OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file contains prototypes for the public SSL functions. | 2 * This file contains prototypes for the public SSL functions. |
3 * | 3 * |
4 * This Source Code Form is subject to the terms of the Mozilla Public | 4 * This Source Code Form is subject to the terms of the Mozilla Public |
5 * License, v. 2.0. If a copy of the MPL was not distributed with this | 5 * License, v. 2.0. If a copy of the MPL was not distributed with this |
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
7 | 7 |
8 #ifndef __ssl_h_ | 8 #ifndef __ssl_h_ |
9 #define __ssl_h_ | 9 #define __ssl_h_ |
10 | 10 |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
114 /* DEFLATE (off by default) */ | 114 /* DEFLATE (off by default) */ |
115 #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */ | 115 #define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */ |
116 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling */ | 116 #define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling */ |
117 /* Cipher Suite Value (SCSV) or */ | 117 /* Cipher Suite Value (SCSV) or */ |
118 /* Renegotiation Info (RI) */ | 118 /* Renegotiation Info (RI) */ |
119 /* extension in ALL handshakes. */ | 119 /* extension in ALL handshakes. */ |
120 /* default: off */ | 120 /* default: off */ |
121 #define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ | 121 #define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ |
122 /* default, applies only to */ | 122 /* default, applies only to */ |
123 /* clients). False start is a */ | 123 /* clients). False start is a */ |
124 /* mode where an SSL client will start sending application data before */ | 124 /* mode where an SSL client will start sending application data before |
125 /* verifying the server's Finished message. This means that we could end up */ | 125 * verifying the server's Finished message. This means that we could end up |
126 /* sending data to an imposter. However, the data will be encrypted and */ | 126 * sending data to an imposter. However, the data will be encrypted and |
127 /* only the true server can derive the session key. Thus, so long as the */ | 127 * only the true server can derive the session key. Thus, so long as the |
128 /* cipher isn't broken this is safe. Because of this, False Start will only */ | 128 * cipher isn't broken this is safe. The advantage of false start is that |
129 /* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ | 129 * it saves a round trip for client-speaks-first protocols when performing a |
130 /* bits. The advantage of False Start is that it saves a round trip for */ | 130 * full handshake. |
131 /* client-speaks-first protocols when performing a full handshake. */ | 131 * |
132 * In addition to enabling this option, the application must register a | |
133 * callback using the SSL_SetCanFalseStartCallback function. | |
134 */ | |
132 | 135 |
133 /* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks | 136 /* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks |
134 * on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting | 137 * on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting |
135 * non-empty application_data records into two records; the first record has | 138 * non-empty application_data records into two records; the first record has |
136 * only the first byte of plaintext, and the second has the rest. | 139 * only the first byte of plaintext, and the second has the rest. |
137 * | 140 * |
138 * This only prevents the attack in the sending direction; the connection may | 141 * This only prevents the attack in the sending direction; the connection may |
139 * still be vulnerable to such attacks if the peer does not implement a similar | 142 * still be vulnerable to such attacks if the peer does not implement a similar |
140 * countermeasure. | 143 * countermeasure. |
141 * | 144 * |
(...skipping 592 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
734 #define SSL_ENV_VAR_NAME "SSL_INHERITANCE" | 737 #define SSL_ENV_VAR_NAME "SSL_INHERITANCE" |
735 | 738 |
736 /* called in child to inherit SID Cache variables. | 739 /* called in child to inherit SID Cache variables. |
737 * If envString is NULL, this function will use the value of the environment | 740 * If envString is NULL, this function will use the value of the environment |
738 * variable "SSL_INHERITANCE", otherwise the string value passed in will be | 741 * variable "SSL_INHERITANCE", otherwise the string value passed in will be |
739 * used. | 742 * used. |
740 */ | 743 */ |
741 SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char * envString); | 744 SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char * envString); |
742 | 745 |
743 /* | 746 /* |
744 ** Set the callback on a particular socket that gets called when we finish | 747 ** Set the callback that gets called when the TLS handshake is complete. The |
wtc
2013/10/17 00:10:53
Just wondering: did you delete "on a particular so
briansmith
2013/10/17 01:43:29
Yes
|
wtc
2013/10/17 00:10:53
Nit: perhaps "the TLS handshake" should be changed
briansmith
2013/10/17 01:42:40
Done.
|
745 ** performing a handshake. | 748 ** handshake callback is called after verifying the peer's Finished message and |
749 ** before processing incoming application data. If the connection false started | |
wtc
2013/10/17 00:10:53
Is this also true for the server side?
Also, this
briansmith
2013/10/17 01:42:40
I tried to make this clearer in the updated patch.
| |
750 ** (see SSL_ENABLE_FALSE_START), then application data may already have already | |
751 ** been sent before the handshake callback is called. If the connection has not | |
752 ** false started then the callback will get called before any application data | |
753 ** is sent. | |
746 */ | 754 */ |
747 typedef void (PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd, | 755 typedef void (PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd, |
748 void *client_data); | 756 void *client_data); |
749 SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd, | 757 SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd, |
750 SSLHandshakeCallback cb, void *client_data); | 758 SSLHandshakeCallback cb, void *client_data); |
751 | 759 |
760 /* Applications that wish to enable TLS false start must set this callback | |
761 ** function. NSS will invoke the functon to determine if a particular | |
762 ** connection should use false start or not. SECSuccess indicates that the | |
763 ** callback completed successfully, and if so *canFalseStart indicates if false | |
764 ** start can be used. If the callback does not return SECSuccess then the | |
765 ** handshake will be canceled. NSS's recommended criteria can be evaluated by | |
766 ** calling SSL_RecommendedCanFalseStart from the custom callback; it is | |
767 ** recommended that applications consider the recommended criteria as a | |
768 ** minimum requirement. | |
wtc
2013/10/17 00:10:53
1. As I noted before, unless we document exactly w
briansmith
2013/10/17 01:42:40
I think we should definitely improve this, includi
wtc
2013/10/17 15:28:14
Agreed.
| |
769 ** | |
770 ** If no false start callback is registered then false start will never be | |
771 ** done. | |
wtc
2013/10/17 00:10:53
The SSL_ENABLE_FALSE_START option should be mentio
briansmith
2013/10/17 01:42:40
Done.
| |
772 **/ | |
773 typedef SECStatus (PR_CALLBACK *SSLCanFalseStartCallback)( | |
774 PRFileDesc *fd, void *arg, PRBool *canFalseStart); | |
775 | |
776 SSL_IMPORT SECStatus SSL_SetCanFalseStartCallback( | |
777 PRFileDesc *fd, SSLCanFalseStartCallback callback, void *arg); | |
778 | |
779 /* This function sets *canFalseStart according to the NSS team's recommended | |
wtc
2013/10/17 00:10:53
Nit: remove "NSS team's". Perhaps you can rename t
briansmith
2013/10/17 01:42:40
Done.
| |
780 ** criteria for false start. This criteria may change from release to release | |
wtc
2013/10/17 00:10:53
Nit: "criteria" is plural. The singular form is "c
briansmith
2013/10/17 01:42:40
Done.
| |
781 ** and may depend on which handshake features have been negotiated and/or | |
782 ** properties of the certifciates/keys used on the connection. | |
783 */ | |
784 SSL_IMPORT SECStatus SSL_RecommendedCanFalseStart(PRFileDesc *fd, | |
785 PRBool *canFalseStart); | |
786 | |
752 /* | 787 /* |
753 ** For the server, request a new handshake. For the client, begin a new | 788 ** For the server, request a new handshake. For the client, begin a new |
754 ** handshake. If flushCache is non-zero, the SSL3 cache entry will be | 789 ** handshake. If flushCache is non-zero, the SSL3 cache entry will be |
755 ** flushed first, ensuring that a full SSL handshake will be done. | 790 ** flushed first, ensuring that a full SSL handshake will be done. |
756 ** If flushCache is zero, and an SSL connection is established, it will | 791 ** If flushCache is zero, and an SSL connection is established, it will |
757 ** do the much faster session restart handshake. This will change the | 792 ** do the much faster session restart handshake. This will change the |
758 ** session keys without doing another private key operation. | 793 ** session keys without doing another private key operation. |
759 */ | 794 */ |
760 SSL_IMPORT SECStatus SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache); | 795 SSL_IMPORT SECStatus SSL_ReHandshake(PRFileDesc *fd, PRBool flushCache); |
761 | 796 |
(...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1098 * should continue using the connection. If the application passes a non-zero | 1133 * should continue using the connection. If the application passes a non-zero |
1099 * value for second argument (error), or if SSL_AuthCertificateComplete returns | 1134 * value for second argument (error), or if SSL_AuthCertificateComplete returns |
1100 * anything other than SECSuccess, then the application should close the | 1135 * anything other than SECSuccess, then the application should close the |
1101 * connection. | 1136 * connection. |
1102 */ | 1137 */ |
1103 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, | 1138 SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd, |
1104 PRErrorCode error); | 1139 PRErrorCode error); |
1105 SEC_END_PROTOS | 1140 SEC_END_PROTOS |
1106 | 1141 |
1107 #endif /* __ssl_h_ */ | 1142 #endif /* __ssl_h_ */ |
OLD | NEW |