate an implementation |
53 error, or some tampering with the data in transit. | 70 error, or some tampering with the data in transit. |
54 | 71 |
55 This alert will be signalled by the server if the SRP password is bad. It | 72 This alert will be signalled by the server if the SRP password is bad. It |
56 may also be signalled by the server if the SRP username is unknown to the | 73 may also be signalled by the server if the SRP username is unknown to the |
57 server, but it doesn't wish to reveal that fact. | 74 server, but it doesn't wish to reveal that fact. |
58 | 75 |
59 This alert will be signalled by the client if the shared-key username is | |
60 bad. | |
61 | 76 |
62 @cvar handshake_failure: A problem occurred while handshaking. | 77 @cvar handshake_failure: A problem occurred while handshaking. |
63 | 78 |
64 This typically indicates a lack of common ciphersuites between client and | 79 This typically indicates a lack of common ciphersuites between client and |
65 server, or some other disagreement (about SRP parameters or key sizes, | 80 server, or some other disagreement (about SRP parameters or key sizes, |
66 for example). | 81 for example). |
67 | 82 |
68 @cvar protocol_version: The other party's SSL/TLS version was unacceptable. | 83 @cvar protocol_version: The other party's SSL/TLS version was unacceptable. |
69 | 84 |
70 This indicates that the client and server couldn't agree on which version | 85 This indicates that the client and server couldn't agree on which version |
(...skipping 21 matching lines...) Expand all Loading... |
92 access_denied = 49 | 107 access_denied = 49 |
93 decode_error = 50 | 108 decode_error = 50 |
94 decrypt_error = 51 | 109 decrypt_error = 51 |
95 export_restriction = 60 | 110 export_restriction = 60 |
96 protocol_version = 70 | 111 protocol_version = 70 |
97 insufficient_security = 71 | 112 insufficient_security = 71 |
98 internal_error = 80 | 113 internal_error = 80 |
99 inappropriate_fallback = 86 | 114 inappropriate_fallback = 86 |
100 user_canceled = 90 | 115 user_canceled = 90 |
101 no_renegotiation = 100 | 116 no_renegotiation = 100 |
102 unknown_srp_username = 120 | 117 unknown_psk_identity = 115 |
103 missing_srp_username = 121 | 118 |
104 untrusted_srp_parameters = 122 | |
105 | 119 |
106 class CipherSuite: | 120 class CipherSuite: |
107 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0x0050 | 121 # Weird pseudo-ciphersuite from RFC 5746 |
108 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0x0053 | 122 # Signals that "secure renegotiation" is supported |
109 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0x0056 | 123 # We actually don't do any renegotiation, but this |
| 124 # prevents renegotiation attacks |
| 125 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF |
110 | 126 |
111 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0x0051 | 127 # draft-bmoeller-tls-downgrade-scsv-01 |
112 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0x0054 | 128 TLS_FALLBACK_SCSV = 0x5600 |
113 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0x0057 | 129 |
| 130 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A |
| 131 TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D |
| 132 TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 |
| 133 |
| 134 TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B |
| 135 TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E |
| 136 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 |
| 137 |
114 | 138 |
115 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A | 139 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A |
116 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F | 140 TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F |
117 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 | 141 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 |
118 TLS_RSA_WITH_RC4_128_SHA = 0x0005 | 142 TLS_RSA_WITH_RC4_128_SHA = 0x0005 |
| 143 |
| 144 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 |
119 | 145 |
120 srpSuites = [] | 146 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 |
121 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 147 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A |
122 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | |
123 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | |
124 def getSrpSuites(ciphers): | |
125 suites = [] | |
126 for cipher in ciphers: | |
127 if cipher == "aes128": | |
128 suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | |
129 elif cipher == "aes256": | |
130 suites.append(CipherSuite.TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | |
131 elif cipher == "3des": | |
132 suites.append(CipherSuite.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | |
133 return suites | |
134 getSrpSuites = staticmethod(getSrpSuites) | |
135 | |
136 srpRsaSuites = [] | |
137 srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) | |
138 srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) | |
139 srpRsaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) | |
140 def getSrpRsaSuites(ciphers): | |
141 suites = [] | |
142 for cipher in ciphers: | |
143 if cipher == "aes128": | |
144 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) | |
145 elif cipher == "aes256": | |
146 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) | |
147 elif cipher == "3des": | |
148 suites.append(CipherSuite.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) | |
149 return suites | |
150 getSrpRsaSuites = staticmethod(getSrpRsaSuites) | |
151 | |
152 rsaSuites = [] | |
153 rsaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | |
154 rsaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | |
155 rsaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | |
156 rsaSuites.append(TLS_RSA_WITH_RC4_128_SHA) | |
157 def getRsaSuites(ciphers): | |
158 suites = [] | |
159 for cipher in ciphers: | |
160 if cipher == "aes128": | |
161 suites.append(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA) | |
162 elif cipher == "aes256": | |
163 suites.append(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA) | |
164 elif cipher == "rc4": | |
165 suites.append(CipherSuite.TLS_RSA_WITH_RC4_128_SHA) | |
166 elif cipher == "3des": | |
167 suites.append(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA) | |
168 return suites | |
169 getRsaSuites = staticmethod(getRsaSuites) | |
170 | 148 |
171 tripleDESSuites = [] | 149 tripleDESSuites = [] |
172 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) | 150 tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
173 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) | 151 tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
174 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) | 152 tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
175 | 153 |
176 aes128Suites = [] | 154 aes128Suites = [] |
177 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) | 155 aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
178 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) | 156 aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
179 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) | 157 aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
| 158 aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
180 | 159 |
181 aes256Suites = [] | 160 aes256Suites = [] |
182 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) | 161 aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
183 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) | 162 aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
184 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) | 163 aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
| 164 aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
185 | 165 |
186 rc4Suites = [] | 166 rc4Suites = [] |
187 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) | 167 rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA) |
| 168 rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5) |
| 169 |
| 170 shaSuites = [] |
| 171 shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
| 172 shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
| 173 shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
| 174 shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
| 175 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
| 176 shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
| 177 shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
| 178 shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
| 179 shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
| 180 shaSuites.append(TLS_RSA_WITH_RC4_128_SHA) |
| 181 shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
| 182 shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
| 183 |
| 184 md5Suites = [] |
| 185 md5Suites.append(TLS_RSA_WITH_RC4_128_MD5) |
| 186 |
| 187 @staticmethod |
| 188 def _filterSuites(suites, settings): |
| 189 macNames = settings.macNames |
| 190 cipherNames = settings.cipherNames |
| 191 macSuites = [] |
| 192 if "sha" in macNames: |
| 193 macSuites += CipherSuite.shaSuites |
| 194 if "md5" in macNames: |
| 195 macSuites += CipherSuite.md5Suites |
| 196 |
| 197 cipherSuites = [] |
| 198 if "aes128" in cipherNames: |
| 199 cipherSuites += CipherSuite.aes128Suites |
| 200 if "aes256" in cipherNames: |
| 201 cipherSuites += CipherSuite.aes256Suites |
| 202 if "3des" in cipherNames: |
| 203 cipherSuites += CipherSuite.tripleDESSuites |
| 204 if "rc4" in cipherNames: |
| 205 cipherSuites += CipherSuite.rc4Suites |
| 206 |
| 207 return [s for s in suites if s in macSuites and s in cipherSuites] |
| 208 |
| 209 srpSuites = [] |
| 210 srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) |
| 211 srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA) |
| 212 srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA) |
| 213 |
| 214 @staticmethod |
| 215 def getSrpSuites(settings): |
| 216 return CipherSuite._filterSuites(CipherSuite.srpSuites, settings) |
| 217 |
| 218 srpCertSuites = [] |
| 219 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA) |
| 220 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA) |
| 221 srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA) |
| 222 |
| 223 @staticmethod |
| 224 def getSrpCertSuites(settings): |
| 225 return CipherSuite._filterSuites(CipherSuite.srpCertSuites, settings) |
| 226 |
| 227 srpAllSuites = srpCertSuites + srpSuites |
| 228 |
| 229 @staticmethod |
| 230 def getSrpAllSuites(settings): |
| 231 return CipherSuite._filterSuites(CipherSuite.srpAllSuites, settings) |
| 232 |
| 233 certSuites = [] |
| 234 certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA) |
| 235 certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA) |
| 236 certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA) |
| 237 certSuites.append(TLS_RSA_WITH_RC4_128_SHA) |
| 238 certSuites.append(TLS_RSA_WITH_RC4_128_MD5) |
| 239 certAllSuites = srpCertSuites + certSuites |
| 240 |
| 241 @staticmethod |
| 242 def getCertSuites(settings): |
| 243 return CipherSuite._filterSuites(CipherSuite.certSuites, settings) |
| 244 |
| 245 anonSuites = [] |
| 246 anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA) |
| 247 anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA) |
| 248 |
| 249 @staticmethod |
| 250 def getAnonSuites(settings): |
| 251 return CipherSuite._filterSuites(CipherSuite.anonSuites, settings) |
| 252 |
| 253 @staticmethod |
| 254 def canonicalCipherName(ciphersuite): |
| 255 "Return the canonical name of the cipher whose number is provided." |
| 256 if ciphersuite in CipherSuite.aes128Suites: |
| 257 return "aes128" |
| 258 elif ciphersuite in CipherSuite.aes256Suites: |
| 259 return "aes256" |
| 260 elif ciphersuite in CipherSuite.rc4Suites: |
| 261 return "rc4" |
| 262 elif ciphersuite in CipherSuite.tripleDESSuites: |
| 263 return "3des" |
| 264 else: |
| 265 return None |
| 266 |
| 267 @staticmethod |
| 268 def canonicalMacName(ciphersuite): |
| 269 "Return the canonical name of the MAC whose number is provided." |
| 270 if ciphersuite in CipherSuite.shaSuites: |
| 271 return "sha" |
| 272 elif ciphersuite in CipherSuite.md5Suites: |
| 273 return "md5" |
| 274 else: |
| 275 return None |
188 | 276 |
189 | 277 |
| 278 # The following faults are induced as part of testing. The faultAlerts |
| 279 # dictionary describes the allowed alerts that may be triggered by these |
| 280 # faults. |
190 class Fault: | 281 class Fault: |
191 badUsername = 101 | 282 badUsername = 101 |
192 badPassword = 102 | 283 badPassword = 102 |
193 badA = 103 | 284 badA = 103 |
194 clientSrpFaults = range(101,104) | 285 clientSrpFaults = list(range(101,104)) |
195 | 286 |
196 badVerifyMessage = 601 | 287 badVerifyMessage = 601 |
197 clientCertFaults = range(601,602) | 288 clientCertFaults = list(range(601,602)) |
198 | 289 |
199 badPremasterPadding = 501 | 290 badPremasterPadding = 501 |
200 shortPremasterSecret = 502 | 291 shortPremasterSecret = 502 |
201 clientNoAuthFaults = range(501,503) | 292 clientNoAuthFaults = list(range(501,503)) |
202 | |
203 badIdentifier = 401 | |
204 badSharedKey = 402 | |
205 clientSharedKeyFaults = range(401,403) | |
206 | 293 |
207 badB = 201 | 294 badB = 201 |
208 serverFaults = range(201,202) | 295 serverFaults = list(range(201,202)) |
209 | 296 |
210 badFinished = 300 | 297 badFinished = 300 |
211 badMAC = 301 | 298 badMAC = 301 |
212 badPadding = 302 | 299 badPadding = 302 |
213 genericFaults = range(300,303) | 300 genericFaults = list(range(300,303)) |
214 | 301 |
215 faultAlerts = {\ | 302 faultAlerts = {\ |
216 badUsername: (AlertDescription.unknown_srp_username, \ | 303 badUsername: (AlertDescription.unknown_psk_identity, \ |
217 AlertDescription.bad_record_mac),\ | 304 AlertDescription.bad_record_mac),\ |
218 badPassword: (AlertDescription.bad_record_mac,),\ | 305 badPassword: (AlertDescription.bad_record_mac,),\ |
219 badA: (AlertDescription.illegal_parameter,),\ | 306 badA: (AlertDescription.illegal_parameter,),\ |
220 badIdentifier: (AlertDescription.handshake_failure,),\ | |
221 badSharedKey: (AlertDescription.bad_record_mac,),\ | |
222 badPremasterPadding: (AlertDescription.bad_record_mac,),\ | 307 badPremasterPadding: (AlertDescription.bad_record_mac,),\ |
223 shortPremasterSecret: (AlertDescription.bad_record_mac,),\ | 308 shortPremasterSecret: (AlertDescription.bad_record_mac,),\ |
224 badVerifyMessage: (AlertDescription.decrypt_error,),\ | 309 badVerifyMessage: (AlertDescription.decrypt_error,),\ |
225 badFinished: (AlertDescription.decrypt_error,),\ | 310 badFinished: (AlertDescription.decrypt_error,),\ |
226 badMAC: (AlertDescription.bad_record_mac,),\ | 311 badMAC: (AlertDescription.bad_record_mac,),\ |
227 badPadding: (AlertDescription.bad_record_mac,) | 312 badPadding: (AlertDescription.bad_record_mac,) |
228 } | 313 } |
229 | 314 |
230 faultNames = {\ | 315 faultNames = {\ |
231 badUsername: "bad username",\ | 316 badUsername: "bad username",\ |
232 badPassword: "bad password",\ | 317 badPassword: "bad password",\ |
233 badA: "bad A",\ | 318 badA: "bad A",\ |
234 badIdentifier: "bad identifier",\ | |
235 badSharedKey: "bad sharedkey",\ | |
236 badPremasterPadding: "bad premaster padding",\ | 319 badPremasterPadding: "bad premaster padding",\ |
237 shortPremasterSecret: "short premaster secret",\ | 320 shortPremasterSecret: "short premaster secret",\ |
238 badVerifyMessage: "bad verify message",\ | 321 badVerifyMessage: "bad verify message",\ |
239 badFinished: "bad finished message",\ | 322 badFinished: "bad finished message",\ |
240 badMAC: "bad MAC",\ | 323 badMAC: "bad MAC",\ |
241 badPadding: "bad padding" | 324 badPadding: "bad padding" |
242 } | 325 } |
OLD | NEW |