OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #ifndef __ssl_h_ | 8 #ifndef __ssl_h_ |
9 #define __ssl_h_ | 9 #define __ssl_h_ |
10 | 10 |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
114 /* DEFLATE (off by default) */ | 114 /* DEFLATE (off by default) */ |
115 #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */ | 115 #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */ |
116 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling */ | 116 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling */ |
117 /* Cipher Suite Value (SCSV) or */ | 117 /* Cipher Suite Value (SCSV) or */ |
118 /* Renegotiation Info (RI) */ | 118 /* Renegotiation Info (RI) */ |
119 /* extension in ALL handshakes. */ | 119 /* extension in ALL handshakes. */ |
120 /* default: off */ | 120 /* default: off */ |
121 #define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ | 121 #define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ |
122 /* default, applies only to */ | 122 /* default, applies only to */ |
123 /* clients). False start is a */ | 123 /* clients). False start is a */ |
124 /* mode where an SSL client will start sending application data before */ | 124 /* mode where an SSL client will start sending application data before |
125 /* verifying the server's Finished message. This means that we could end up */ | 125 * verifying the server's Finished message. This means that we could end up |
126 /* sending data to an imposter. However, the data will be encrypted and */ | 126 * sending data to an imposter. However, the data will be encrypted and |
127 /* only the true server can derive the session key. Thus, so long as the */ | 127 * only the true server can derive the session key. Thus, so long as the |
128 /* cipher isn't broken this is safe. Because of this, False Start will only */ | 128 * cipher isn't broken this is safe. The advantage of false start is that |
129 /* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ | 129 * it saves a round trip for client-speaks-first protocols when performing a |
130 /* bits. The advantage of False Start is that it saves a round trip for */ | 130 * full handshake. |
131 /* client-speaks-first protocols when performing a full handshake. */ | 131 * |
132 * See SSL_DefaultCanFalseStart for the default criteria that NSS uses to | |
133 * determine whether to false start or not. See SSL_SetCanFalseStartCallback | |
134 * for how to change that criteria. In addition to those criteria, false start | |
135 * will only be done when the server selects a cipher suite with an effective | |
136 * key length of 80 bits or more (including RC4-128). Also, see | |
137 * SSL_HandshakeCallback for a description on how false start affects when the | |
138 * handshake callback gets called. | |
139 */ | |
132 | 140 |
133 /* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks | 141 /* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks |
134 * on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting | 142 * on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting |
135 * non-empty application_data records into two records; the first record has | 143 * non-empty application_data records into two records; the first record has |
136 * only the first byte of plaintext, and the second has the rest. | 144 * only the first byte of plaintext, and the second has the rest. |
137 * | 145 * |
138 * This only prevents the attack in the sending direction; the connection may | 146 * This only prevents the attack in the sending direction; the connection may |
139 * still be vulnerable to such attacks if the peer does not implement a similar | 147 * still be vulnerable to such attacks if the peer does not implement a similar |
140 * countermeasure. | 148 * countermeasure. |
141 * | 149 * |
(...skipping 595 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
737 #define SSL_ENV_VAR_NAME "SSL_INHERITANCE" | 745 #define SSL_ENV_VAR_NAME "SSL_INHERITANCE" |
738 | 746 |
739 /* called in child to inherit SID Cache variables. | 747 /* called in child to inherit SID Cache variables. |
740 * If envString is NULL, this function will use the value of the environment | 748 * If envString is NULL, this function will use the value of the environment |
741 * variable "SSL_INHERITANCE", otherwise the string value passed in will be | 749 * variable "SSL_INHERITANCE", otherwise the string value passed in will be |
742 * used. | 750 * used. |
743 */ | 751 */ |
744 SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char * envString); | 752 SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char * envString); |
745 | 753 |
746 /* | 754 /* |
747 ** Set the callback on a particular socket that gets called when we finish | 755 ** Set the callback that normally gets called when the TLS handshake |
748 ** performing a handshake. | 756 ** is complete. If false start is not enabled, then the handshake callback is |
757 ** called after verifying the peer's Finished message and before sending | |
758 ** outgoing application data and before processing incoming application data. | |
759 ** | |
760 ** If false start is enabled and there is a custom CanFalseStartCallback | |
761 ** callback set, then the handshake callback gets called after the peer's | |
762 ** Finished message has been verified, which may be after application data is | |
763 ** sent. | |
764 ** | |
765 ** If false start is enabled and there is not a custom CanFalseStartCallback | |
766 ** callback established with SSL_SetCanFalseStartCallback then the handshake | |
767 ** callback gets called before any application data is sent, which may be | |
768 ** before the peer's Finished message has been verified. | |
Ryan Sleevi
2013/09/14 02:13:31
This concerns me.
The old behaviour matches the "
| |
749 */ | 769 */ |
750 typedef void (PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd, | 770 typedef void (PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd, |
751 void *client_data); | 771 void *client_data); |
752 SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd, | 772 SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd, |
753 SSLHandshakeCallback cb, void *client_data); | 773 SSLHandshakeCallback cb, void *client_data); |
754 | 774 |
775 /* Applications that wish to customize TLS false start should set this callback | |
776 ** function. NSS will invoke the functon to determine if a particular | |
777 ** connection should use false start or not. SECSuccess indicates that the | |
778 ** callback completed successfully, and if so *canFalseStart indicates if false | |
779 ** start can be used. If the callback does not return SECSuccess then the | |
780 ** handshake will be canceled. | |
781 ** | |
782 ** Applications that do not set the callback will use an internal set of | |
783 ** criteria to determine if the connection should false start. If | |
784 ** the callback is set false start will never be used without invoking the | |
785 ** callback function, but some connections (e.g. resumed connections) will | |
786 ** never use false start and therefore will not invoke the callback. | |
787 ** | |
788 ** NSS's internal criteria for this connection can be evaluated by calling | |
789 ** SSL_DefaultCanFalseStart() from the custom callback. | |
790 ** | |
791 ** See the description of SSL_HandshakeCallback for important information on | |
792 ** how registering a custom false start callback affects when the handshake | |
793 ** callback gets called. | |
794 **/ | |
795 typedef SECStatus (PR_CALLBACK *SSLCanFalseStartCallback)( | |
796 PRFileDesc *fd, void *arg, PRBool *canFalseStart); | |
797 | |
798 SSL_IMPORT SECStatus SSL_SetCanFalseStartCallback( | |
799 PRFileDesc *fd, SSLCanFalseStartCallback callback, void *arg); | |
800 | |
801 /* A utility function that can be called from a custom CanFalseStartCallback | |
802 ** function to determine what NSS would have done for this connection if the | |
803 ** custom callback was not implemented. | |
804 **/ | |
805 SSL_IMPORT SECStatus SSL_DefaultCanFalseStart(PRFileDesc *fd, | |
806 PRBool *canFalseStart); | |
807 | |
755 /* | 808 /* |
756 ** For the server, request a new handshake. For the client, begin a new | 809 ** For the server, request a new handshake. For the client, begin a new |
757 ** handshake. If flushCache is non-zero, the SSL3 cache entry will be | 810 ** handshake. If flushCache is non-zero, the SSL3 cache entry will be |
758 ** flushed first, ensuring that a full SSL handshake will be done. | 811 ** flushed first, ensuring that a full SSL handshake will be done. |
759 ** If flushCache is zero, and an SSL connection is established, it will | 812 ** If flushCache is zero, and an SSL connection is established, it will |
760 ** do the much faster session restart handshake. This will change the | 813 ** do the much faster session restart handshake. This will change the |
761 ** session keys without doing another private key operation. | 814 ** session keys without doing another private key operation. |
762 */ | 815 */ |
763 SSL_IMPORT SECStatus SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache); | 816 SSL_IMPORT SECStatus SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache); |
764 | 817 |
(...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1101 * should continue using the connection. If the application passes a non-zero | 1154 * should continue using the connection. If the application passes a non-zero |
1102 * value for second argument (error), or if SSL_AuthCertificateComplete returns | 1155 * value for second argument (error), or if SSL_AuthCertificateComplete returns |
1103 * anything other than SECSuccess, then the application should close the | 1156 * anything other than SECSuccess, then the application should close the |
1104 * connection. | 1157 * connection. |
1105 */ | 1158 */ |
1106 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, | 1159 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, |
1107 PRErrorCode error); | 1160 PRErrorCode error); |
1108 SEC_END_PROTOS | 1161 SEC_END_PROTOS |
1109 | 1162 |
1110 #endif /* __ssl_h_ */ | 1163 #endif /* __ssl_h_ */ |
OLD | NEW |