Index: third_party/tlslite/tlslite/handshakesettings.py |
diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py |
index 7a38ee212d40dadaf215581a96472df676a2f9bb..35c8b0e2d52eac5287cfacefaa9ebe7cc6122abe 100644 |
--- a/third_party/tlslite/tlslite/handshakesettings.py |
+++ b/third_party/tlslite/tlslite/handshakesettings.py |
@@ -14,6 +14,7 @@ from .utils import cipherfactory |
# issues such as timing attacks |
CIPHER_NAMES = ["rc4", "aes256", "aes128", "3des"] |
MAC_NAMES = ["sha"] # "md5" is allowed |
+KEY_EXCHANGE_NAMES = ["rsa", "dhe_rsa", "srp_sha", "srp_sha_rsa", "dh_anon"] |
CIPHER_IMPLEMENTATIONS = ["openssl", "pycrypto", "python"] |
CERTIFICATE_TYPES = ["x509"] |
@@ -100,6 +101,7 @@ class HandshakeSettings(object): |
def __init__(self): |
self.minKeySize = 1023 |
self.maxKeySize = 8193 |
+ self.keyExchangeNames = KEY_EXCHANGE_NAMES |
wtc
2014/04/01 22:00:01
Nit: list the self.keyExchangeNames assignment aft
davidben
2014/04/01 23:25:18
Done.
|
self.cipherNames = CIPHER_NAMES |
self.macNames = MAC_NAMES |
self.cipherImplementations = CIPHER_IMPLEMENTATIONS |
@@ -114,6 +116,7 @@ class HandshakeSettings(object): |
other = HandshakeSettings() |
other.minKeySize = self.minKeySize |
other.maxKeySize = self.maxKeySize |
+ other.keyExchangeNames = self.keyExchangeNames |
other.cipherNames = self.cipherNames |
other.macNames = self.macNames |
other.cipherImplementations = self.cipherImplementations |
@@ -145,6 +148,9 @@ class HandshakeSettings(object): |
raise ValueError("maxKeySize too small") |
if other.maxKeySize>16384: |
raise ValueError("maxKeySize too large") |
+ for s in other.keyExchangeNames: |
+ if s not in KEY_EXCHANGE_NAMES: |
+ raise ValueError("Unknown key exchange name: '%s'" % s) |
for s in other.cipherNames: |
if s not in CIPHER_NAMES: |
raise ValueError("Unknown cipher name: '%s'" % s) |