Index: third_party/tlslite/tlslite/handshakesettings.py |
diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py |
index 7a38ee212d40dadaf215581a96472df676a2f9bb..cf9cbc3f3d1cf600873597e7f1ba7c8dbfcd5578 100644 |
--- a/third_party/tlslite/tlslite/handshakesettings.py |
+++ b/third_party/tlslite/tlslite/handshakesettings.py |
@@ -14,6 +14,7 @@ from .utils import cipherfactory |
# issues such as timing attacks |
wtc
2014/04/02 19:11:29
Nit: You can make this change in a separate CL to
davidben
2014/04/03 18:45:48
Heh. Yeah, let's do that separately or so. Though
|
CIPHER_NAMES = ["rc4", "aes256", "aes128", "3des"] |
MAC_NAMES = ["sha"] # "md5" is allowed |
+KEY_EXCHANGE_NAMES = ["rsa", "dhe_rsa", "srp_sha", "srp_sha_rsa", "dh_anon"] |
CIPHER_IMPLEMENTATIONS = ["openssl", "pycrypto", "python"] |
CERTIFICATE_TYPES = ["x509"] |
@@ -102,6 +103,7 @@ class HandshakeSettings(object): |
self.maxKeySize = 8193 |
self.cipherNames = CIPHER_NAMES |
self.macNames = MAC_NAMES |
+ self.keyExchangeNames = KEY_EXCHANGE_NAMES |
self.cipherImplementations = CIPHER_IMPLEMENTATIONS |
self.certificateTypes = CERTIFICATE_TYPES |
self.minVersion = (3,0) |
@@ -116,6 +118,7 @@ class HandshakeSettings(object): |
other.maxKeySize = self.maxKeySize |
other.cipherNames = self.cipherNames |
other.macNames = self.macNames |
+ other.keyExchangeNames = self.keyExchangeNames |
other.cipherImplementations = self.cipherImplementations |
other.certificateTypes = self.certificateTypes |
other.minVersion = self.minVersion |
@@ -148,6 +151,9 @@ class HandshakeSettings(object): |
for s in other.cipherNames: |
if s not in CIPHER_NAMES: |
raise ValueError("Unknown cipher name: '%s'" % s) |
wtc
2014/04/02 19:11:29
Do you know why the original code doesn't check ot
davidben
2014/04/03 18:45:48
Apparently it's because FOOBAR_NAMES doubles as bo
|
+ for s in other.keyExchangeNames: |
+ if s not in KEY_EXCHANGE_NAMES: |
+ raise ValueError("Unknown key exchange name: '%s'" % s) |
for s in other.cipherImplementations: |
if s not in CIPHER_IMPLEMENTATIONS: |
raise ValueError("Unknown cipher implementation: '%s'" % s) |