Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(179)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/tlslite/tlslite/handshakesettings.py

Issue 342793003: Add tests for TLS fallback on connection reset and close. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: wtc comments Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/tlslite/patches/intolerance_options.patch ('k') | third_party/tlslite/tlslite/tlsconnection.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/tlslite/tlslite/handshakesettings.py
diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
index e0bc0e661c5712a3d28e49ef8539510b1f91f27e..0d4ccf29becf11270a6835d5409b9d5b28e32e8b 100644
--- a/third_party/tlslite/tlslite/handshakesettings.py
+++ b/third_party/tlslite/tlslite/handshakesettings.py
@@ -18,6 +18,7 @@ ALL_MAC_NAMES = ["sha", "md5"]
KEY_EXCHANGE_NAMES = ["rsa", "dhe_rsa", "srp_sha", "srp_sha_rsa", "dh_anon"]
CIPHER_IMPLEMENTATIONS = ["openssl", "pycrypto", "python"]
CERTIFICATE_TYPES = ["x509"]
+TLS_INTOLERANCE_TYPES = ["alert", "close", "reset"]
class HandshakeSettings(object):
"""This class encapsulates various parameters that can be used with
@@ -92,6 +93,21 @@ class HandshakeSettings(object):
The default is (3,2). (WARNING: Some servers may (improperly)
reject clients which offer support for TLS 1.1. In this case,
try lowering maxVersion to (3,1)).
+
+ @type tlsIntolerant: tuple
+ @ivar tlsIntolerant: The TLS ClientHello version which the server
+ simulates intolerance of.
+
+ If tlsIntolerant is not None, the server will simulate TLS version
+ intolerance by aborting the handshake in response to all TLS versions
+ tlsIntolerant or higher.
+
+ @type tlsIntoleranceType: str
+ @ivar tlsIntoleranceType: How the server should react when simulating TLS
+ intolerance.
+
+ The allowed values are "alert" (return a fatal handshake_failure alert),
+ "close" (abruptly close the connection), and "reset" (send a TCP reset).
@type useExperimentalTackExtension: bool
@ivar useExperimentalTackExtension: Whether to enabled TACK support.
@@ -109,6 +125,8 @@ class HandshakeSettings(object):
self.certificateTypes = CERTIFICATE_TYPES
self.minVersion = (3,0)
self.maxVersion = (3,2)
+ self.tlsIntolerant = None
+ self.tlsIntoleranceType = 'alert'
self.useExperimentalTackExtension = False
# Validates the min/max fields, and certificateTypes
@@ -124,6 +142,8 @@ class HandshakeSettings(object):
other.certificateTypes = self.certificateTypes
other.minVersion = self.minVersion
other.maxVersion = self.maxVersion
+ other.tlsIntolerant = self.tlsIntolerant
+ other.tlsIntoleranceType = self.tlsIntoleranceType
if not cipherfactory.tripleDESPresent:
other.cipherNames = [e for e in self.cipherNames if e != "3des"]
@@ -165,6 +185,10 @@ class HandshakeSettings(object):
if s not in CERTIFICATE_TYPES:
raise ValueError("Unknown certificate type: '%s'" % s)
+ if other.tlsIntoleranceType not in TLS_INTOLERANCE_TYPES:
+ raise ValueError(
+ "Unknown TLS intolerance type: '%s'" % other.tlsIntoleranceType)
+
if other.minVersion > other.maxVersion:
raise ValueError("Versions set incorrectly")
« no previous file with comments | « third_party/tlslite/patches/intolerance_options.patch ('k') | third_party/tlslite/tlslite/tlsconnection.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698